SonicWALL’s Capture Advanced Threat Protection

Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Mark
markperl1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Mark,

CAPTURE is awesome. It stops Ransomware, Unknown, and Zero-Day attacks at the gateway. As with any new security layer one of the most important aspects is to set the expectations for users and management. There is no panacea with security so there can be false positives with any security service. I'd roll it out on a small client or better yet your own/test environment first to get the hang of it. Then deploy it across the board with a multi-phased deployment.

SonicWALL Capture ATP provides the following:
  • Multiple threat engines for better threat detection
  • Broad file type analysis & OS (Operation System) support
  • All GAV protocols are supported
  • HTTPS is supported (requires DPI-SSL)
  • Block until Verdict option at the gateway
  • Rapid deployment of remediation signatures
  • Extensive reporting & alerts

Capture ATP helps SonicWALL firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWALL Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWALL firewall. Capture ATP uses the UFTP (UDP+FTP) protocol to transfer the file.

With Capture ATP you get the ability to securely inspect, classify, and manage the following file types:
  • Executables (PE, Mach-O, and DMG)
  • PDF
  • Office 97-2003 file types (.doc , .xls ,...)
  • Office (.docx , .xlsx ,...)
  • Archives ( .jar, .apk, .rar, .gz, and .zip)

Here's a diagram to help you better understand the process:SonicWALL Capture ProcessI'd also highly recommend deploying SSL-DPI engine since so much traffic now is encrypted.

Let me know if you have any other questions!
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
markperl1Author Commented:
Thank you!!
0
Blue Street TechLast KnightCommented:
Glad I could help... thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.