Core elements of the Capture Cloud Platform include SonicWall’s Capture Client solution, also previewed in February, which is designed to work hand-in-glove with SonicWall firewalls to provide further assistance with mounting encrypted traffic volumes. Drawing on endpoint detection and response technology from SentinelOne, of Mountain View, Calif., the new system equips SonicWall appliances with machine learning-based continuous behavior monitoring functionality capable of intercepting malicious traffic in real time.
Significantly, SonicWall emphasizes, Capture Client automates the installation and management of TLS certificates on multiple devices, simplifying one of the most difficult aspects of DPI-SSL traffic analysis.
Other components of the Capture Cloud Platform, all previously released, include SonicWall’s Hosted Email Security solution, Capture Labs Threat Network, and Capture Advanced Threat Protection (ATP) system, a hosted sandbox service that assesses suspicious files and traffic before allowing it to exit the firewall onto the network.
That last system now draws on SonicWall’s Real-Time Deep Memory Inspection (RTDMI) technology to protect against malware hidden in .PDFs and Microsoft Office files. First unveiled in February
, RTDMI utilizes patent-pending techniques to thwart the custom encryption schemes and other creative mechanisms hackers use to conceal dangerous payloads from traditional security solutions. The system forces malware that exhibits no malicious behavior to reveals its hidden weaponry, even if that code is encrypted and visible for intervals less than 100 nanoseconds.
“That component of our Capture ATP sandbox was able to find 3,500 never before seen attack variants through March of this year,” Gordineer says. “It’s incredibly effective at finding things that our other technologies don’t find and that other vendors don’t find.”
Adding support for .PDF and Microsoft Office files to RTDMI arms SonicWall customers to ward off an increasingly prevalent threat.
“In the last couple of years, vulnerabilities in Flash made Flash the most attractive attack vector,” Gordineer observes. “Now that’s switching, and .PDF and Office docs tend to be one of the most attacked file types.”
In conjunction with the official launch of the Capture Cloud Platform, SonicWall also previewed a major refresh of its Capture Security Center offering, which originally reached market under the name Cloud GMS. The revised edition of the cloud-based administration tool is engineered to provide single pane of glass control over everything from policy management and product licensing to security reporting and analytics.
Capture Security Center is scheduled to enter general availability on May29th. All of the other products SonicWall described today are either available now or will become available within the next few days.
SonicWall’s latest product wave arrives amid evidence that an already hazardous security landscape is growing even more treacherous. In data published today, SonicWall said that its customers experienced an average of 7,739 malware attacks each in the first quarter of 2018, up 151 percent from the same period last year. The Capture Cloud Platform identified over 49,800 new attack variants in the first three months of the year as well.