SonicWall Capture ATP is a cloud-based, multi-engine sandbox that revolutionizes advanced threat detection. Included with Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) blocks zero-day and unknown threats at the gateway — even those that hide via encryption or don’t exhibit malicious behavior. SonicWall Capture ATP scans a broad range of file types to prevent zero-day attacks, targeted malware, advanced ransomware and more.
Capture ATP analyzes behavior in a multi-engine sandbox platform that includes full system emulation, hypervisor-level analysis, virtualized sandboxing and RTDMI™, which uses real-time, memory-based inspection techniques to force malware to reveal its weaponry into memory.
By giving admins the ability to block until verdict, create customized policies and scan select files in the cloud, SonicWall Capture ATP combines the efficiency of automation with greater flexibility and control./p>
Multi-engine advanced threat analysis
SonicWall Capture extends firewall threat protection to detect and prevent zero-day attacks. The firewall inspects traffic and detects and blocks known malware and intrusions. Suspicious files are sent to the SonicWall Capture cloud service for analysis. The multi-engine sandbox platform includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology. It executes suspicious code and analyzes behavior, thus providing comprehensive visibility to malicious activity, while resisting evasion tactics and maximizing zero-day threat detection.
Broad file type analysis and no file size limitation
SonicWall Capture supports analysis of files of any size and for a broad range of file types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR, and APK. Plus, it supports multiple operating systems, including Windows, Android, and Mac OSX environments. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis, including by file type, file size, sender, recipient and protocol. In addition, administrators can manually submit files to the cloud service for analysis.
Block until verdict
To prevent potentially malicious files from entering the network, files sent to the cloud for analysis can be held at the gateway until a verdict is determined.
Rapid deployment of remediation signatures
When a file is identified as malicious, a signature is immediately deployed to firewalls with SonicWall Capture subscriptions to prevent follow-on attacks. In addition, the malware is submitted to the SonicWall threat intelligence team for further analysis and inclusion of threat information into the Global Response Intelligent Defense Network (GRID) Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation databases within 48 hours.
Reporting and alerts
SonicWall Capture provides an at-a-glance dashboard and reports that detail the analysis results for files sent to the service, including session information, OS information, OS activity, and network activity. Firewall log alerts provide notification of suspicious files sent to the SonicWall Capture service for analysis and results.