Effective zero-day threat protection is becoming increasingly important to organizations. Businesses need solutions including malware analysis technologies that can detect evasive advanced threats and malware before they enter the network.
SonicWALL Capture Advance Threat Protection Service, a cloud-based service available with SonicWALL firewalls, was made to protect customers against the increasing dangers of zero-day threats. It detects and blocks advanced threats at the gateway until verdict. This service is the only advanced-threat-detection offering that combines multiple sandbox engines, including complete system emulation and virtualization, to analyze suspicious code behavior.
This powerful combination detects more threats than single-engine sandbox solutions, which can allow threats into the network and are susceptible to evasion.
Capture scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, analyzes a broad range of file sizes and types. Global-threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all SonicWALL network security appliances to prevent further infiltration. Customers benefit from high-security effectiveness, fast response times and reduced total cost of ownership.
When a file is identified as malicious, a signature is immediately available to firewalls with SonicWALL Capture subscriptions to prevent follow-on attacks. In addition, the malware is submitted to the SonicWALL Threat Intelligence Team for further analysis and inclusion with threat information into the Gateway AntiVirus and IPS signature databases. Additionally, it is sent to URL, IP and domain reputation databases within 48 hours.
SonicWALL Capture Service extends firewall threat protection to detect and prevent zero-day attacks. The firewall inspects traffic, and detects and blocks intrusions and known malware. Suspicious files are sent to the SonicWALL Capture cloud service for analysis. The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisor-level analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection.
To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.
The service supports analysis of a broad range of file sizes and types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK, plus multiple operating systems including Windows and Android. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size, sender, recipient or protocol. In addition, administrators can manually submit files to the cloud service for analysis.
The SonicWALL Capture Service provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service. Including source, destination and a summary plus details of malware action once detonated. Firewall log alerts provide notification of suspicious files sent to the SonicWALL Capture Service and file analysis verdict.
Read more about this feature here: https://www.sonicwall.com/products/sonicwall-capture-atp/