SonicWall Capture Advanced Threat Protection Service for NSV 870

Multi-engine advanced threat analysis

SonicWall Capture ATP Service extends firewall threat protection to detect and prevent zero-day attacks. The firewall inspects traffic and detects and blocks intrusions and known malware. Suspicious files are sent to the SonicWall Capture ATP Cloud for analysis. The multi-engine sandbox platform, which includes RTDMI, virtualized sandboxing, full system emulation, and hypervisor-level analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection.

Real-Time Deep Memory Inspection (RTDMI)

Real-Time Deep Memory Inspection technology enhances SonicWall's multi-engine Capture ATP Service. The RTDMI engine proactively detects and blocks zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks.

Broad file type analysis

The service supports analysis of a broad range of file sizes and types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR, and APK, plus multiple operating systems, including Windows and Android. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size, sender, recipient, or protocol. In addition, administrators can manually submit files to the cloud service for analysis.

Blocks until verdict

To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.

Rapid deployment of remediation signatures

When a file is identified as malicious, a signature is immediately available to firewalls with the SonicWall Capture ATP to prevent follow-on attacks. In addition, the malware is submitted to the SonicWall Capture Labs threat research team for further analysis and inclusion with threat information into the Gateway Anti-Virus and IPS signature databases. Additionally, it is sent to URL, IP, and domain reputation databases.

Reporting and alerts

The SonicWall Capture ATP Service provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service, including source, destination, and a summary plus details of malware action once detonated. Firewall log alerts provide notification of suspicious files sent to the SonicWall Capture ATP Service and file analysis verdict.

• Stop unknown threats at the gateway
• Extend firewall threat protection to detect and prevent zero-day attacks
• Send suspicious files to the Capture ATP Cloud for analysis
• Detect and block threats with Real-Time Deep Memory Inspection (RTDMI)
• Gain comprehensive visibility to malicious activity
• Resist evasion tactics and maximize zero-day threat detection
• Analyze executable programs (PE), DLL, PDFs, MS Office files, archives, JAR, and APK
• Analyze multiple operating systems, including Windows and Android
• Include or exclude files for cloud analysis by type, size, sender, recipient, or protocol
• Manually submit files to the cloud service for analysis
• Prevent potentially malicious files from entering the network
• Hold files sent to the cloud service for analysis at the gateway until a verdict is determined
• Return a verdict quickly by processing files in parallel using multiple engines
• Get real-time protection from unknown threats
• Deploy signatures to the firewall immediately when a file is identified as malicious
• Use the at-a-glance threat analysis dashboard and reports
• Get detailed analysis results for files sent to the service

MPN: 02-SSC-6052