Product Information
The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization. The CSa 1000 can analyze suspicious files coming from other SonicWall products to provide rapid, high-accuracy detection of previously unseen threats with the customer retaining custody of their files. Additionally, the REST API functionality on the CSa opens up the benefits of this highly effective file analysis capability to threat intelligence teams, third-party security systems and any software stack that can integrate with published APIs. The CSa uses a combination of reputation-based checks, static file analysis and SonicWall's patented Real-Time Deep Memory Inspection (RTDMI) engine for dynamic analysis to ensure that it provides not only the perfect detection rate of malicious files, but also does this efficiently, in short times. The SonicWall ecosystem of security products, already fully integrated with the cloud-delivered Capture ATP analysis, is able to enforce inline security with features, such as Block Until Verdict.
- RTDMI
SonicWall's Real-Time Deep Memory Inspection (RTDMI) file analysis engine is an advanced method of analyzing suspicious files by monitoring the behavior of an application in memory. RTDMI can see through any obfuscation or encryption techniques that modern malware may deploy to evade network and sandbox analysis, yielding extremely high accuracy detection of attacks borne by documents, executables, archive files and a variety of other file types. - Real-time protection
The combination of reputation and global intelligence checks, statics analysis and RTDMI technology operate in concert to deliver results quickly enough to enable technologies like Block Until Verdict in SonicWall products. This capability allows for a file inspection policy on the firewall to prevent suspicious files from being downloaded by the end user until the full inspection is completed and a verdict is reached by Capture ATP or CSa. - Broad-type file analysis
CSa supports analysis for a broad range of file types, including executable programs (PE), DLL, JAR, PDFs and MS Office documents, plus multiple operating systems, including Windows, Android and multi-browser environments. - Easy administration and reporting
Easy-to-understand reports clearly show why something was blocked, detailing the analysis results for files sent to the service including frequency, sources, verdicts and other insights around files submitted for analysis. - Multiple deployment options
Deploy CSa in your main datacenter and/or have it referenced by multiple locations via IP address, FQDN or with the REST API. Alternatively, manually upload files into CSa for quick analysis and results.