To protect customers against the increasing dangers of zero-day threats, SonicWall Capture Advanced Threat Protection Service – a cloud-based service available with SonicWall firewalls – detects and can block advanced threats at the gateway until verdict. This service is the only advanced-threat-detection offering that combines multi-layer sandboxing, including full system emulation and virtualization techniques, to analyze suspicious code behavior. This powerful combination detects more threats than single-engine sandbox solutions, which are compute-environment specific and susceptible to evasion.
How Does It Work?
Web traffic hits your physical SonicWall firewall and enters a cloud-based sandbox. SSL traffic is decrypted, and multiple filters are enacted to test content for safety. Safe traffic is passed through to end-users. SonicWall Capture can comb through multiple file types and works with multiple browsers to intelligently scan and deliver safe content.
Administrators can also fine-tune network settings, and choose specific file types to pass-through the Capture filtering service or to inspect manually.
When a file is identified as malicious, signatures are immediately send to firewall clients to prevent similar attacks. Signatures are also processed through the SonicWall security team and patches are made available within 48 hours for global SonicWall databases for additional protection. Watch the SonicWall Capture video for more information.
Why Does It Work?
The SonicWall Capture solution scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, analyzed a broad range of file sizes and file types. Global-threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all SonicWall network security appliances, thus preventing further infiltration. Customers benefit from high-security effectiveness, fast response times and reduced total cost of ownership.