Introducing Dell SonicWALL Capture Advanced Threat Protection Service February 2016

Challenge: Explosion of evasive, zero-day threats* Designed to evade sandbox analysis and detection Target not just windows environments but also mobile and connected devices Hide in encrypted and unencrypted traffic Hide in more file types, of any file size * Source: Dell Security 2016 Threat Report Security experts agree, advanced threats such as zero-day exploits and custom malware are on the rise. To better detect these unknown threats, security professionals are deploying advanced threat detection technologies, such as virtual sandboxes, that analyze the behavior of suspicious files and uncover hidden malware. However, threats are getting smarter, and malware is now being designed to detect the presence of a virtual sandbox and evade discovery, limiting the effectiveness of these threat detection technologies. In addition, threats are increasingly hidden in new ways, such as in encrypted SSL traffic, or in files and applications that run on mobile and other connected devices, and may be hidden in files of any size..

Building a better zero-day malware trap Effective advanced threat protection requires: Multi-layer threat analysis technology - more difficult for malware to detect or evade Inspection of encrypted and unencrypted traffic Ability to analyze many file types, sizes, operating systems Ability to block suspicious files from entering the network until verdict Rapid deployment of new malware signatures across the network To combat today’s evasive, advanced threats, a new approach is needed. Specifically, threat analysis technology that malicious code can’t detect and evade. A threat analysis platform that combines multiple types of malware analysis engines, including not only virtual sandbox environments but also OS and hardware emulation sandboxing, is more effective at discovering zero-day threats than single-engine sandbox solutions that are easier for malware to detect and evade. In addition, threats are increasingly hidden in new ways, such as in encrypted SSL traffic, or in files and applications that run on mobile and other connected devices. Advanced threat detection solutions must inspect traffic, whether encrypted or unencrypted, for suspicious files, and be able to analyze malware hidden in a broad range of file types, file sizes and operating environments to best provide comprehensive zero-day threat detection. Detecting zero-day threats is critical, but detection alone is not enough. Technology that not only inspects traffic for suspicious code but also gives IT control to block suspicious code from entering the network until after it’s analyzed and a verdict is reached can prevent infection and the manual, time consuming tasks necessary to remediate damage. And to prevent follow-on attacks, signatures for newly discovered malware must be quickly generated and automatically distributed across network security devices. For best zero-day threat protection, solutions that can dynamically add new malware analysis engines as the threat landscape evolves will be most effective at detecting today and tomorrow’s advanced threats and malware.

Introducing Dell SonicWALL Capture Advanced Threat Protection Service Cloud service detects and blocks zero-day threats at the gateway Multi-engine sandbox detects more threats than single sandbox technology Broad file type analysis and operating system support and no file-size limitation Blocks until verdict at the gateway Rapid deployment of remediation signatures Reporting and alerts SuperMassive 9200-9600 TZ SOHO – TZ600 NSA 2600 – 6600 To protect customers against the increasing dangers of unknown, zero-day threats, Dell SonicWALL Capture Advanced Threat Protection (ATP) Service is a cloud based service for Dell SonicWALL next-generation firewalls that detects and blocks until verdict unknown threats at the gateway. SonicWALL Capture is the only advanced threat protection offering that includes multi-layer sandbox technologies that use both system emulation and virtualization techniques to detect more threats than single sandbox solutions which are compute environment specific and susceptible to evasion. The solution scans traffic and extracts suspicious code for analysis and unlike other gateway solutions, has no file size limitation. The Dell SonicWALL GRID threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all Dell SonicWALL network security appliances preventing further infiltration of the identified malware threat. Customers benefit from high security effectiveness, fast response times, and reduced total cost of ownership.

Increase security effectiveness against zero-day threats Multi-engine advanced threat analysis detects more threats, can’t be evaded Virtualized sandbox Full system emulation Hypervisor level analysis Broad file type and OS environment analysis, no file size limitation PE, MS Office, PDF, archives, JAR, APK Windows, Android and Mac OS Automated and manual file submission Increase security effectiveness against zero-day threats With SonicWALL Capture, suspicious code is executed in a multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology. Behavior is analyzed, providing comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection. The service supports analysis of files of any size and for a broad range of file types, including executable programs, PDFs, MS Office documents, archives, JAR, and APK plus analysis in multiple operating system environments including Windows, Android, and Mac OSX . In addition, administrators can manually submit files to the cloud service for analysis.

Prevent infection and follow-on attacks Block until verdict Hold files at the gateway until verdict to prevent malicious files entering the network Rapid deployment of remediation signatures Signatures immediately deployed to SonicWALL Capture subscriber appliances Signatures and threat information available to all firewalls with Gateway anti-virus subscriptions within 48hours Capture ATP Prevent infection and follow-on attacks To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.   When a file is identified as malicious, a signature is immediately deployed to firewalls with SonicWALL Capture subscriptions to prevent follow-on attacks. In addition, the malware is submitted to the Dell SonicWALL Threat Intelligence Team for further analysis and inclusion of threat information into the Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation databases within 48 hours.

Monitoring and reporting At-a-glance dashboard Scanned file history Detailed file analysis report Monitoring and reporting To monitor advanced threat detection, the service provides an at-a-glance dashboard and reports that detail results for files sent to the service.

Dell SonicWALL Capture Advanced Threat Protection Service Multiply the effectiveness of your advanced threat analysis sandbox High security effectiveness Multi-engine sandbox analysis, broad file type/operating system support, any file size - detects more threats Fast remediation times Block until verdict at the gateway and rapid signature remediation across network appliances Reduced total cost of ownership Add-on service reduces complexity With Dell SonicWALL Capture, you can multiply the effectiveness of your advanced threat analysis. The service revolutionizes advanced threat detection and sandboxing with a multi-engine approach to stopping unknown and zero-day attacks at the gateway, and with automated remediation. Customers benefit from high security effectiveness, fast response times and reduced total cost of ownership.

Availability Beta available now: General availability: July 2016 https://www.surveymonkey.com/r/SonicWALLCaptureATPserviceBeta General availability: July 2016 Learn more: http://www.sonicwall.com/products/sonicwall-capture-atp/