Description
SonicWall Capture Security Appliance 1000 – 6 Port – 10/100/1000Base-T, 10GBase-X – 10 Gigabit Ethernet – AES – 6 x RJ-45 – 2 Total Expansion Slots – 1U – Rack-mountableThe SonicWall Capture Security appliance™ (CSa) brings Capture Advanced Threat Protection™ (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization. The CSa 1000 can analyze suspicious files coming from other SonicWall products to provide rapid, high accuracy detection of previously unseen threats with the customer retaining custody of their files. Additionally, the REST API functionality on the CSa opens up the benefits of this highly effective file analysis capability to threat intelligence teams, third-party security systems and any software stack that can integrate with published APIs.
The CSa uses a combination of reputation-based checks, static file analysis and SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) engine for dynamic analysis to ensure that it provides not only the best possible detection rate of malicious files, but also does this efficiently, in the shortest possible time. The SonicWall ecosystem of security products, already fully integrated with the cloud-delivered Capture ATP analysis, is able to enforce inline security with features such as Block Until Verdict.
The same capabilities are supported when the SonicWall products are connected to the CSa series instead of the cloud Capture ATP.
RTDMI
SonicWall’s patent-pending Real-Time Deep Memory Inspection (RTDMI) file analysis engine is a novel method of analyzing suspicious files by monitoring the behavior of an application in memory. RTDMI can see through any obfuscation or encryption techniques that modern malware may deploy to evade network and sandbox analysis, yielding extremely high accuracy detection of attacks borne by documents, executables, archive files and a variety of other file types.
Real time protection
The combination of reputation and global intelligence checks, statics analysis and RTDMI technology operate in concert to deliver results quickly enough to enable technologies like Block Until Verdict in SonicWall products. This capability allows for a file inspection policy on the firewall to prevent suspicious files from being downloaded by the end-user until the full inspection is completed and a verdict is reached by Capture ATP or CSa.