Trusted Firewall from the Airbus Group

THE EUROPEAN SECURITY. Stormshield, the cybersecurity subsidiary of the Airbus Group, develops trusted and certified network security solutions for both corporate and governmental customers. Stormshield firewalls, with the vendor's all-European background and ownership are uniquely certified on the UTM market, and independent of governmental partnerships and backdoors treathening the reputation of many vendors. Stormshield Network Security is the only UTM firewall solution that meets the European Union's qualifications for classified data.
Stormshield firewalls have been serving for decades in nuclear submarines, tanks and fighters, and in multiple EU-member states, security services and armed forces. Airbus' uncompromised security is accessible to everyone.

European, backdoor-free network security

Reliability of security is based on trust. The loss of this trust is typically irrepairable, the simple patching of the found backdoors does not restore the trustworthiness, as many manufacturers (Cisco, Juniper, Fortinet and Sonicwall and others) have experienced recently. Airbus's solutions are uniquely reliable and certified firewalls, considered trustworthy and backdoor-free by the European Union's highest authorities.

Firewall, designed for a decade

Stormshield UTM firewalls boast a high 9-13 years of life expectancy (MTBF), safeguarding your investment and providing network security for over a decade. Our largest firewalls provide modular, error-tolerant architecture, dual power supplies, and even redundant, self-healing SSD drives. Stormshield even produces industrial firewalls with a special enclosure, capable of withstanding different temperature and vibration conditions.

Stormshield devices are made of high quality, industrial-strength components that guarantee reliable operation for all our customers. Additionally every Stormshield firewall comes with a lifetime hardware exchange service, so we not only plan, but also deliver reliable security solutions.

Intuitive user interface

sns-ui
Try out a demo firewall. Choose your preferred language under the Options button. For login and password use: demo

Outstanding performance

Stormshield firewalls are based on the patented Application IPS packet filtering technology. This provides line-speed security filtering using a real-time kernel module, the core of the firewall. This means that Stormshield firewalls offer reliable performance regardless the complexity of inspection, and maximum security is enabled by default. Unlike its competitors, the IPS, DPI, application control, vulnerability manager and other kernel-level security features will not slow down the system's performance, and it does not affect the performance of the device.

Virtual and cloud firewalls

All Stormshield Network Security technology and security features are available in either hardware, virtual and cloud format.

Firewall technology in details

Intrusion Prevention System (IPS)
The kernel-based Intrusion Prevention System (IPS) is the core of Stormshield Network Security firewall. Application IPS is a patented, high-performance, real-time parallel packet filtering technology. This unique approach gives Stormshield customers a reliable network performance, which does not slow down with increasing complexity of filtering and will always remain at the same performance level in the future.
Proactive, complete Deep Protocol Inspection (DPI)
The protocol analysis plugins are an integral part of the Application IPS technology. These plugins automatically detect every traffic based on the connetions real content and attach the right protocol inspector. Stormshield firewalls also perform intelligent TCP desynchronization, so all connections are received by the firewall for the time and volume required for content-based filtering, ensuring that all traffic through the firewall is filtered and secure. More than 60 protocol inspectors are constantly updated and expanded. More than 80 percent of network attacks are stopped proactively with signatures, only based on enforcing safe network protocols.
Built-in vulnerability monitoring
Stormshield's unique Vulnerability Manager technology fingerprints all traffic passing through the firewall and identifies important network endpoint details: operating systems, applications, browsers, server software and all their known vulnerabilities. The vulnerability report helps minimizes the attack surface and makes exploits a lot more difficult to succeed.
Email security with greymail and newsletter filtering
The Stormshield email security technology can block spam and phishing, and also separately identifies newsletters and low priority, commercial emails and advertisements. No need to unsubscribe or block all the newsletters anymore, you can simply flag them in a separate folder to be read once a day or week, separately from important business emails in your inbox.
Premium anti virus from Kaspersky Lab
The premium virus protection of Stormshield firewalls is provided by Kaspersky Lab. As one of the best virus protection in the world, Kasperksy is in the top list of most technical comparisons, demonstrating their well-earned malware research reputation in detecting and dissecting advanced malware like Stuxnet, Duqu and similar cyber weapons. Kaspersky is also one of the main sponsor of the Ferrari Formula 1 team.
Cloud-based, always up-to-date webfilter with 65 categories
Stormshield's extended URL filtering system provides a cloud-based, up-to-date database and real-time categorization of more than 100 million websites. With 65 categories, web access can be fine-tuned to remove unwanted content such as weapon making, pornography, illegal download sites or anonymizer proxies.
Universal encrypted connection (SSL/TLS) filtering for any protocol
By decrypting encrypted connections, all traffic is security-inspected by the Stormshield firewall. Filter the websites and applications you visit through HTTPS, remove security threats on SMTPS connections and malware in POP3S downloads; The universal SSL decoding feature of the firewall ensures that any SSL/TLS-based protocol can be decoded so all the security layers can analyze the decrypted protocol and enforce the security policy.
Filtering by geolocation and IP reputation
Further limit the network's attack surface by filtering unwanted countries and IP ranges with bad reputation. This functionality can remove traffic from countries and continents where the network has no business to do with, and lock out bad IP address ranges that are for example known for spreading malware, spam or operating as a botnet or TOR endpoints.
BreachFighter sandboxing for advanced malware detection
Using Stormshield's proprietary sandboxing technology, suspicious attachments and files, including PDF, office formats and executables, can be uploaded for Stormshield's cloud for high-performance sandbox analysis. Using powerful emulation and analysis techniques, the vast computing performance of the cloud is available for every Stormshield firewall.
Industrial protection for SCADA networks
Stormshield Network Security is uniquely capable of analyzing, isolating, and even granularly controlling SCADA protocols (for example: modbus, S7, OPC UA, Ethernet/IP). The firewall is capable of protecting industrial networks, critical infrastructure and preventing unwanted commands, industrial attacks, sabotage and terrorism.
Hardware-accelerated, EU and NATO certified VPN
Stormshield creates secure VPN network around the globe to be used by the most critical customers and critical infrastructure operators. While hardware-accelerated high-performance IPSec VPN, unlimited SSL VPN and legacy PPTP VPN are also available, Stormshield provides maximum security and confidentiality with a unique EAL 4+ and NATO / European Union certified end-to-end VPN solution, from gateway to client software. An important design aspect is that VPN traffic is equally inspected by the IPS, DPI and all other protection modules. This way, attacks from VPN traffic will also be blocked, a functionality that many UTM manufacturers fail to offer.
User-based rules with Active Directory and directory integration
By using user database integration, the granular firewall rules and policies can be created by users and groups. Besides Active Directory, Stormshield works with any LDAP-capable directory. For small businesses, if no corporate directory is available, Stormshield offers a built-in LDAP server. User authentication capabilities include transparent SSO, web access portals, Radius server and certificate support. Using an external Radius server Stormshield can work with strong authentication solutions, such as OTP, SMS, biometric identifiers or smart cards.
Unlimited licensing with no restrictions
Stormshield hardware firewalls are licensed without any artificial limitations. Choose a Stormshield firewall that best suits your needs for the particular application, performance or network size, without requiring a more expensive model for certain functionality.
High availability with switchover under a second
Stormshield firewalls can also be deployed in High Availability (HA) clusters, so two firewalls work in parallel with their memories constantly synchronized. In case of network or device failure, the second firewall takes over all the inspection of the failed firewall in less than a second. With this stateful clustering approach, all connections, phone calls, VPNs, and encrypted communications are retained, so the switch-over to users is completely unnoticed.