Can Hillstone Networks Position Its StoneOS to Take Firewalls Beyond the Next Generation?
Hillstone Networks was founded in 2006 by veterans from NetScreen. The company boasts over 340 core patents, 280,000 hardware devices shipped, and over 26,000 customers to mention just a few of its business accomplishments. The company continues to grow and now claims a workforce of more than 2,000 associates globally. Hillstone’s next-generation firewall (NGFW) product line focuses on four differentiating capabilities it claims are fundamental:
- Proprietary, high-performance hardware architecture
- Proprietary OS – StoneOS
- A broad and diverse ecosystem
- Continuous and generous investment in threat research (over 30% of its operating budget is spent in R&D)
Those four fundamental security capabilities allow Hillstone to deliver solutions in:
- Infrastructure expansion (A-Series NGFW and X-Series DCFWs and CloudEdge)
- Zero trust network access (ZTNA)
- Threat detection and incident response (TDIR)
Its A-Series product line offers 19 models to choose from and is built on the company’s strengths:
- High performance
- Advanced threat prevention
- Scalability
- Intuitive automation
Its smaller SMB/branch office units are stout and can support up to 1Gbps throughput in its A200 units and 5Gbps firewall throughput on its A1100 model. For large enterprises or service providers, rackmount units like the A7600 series hardware appliance deliver upwards of 280Gbps firewall throughput. The X-Series product line can support from 590Gbps to 3.5Tbps firewall throughput in its X25812 chassis (15U) and is fully redundant (chassis and data center level), highly available, and touts carrier-grade reliability (99.999% uptime).
Hillstone’s CloudEdge product is a virtual NGFW that can be used to protect public cloud environments and enable network functions virtualization (NFV). CloudEdge is equipped with key capabilities such as:
- Compatible with major cloud providers (AWS, Azure, Alibaba, VMware, etc.)
- High performance and high availability
- NFV orchestration through REST API
- Provides security layers 2-7
- Automatic deployment and initial configuration
Its StoneOS delivers many standard capabilities as part of its NGFW products, in a robust, highly stable solution, e.g. support for Hillstone Virtual Redundancy Protocol (HSVRP) and border gateway protection (BGP) graceful restart. These capabilities are delivered logically as follows:
- Pre-breach
- Intrusion prevention – blocks exploits
- IP reputation – restricts access to risky IP’s
- URL filtering – user-based web filtering
- Antivirus and anti-spam
- Breach
- Antivirus – protects from known malware
- Cloud sandbox – protects from unknown malware
- Post-breach
- Botnet command and control (C&C) prevention
With Hillstone’s latest StoneOS release, the company now offers several differentiating features in addition to its application protection suite which delivers application delivery controllers (ADCs) and web application firewalls (WAFs).
- AI-powered threat detection and protection
- ML-based abnormal encrypted traffic detection without decryption
- ML-based DDoS protection (flood protection and ML-driven baseline)
- ML-based domain generation algorithm (DGA) detection
- Robust VPN capabilities for IPsec tunnels
- Load balancing
- Auto-failover
- Custom tunnel ports
- Centralized zero trust (ZT) management
- Multiple ZTNA client OS support
- Single packet authentication (SPA)
- High availability for ZTNA gateway
With its plethora of hardware models and a wide scope of security solutions, Hillstone looks to build on its success in 2023 and beyond by listening to client feedback and focusing on several areas of interest, such as ZTNA and complementary security capabilities, pushing the envelope where other next-generation firewalls fear to tread.
In closing, Hillstone Networks has very ambitious plans for 2023, including increasing its support for the number of 10GE interfaces in its A-Series and mid-range models. It also plans to add more expansion slots for its mid-range to high-end platforms as well as support for Service I/O (Input/Output) Module (SIOM), which can provide up to 50% I/O cost savings in addition to built-in security Application-Specific Integrated Circuit (ASIC). These features help Hillstone establish a truly parallel processing platform without resource exhaustion and contention. Software enhancements are planned to optimize centralized ZTNA management for smooth onboarding, comprehensive endpoint visibility, and identity-aware, least privilege secure access control. Hillstone has a large APAC market share today and looks to build on that success by expanding and refining its product line.