SonicWall Capture Advanced Threat Protection (ATP) is a powerful, cloud-based security solution integrated with SonicWall firewalls. Designed to detect and block zero-day threats, ransomware, and unknown malware, Capture ATP uses a multi-engine sandboxing approach combined with Real-Time Deep Memory Inspection (RTDMI™) for unmatched threat detection at the network gateway.
Key Features:
- Multi-Engine Advanced Threat Analysis
Capture ATP enhances firewall protection by detecting and blocking zero-day attacks and unknown malware. Suspicious files are sent to the cloud for analysis using a combination of virtual sandboxing, full system emulation, and hypervisor-level analysis to execute and evaluate malicious behavior. - Extensive File Type and OS Support
The service supports analysis of files of any size and a wide array of file types, including executables (PE), DLLs, PDFs, Office docs, archives, JARs, and APKs. It operates across Windows, macOS, and Android environments. Admins can configure file submission rules by file type, size, sender, recipient, or protocol—and submit files manually as needed. - Block Until Verdict
To prevent threats from entering the network, files sent to the cloud are held at the firewall until a verdict is reached, minimizing the risk of infection from suspicious files. - Automated Signature Deployment
When a file is confirmed malicious, a remediation signature is immediately pushed to all firewalls with Capture ATP enabled. Additionally, threat data is forwarded to SonicWall’s GRID (Global Response Intelligent Defense) network, contributing to updates for Gateway Anti-Virus, IPS, and reputation databases within 48 hours. - Robust Reporting and Alerts
Capture ATP features a centralized dashboard for real-time visibility into file analysis. Detailed reports include session data, operating system behavior, and network activity. Alerts notify administrators when suspicious files are analyzed and provide verdict outcomes.
