Skip to content
SonicWall: Catch the Latest Malware with Capture Advanced Threat Protection

SonicWall: Catch the Latest Malware with Capture Advanced Threat Protection

Now that Halloween is over and your coworkers are bringing in the extra candy they don’t want, let’s look back at the last quarter’s results from SonicWall Capture Advanced Threat Protection (ATP) network sandbox service. Grab the candy corn and let’s crunch some data. Note: terms in italics below are defined in the glossary at the bottom to help newbies. 63,432 new threats discovered using the network sandbox over the course of three months on customer networks. 30.6% of threats that were found through static filtering. Translation- less than a third of these threats were new to us, but not to someone among the 50+ scanners we compare against. 69.4% of threats that were found through dynamic filtering. Translation- there is nearly a 70% chance SonicWall will find new malware and develop protections against it faster than anyone else. .16% of all  files sent to the sandbox were malicious. Translation- SonicWall can find the needle in the haystack. 72% of files were processed in under 5 seconds. Translation- Capture ATP is fast! 60% increase in the number of Capture ATP customers that sent files for analysis over the past quarter. Translation – more people supplying potential threat data gives us a wider net to catch the latest threats, making it easier to protect you. Double translation – the community helps to protect the community. 20% of all new malware were found in documents (.docx & .pdf specifically) on many days throughout the quarter. Translation – Attackers put more attention to getting you to open malicious documents. Double Translation – educate your employees to not open suspicious attachments in email or found online. I hope this helps you understand the importance of using a network sandbox, namely Capture ATP, the winner of CRN’s Network Security Product of the Year 2016 by customer demand. To learn more please review our Tech Brief: SonicWall Capture Threat Assessment or contact us with more information. PS – I wrote a simple glossary of sandboxing terms for you to reference in case you are new to this. If you want more terms added to this, find me on Twitter and send me a note.

Glossary of terms:

Network Sandbox: An isolated environment where suspicious code can be run to completion to see what it wants to do. If your firewall doesn’t know the file, it will be sent to the sandbox for analysis. Block until Verdict: A feature of the Capture ATP sandboxing service that blocks a file until a determination of the file can produce a verdict. If it’s malware, the file is dropped and can’t enter the network. If it’s good, a verdict for the hash of the file is stored and, if anyone tries to upload the file to our service, that verdict will be supplied within milliseconds to the user. Hash (AKA: cryptographic hash): A cryptographic code to identify code (e.g., malware) across the community of researchers. Instead of storing malware and comparing new files against samples, the file is converted to a hash and compared against a database of known good and bad hashes. For example, the phrase “SonicWall Capture ATP stops ransomware” translates into “13d55c187dbd760e8aef8d25754d8aacadc60d8b”. Once a new file is encountered, hashed, and doesn’t match a known hash, it is sent to the sandbox for analysis. Static Filtering: A way of filtering out results of a file before taking it to time-consuming dynamic analysis. SonicWall static filtering compares new files against a database of shared malware hashes from over 50 anti-virus scanners. Dynamic Filtering: The method of processing a file to see what it wants to do. SonicWall’s dynamic processing features three engines in parallel to find the most evasive malware. We use virtualized sandboxing, hypervisor-level analysis, and full-system analysis to uncover the most difficult forms of malware, including Cerber.

Previous article SonicWall’s Tiffany Haselhorst Joins 2020 CRN 100 Rising Female Stars List

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now