Capture Advanced Threat Protection Service

Multiply the effectiveness of your advanced threat protection sandbox.

For effective zero-day threat protection, organizations need solutions that include malware-analysis technologies and can detect evasive advanced threats and malware — today and tomorrow.

To protect customers against the increasing dangers of zero-day threats,Dell SonicWALL Capture Advance Threat Protection Service — a cloudbased service available with Dell SonicWALL firewalls — detects and blocks until verdict advanced threats at the gateway. This service is the only advanced-threat-detection offering that combines multi-layer sandboxing,including full system emulation and virtualization techniques, to analyze suspicious code behavior.

This powerful combination detects more threats than single-engine sandbox solutions, which are compute-environment specific and susceptible to evasion. The solution scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, has no file size limitation. Global-threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all Dell SonicWALL network security appliances, thus preventing further infiltration. Customers benefit from high-security effectiveness, fast
response times and reduced total cost of ownership.

For best zero-day threat protection, the solution is architected to dynamically add new malware analysis technologies as the threat landscape evolves.

Multi-engine advanced threat analysis

Dell SonicWALL Capture Service extends firewall threat protection to detect and prevent zeroday attacks. The firewall inspects traffic,
and detects and blocks intrusions and known malware. Suspicious files are sent to the Dell SonicWALL Capture cloud service for analysis. The multiengine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisorlevel analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zeroday threat detection.

Broad file type analysis and no filesize limitation

The service supports analysis of files of any size and for a broad range of file types, including executable programs (PE), DLL, PDFs,
MS Office documents, archives, JAR and APK, plus multiple operating systems including Windows, Android and Mac OSX. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size, sender, recipient or protocol. In addition, administrators can manually submit files to the cloud service for analysis.

Blocks until verdict

To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.

Rapid deployment of remediation signatures

When a file is identified as malicious, a signature is immediately deployed to firewalls with Dell SonicWALL Capture subscriptions to
prevent follow-on attacks. In addition, the malware is submitted to the Dell SonicWALL Threat Intelligence Team for further analysis and inclusion with threat information into the Gateway Anti-Virus and IPS signature databases. Additionally, it is sent to URL, IP and domain reputation databases within 48 hours.

Reporting and alerts

The Dell SonicWALL Capture Service provides an at-a-glance threat analysis dashboard and reports, which details out the analysis results for files sent to the service. Information included in these reports include session data, OS information, and OS and network
activity. Firewall log alerts provide notification of suspicious files sent to the Dell SonicWALL Capture Service, and file analysis verdict.