• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

SonicWALL’s Capture Advanced Threat Protection

Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Mark
0
markperl1
Asked:
markperl1
  • 2
1 Solution
 
Blue Street TechLast KnightCommented:
Hi Mark,

CAPTURE is awesome. It stops Ransomware, Unknown, and Zero-Day attacks at the gateway. As with any new security layer one of the most important aspects is to set the expectations for users and management. There is no panacea with security so there can be false positives with any security service. I'd roll it out on a small client or better yet your own/test environment first to get the hang of it. Then deploy it across the board with a multi-phased deployment.

SonicWALL Capture ATP provides the following:
  • Multiple threat engines for better threat detection
  • Broad file type analysis & OS (Operation System) support
  • All GAV protocols are supported
  • HTTPS is supported (requires DPI-SSL)
  • Block until Verdict option at the gateway
  • Rapid deployment of remediation signatures
  • Extensive reporting & alerts

Capture ATP helps SonicWALL firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWALL Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWALL firewall. Capture ATP uses the UFTP (UDP+FTP) protocol to transfer the file.

With Capture ATP you get the ability to securely inspect, classify, and manage the following file types:
  • Executables (PE, Mach-O, and DMG)
  • PDF
  • Office 97-2003 file types (.doc , .xls ,...)
  • Office (.docx , .xlsx ,...)
  • Archives ( .jar, .apk, .rar, .gz, and .zip)

Here's a diagram to help you better understand the process:SonicWALL Capture ProcessI'd also highly recommend deploying SSL-DPI engine since so much traffic now is encrypted.

Let me know if you have any other questions!
1
 
markperl1Author Commented:
Thank you!!
0
 
Blue Street TechLast KnightCommented:
Glad I could help... thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now