Menu

Trusted Firewall from the Airbus Group

THE EUROPEAN SECURITY

Device / Stormshield Tower

Stormshield, the cybersecurity subsidiary of the Airbus Group, develops trusted and certified network security solutions for both corporate and governmental customers. Stormshield firewalls, with the vendor’s all-European background and ownership are uniquely certified on the UTM market, and independent of governmental partnerships and backdoors threatening the reputation of many vendors. Stormshield Network Security is the only UTM firewall solution that meets the European Union’s qualifications for classified data.

Stormshield Certificates

More about Stormshield Certificates

Stormshield firewalls have been serving for decades in nuclear submarines, tanks and fighters, and in multiple EU-member states, security services and armed forces. Airbus’ uncompromised security is accessible to everyone.


European, backdoor-free network security

Reliability of security is based on trust. The loss of this trust is typically irrepairable, the simple patching of the found backdoors does not restore the trustworthiness, as many manufacturers (Cisco, Juniper #1, Juniper #2, Fortinet, Sonicwall, Huawei and others) have experienced recently. Airbus’s solutions are uniquely reliable and certified firewalls, considered trustworthy and backdoor-free by the European Union’s highest authorities.


Firewall, designed for a decade

Stormshield UTM firewalls boast a high 9-13 years of life expectancy (MTBF), safeguarding your investment and providing network security for over a decade. Our largest firewalls provide modular, error-tolerant architecture, dual power supplies, and even redundant, self-healing SSD drives. Stormshield even produces industrial firewalls with a special enclosure, capable of withstanding different temperature and vibration conditions.

Stormshield devices are made of high quality, industrial-strength components that guarantee reliable operation for all our customers. Additionally every Stormshield firewall comes with a lifetime hardware exchange service, so we not only plan, but also deliver reliable security solutions.

Device / Stormshield V50 - Dashboard Medium

Try out a demo firewall! Choose your preferred language under the Options button. For login and password use: demo



Outstanding performance

Stormshield firewalls are based on the patented Application IPS packet filtering technology. This provides line-speed security filtering using a real-time kernel module, the core of the firewall. This means that Stormshield firewalls offer reliable performance regardless the complexity of inspection, and maximum security is enabled by default. Unlike its competitors, the IPS, DPI, application control, vulnerability manager and other kernel-level security features will not slow down the system’s performance, and it does not affect the performance of the device.


Virtual and cloud firewalls

All Stormshield Network Security technology and security features are available in either hardware, virtual and cloud format.

IconSet / CloudVirtual firewalls
For VMware, Xen and Hyper-V hypervisors
Virtual Appliances
Logo / AWS SmileAmazon AWS
Available in the AWS
Marketplace at
Security / Stormshield
Logo / Microsoft AzureMicrosoft Azure
Available in the Azure Marketplace at
Security / Security + protection

 

IconSet / Stormshield / Resource-center / Common module SMC deployment history

Firewall technology in details

Note: Click on the linked heading text to expand or collapse accordion panels.

The kernel-based Intrusion Prevention System (IPS) is the core of Stormshield Network Security firewall. Application IPS is a patented, high-performance, real-time parallel packet filtering technology. This unique approach gives Stormshield customers a reliable network performance, which does not slow down with increasing complexity of filtering and will always remain at the same performance level in the future.

The protocol analysis plugins are an integral part of the Application IPS technology. These plugins automatically detect every traffic based on the connetions real content and attach the right protocol inspector. Stormshield firewalls also perform intelligent TCP desynchronization, so all connections are received by the firewall for the time and volume required for content-based filtering, ensuring that all traffic through the firewall is filtered and secure. More than 60 protocol inspectors are constantly updated and expanded. More than 80 percent of network attacks are stopped proactively with signatures, only based on enforcing safe network protocols.

Stormshield’s unique Vulnerability Manager technology fingerprints all traffic passing through the firewall and identifies important network endpoint details: operating systems, applications, browsers, server software and all their known vulnerabilities. The vulnerability report helps minimizes the attack surface and makes exploits a lot more difficult to succeed.

The Stormshield email security technology can block spam and phishing, and also separately identifies newsletters and low priority, commercial emails and advertisements. No need to unsubscribe or block all the newsletters anymore, you can simply flag them in a separate folder to be read once a day or week, separately from important business emails in your inbox.

The premium virus protection of Stormshield firewalls is provided by Kaspersky Lab. As one of the best virus protection in the world, Kasperksy is in the top list of most technical comparisons, demonstrating their well-earned malware research reputation in detecting and dissecting advanced malware like Stuxnet, Duqu and similar cyber weapons.

Stormshield’s extended URL filtering system provides a cloud-based, up-to-date database and real-time categorization of more than 100 million websites. With 65 categories, web access can be fine-tuned to remove unwanted content such as weapon making, pornography, illegal download sites or anonymizer proxies.

By decrypting encrypted connections, all traffic is security-inspected by the Stormshield firewall. Filter the websites and applications you visit through HTTPS, remove security threats on SMTPS connections and malware in POP3S downloads; The universal SSL decoding feature of the firewall ensures that any SSL/TLS-based protocol can be decoded so all the security layers can analyze the decrypted protocol and enforce the security policy.

Further limit the network’s attack surface by filtering unwanted countries and IP ranges with bad reputation. This functionality can remove traffic from countries and continents where the network has no business to do with, and lock out bad IP address ranges that are for example known for spreading malware, spam or operating as a botnet or TOR endpoints.

Using Stormshield’s proprietary sandboxing technology, suspicious attachments and files, including PDF, office formats and executables, can be uploaded for Stormshield’s cloud for high-performance sandbox analysis. Using powerful emulation and analysis techniques, the vast computing performance of the cloud is available for every Stormshield firewall.

Stormshield Network Security is uniquely capable of analyzing, isolating, and even granularly controlling SCADA protocols (for example: modbus, S7, OPC UA, Ethernet/IP). The firewall is capable of protecting industrial networks, critical infrastructure and preventing unwanted commands, industrial attacks, sabotage and terrorism.

Stormshield creates secure VPN network around the globe to be used by the most critical customers and critical infrastructure operators. While hardware-accelerated high-performance IPSec VPN, unlimited SSL VPN and legacy PPTP VPN are also available, Stormshield provides maximum security and confidentiality with a unique EAL 4+, NATO and European Union certified end-to-end VPN solution, from gateway to client software. An important design aspect is that VPN traffic is equally inspected by the IPS, DPI and all other protection modules. This way, attacks from VPN traffic will also be blocked, a functionality that many UTM manufacturers fail to offer.

By using user database integration, the granular firewall rules and policies can be created by users and groups . Besides Active Directory, Stormshield works with any LDAP-capable directory. For small businesses, if no corporate directory is available, Stormshield offers a built-in LDAP server. User authentication capabilities include transparent SSO, web access portals, Radius server and certificate support. Using an external Radius server Stormshield can work with strong authentication solutions, such as OTP, SMS, biometric identifiers or smart cards.

Stormshield hardware firewalls are licensed without any artificial limitations. Choose a Stormshield firewall that best suits your needs for the particular application, performance or network size, without requiring a more expensive model for certain functionality.

Stormshield firewalls can also be deployed in High Availability (HA) clusters, so two firewalls work in parallel with their memories constantly synchronized. In case of network or device failure, the second firewall takes over all the inspection of the failed firewall in less than a second. With this stateful clustering approach, all connections, phone calls, VPNs, and encrypted communications are retained, so the switch-over to users is completely unnoticed.

 

IconSet / Stormshield / Resource-center / Common module / SMC firewalls monitoring

Compare firewall models

All Stormshield Network Security technology and security features are available in either hardware (SNx100), virtual (VSxx) and cloud format (Vx0). You can reach the datasheets and other details of Stormshield Appliances at here.