Technical Overview - SonicWALL CSa 1000 Getting Started Manual

The Capture Security Appliance provides the same Real-Time Deep Memory Inspection (RTDMI™) technology
used by the SonicWallCapture Advanced Threat Protection (Capture ATP) cloud service to protect your network
from malware. RTDMI does the following:
Proactively detects and blocks unknown mass-market malware via deep memory inspection in real time
l
Detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via
l
custom encryption
Forces malware to "reveal" its weaponry into memory
l
Identifies and mitigates sophisticated attacks where weaponry is exposed for less than 100 nanoseconds
l
One benefit of the Capture Security Appliance is that it brings the power of RTDMI into an appliance form factor to
serve customers who, due to geographical, regulatory or organizational requirements, cannot send files to the
cloud for ATP analysis.
Benefits of the Capture Security Appliance:
Memory-based inspection with RTDMI
l
Multi-stage analysis with reputation check, static analysis and dynamic analysis
l
API access for threat analysis
l
Broad file type support
l
Block until verdict support
l
High-security effectiveness
l
Reporting
l
Role-Based access
l
You can connect the Capture Security Appliance to a supported SonicWall firewall and/or SonicWall Email
Security appliance, or to an API Connector.
Because the Capture Security Appliance is IP addressable, it does not need to be connected directly to a firewall
or Email Security appliance in order to process files. You can connect an API Connector to the CSa and pass files
to it for analysis, run scripts that generate reports, and use other features via API. Refer to
https://github.com/sonicwall for resources describing how to use the Capture ATP API.

Technical Overview

Capture Security Appliance 1000 Getting Started Guide
2
4
Technical Overview