SonicWALL’s Capture Advanced Threat Protection

markperl1 used Ask the Experts™
Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Last Knight
Distinguished Expert 2018
Hi Mark,

CAPTURE is awesome. It stops Ransomware, Unknown, and Zero-Day attacks at the gateway. As with any new security layer one of the most important aspects is to set the expectations for users and management. There is no panacea with security so there can be false positives with any security service. I'd roll it out on a small client or better yet your own/test environment first to get the hang of it. Then deploy it across the board with a multi-phased deployment.

SonicWALL Capture ATP provides the following:
  • Multiple threat engines for better threat detection
  • Broad file type analysis & OS (Operation System) support
  • All GAV protocols are supported
  • HTTPS is supported (requires DPI-SSL)
  • Block until Verdict option at the gateway
  • Rapid deployment of remediation signatures
  • Extensive reporting & alerts

Capture ATP helps SonicWALL firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWALL Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWALL firewall. Capture ATP uses the UFTP (UDP+FTP) protocol to transfer the file.

With Capture ATP you get the ability to securely inspect, classify, and manage the following file types:
  • Executables (PE, Mach-O, and DMG)
  • PDF
  • Office 97-2003 file types (.doc , .xls ,...)
  • Office (.docx , .xlsx ,...)
  • Archives ( .jar, .apk, .rar, .gz, and .zip)

Here's a diagram to help you better understand the process:SonicWALL Capture ProcessI'd also highly recommend deploying SSL-DPI engine since so much traffic now is encrypted.

Let me know if you have any other questions!


Thank you!!
Blue Street TechLast Knight
Distinguished Expert 2018

Glad I could help... thanks for the points!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial