HIGHLIGHTS
Benefits
ā¢ Advanced Threat Protection: Detects unknown
malware before it enters the network
ā¢ Real-Time Deep Memory Inspection (RTDMIā¢):
Identifies hidden or dormant malware with
memory-based analysis
ā¢ Multi-Engine Sandboxing: Detects evasive threats
with multiple analysis engines
ā¢ Broad File Type Coverage: Inspects various file types
ā¢ Automated Threat Blocking: Blocks files at the
gateway until verdict based on your policies
ā¢ Seamless Integration: Integrates with SonicWall
solutions across your security architecture
SonicWall Capture Advanced
Threat Protection (ATP)
Effective on-prem and cloud based advanced threat protection with multi-solution flexibility.
To effectively protect against sophisticated threats,
organizations require advanced solutions that incorporate
robust malware analysis technologies capable of
detecting evasive and emerging threats. SonicWallās
Capture Advanced Threat Protection ā¢ (ATP) was the
industryās first multi-engine sandbox to offer block-
until-verdict capabilities. This innovative technology
rapidly delivers accurate verdicts on suspicious files and
seamlessly integrates across the entire SonicWall product
ecosystem for comprehensive protection both in the
cloud and on premises.
A cloud-based, multi-engine solution for stopping unknown and zero-day attacks at the gateway
UNKNOWN
SENT
B
BLOCK
until
VERDICT
BLOCK
GoodBad
SonicSandbox
RTDMI
A
B
CLOUD CAPTURE
SANDBOX
CLASSIFIED MALWARE
Artifact 1
Artifact 2
Artifact 3
Artifact 4 A
RANSOMWARE
Locky
RANSOMWARE
WannaCry
TROJAN
Spartan
DATA FILE
EMAIL
PDF
STREAMING
DATA
011001010001
000100101111
011100101110
001001110001
101001000111
110111011000
101110100101
Network Security
Services
Wireless
Cloud
IoT
Email
Endpoints
A cloud-based, multi-engine solution for stopping
unknown and zero-day attacks at the gateway
CAPTURE LABS
MACHINE LEARNINGDATASHEET
Benefits
ā¢ Advanced Threat Protection: Detects unknown
malware before it enters the network
ā¢ Real-Time Deep Memory Inspection (RTDMIā¢):
Identifies hidden or dormant malware with
memory-based analysis
ā¢ Multi-Engine Sandboxing: Detects evasive threats
with multiple analysis engines
ā¢ Broad File Type Coverage: Inspects various file types
ā¢ Automated Threat Blocking: Blocks files at the
gateway until verdict based on your policies
ā¢ Seamless Integration: Integrates with SonicWall
solutions across your security architecture
SonicWall Capture Advanced
Threat Protection (ATP)
Effective on-prem and cloud based advanced threat protection with multi-solution flexibility.
To effectively protect against sophisticated threats,
organizations require advanced solutions that incorporate
robust malware analysis technologies capable of
detecting evasive and emerging threats. SonicWallās
Capture Advanced Threat Protection ā¢ (ATP) was the
industryās first multi-engine sandbox to offer block-
until-verdict capabilities. This innovative technology
rapidly delivers accurate verdicts on suspicious files and
seamlessly integrates across the entire SonicWall product
ecosystem for comprehensive protection both in the
cloud and on premises.
A cloud-based, multi-engine solution for stopping unknown and zero-day attacks at the gateway
UNKNOWN
SENT
B
BLOCK
until
VERDICT
BLOCK
GoodBad
SonicSandbox
RTDMI
A
B
CLOUD CAPTURE
SANDBOX
CLASSIFIED MALWARE
Artifact 1
Artifact 2
Artifact 3
Artifact 4 A
RANSOMWARE
Locky
RANSOMWARE
WannaCry
TROJAN
Spartan
DATA FILE
STREAMING
DATA
011001010001
000100101111
011100101110
001001110001
101001000111
110111011000
101110100101
Network Security
Services
Wireless
Cloud
IoT
Endpoints
A cloud-based, multi-engine solution for stopping
unknown and zero-day attacks at the gateway
CAPTURE LABS
MACHINE LEARNINGDATASHEET
2 | SonicWall Capture Advanced Threat Protection (ATP)
Features
MULTI-ENGINE ADVANCED THREAT ANALYSIS
Capture ATP Service inspects traffic, and it detects and blocks intrusions and known malware. Suspicious
files are sent to the SonicWall Capture ATP Cloud for analysis. The multi-engine sandbox platform, which
includes RTDMI and full system emulation technology, executes suspicious code and analyzes behavior,
and provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing
zero-day threat detection.
REAL-TIME DEEP MEMORY INSPECTION (RTDMI)
The RTDMI engine enhances Capture ATP through proactively detecting and blocking mass market,
zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time
architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and
mitigates sophisticated attacks.
BROAD FILE TYPE ANALYSIS
Capture ATP analyzes a wide range of file types and sizes, including executables (PE), DLLs, PDFs, MS
Office documents, archives, JARs, and APKs, across Windows and Android platforms. Administrators can
customize protection by specifying which files to analyze based on file type, size, sender, recipient, or
protocol. They can also manually submit files for analysis. Malicious files are retained in the database for
one month, while benign files are automatically deleted within 24 hours.
BLOCKS UNTIL VERDICT
To prevent potentially malicious files from entering the network, files sent to the cloud for analysis can be
held at the gateway until a verdict is determined .
Capture ATP is a flexible and effective advanced threat protection with numerous deployment options to protect organizations
of all sizes. By scanning and analyzing a wide range of file types and sizes, its global threat intelligence quickly deploys
remediation signatures, ensuring fast response times, and high security effectiveness.
Features
MULTI-ENGINE ADVANCED THREAT ANALYSIS
Capture ATP Service inspects traffic, and it detects and blocks intrusions and known malware. Suspicious
files are sent to the SonicWall Capture ATP Cloud for analysis. The multi-engine sandbox platform, which
includes RTDMI and full system emulation technology, executes suspicious code and analyzes behavior,
and provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing
zero-day threat detection.
REAL-TIME DEEP MEMORY INSPECTION (RTDMI)
The RTDMI engine enhances Capture ATP through proactively detecting and blocking mass market,
zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time
architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and
mitigates sophisticated attacks.
BROAD FILE TYPE ANALYSIS
Capture ATP analyzes a wide range of file types and sizes, including executables (PE), DLLs, PDFs, MS
Office documents, archives, JARs, and APKs, across Windows and Android platforms. Administrators can
customize protection by specifying which files to analyze based on file type, size, sender, recipient, or
protocol. They can also manually submit files for analysis. Malicious files are retained in the database for
one month, while benign files are automatically deleted within 24 hours.
BLOCKS UNTIL VERDICT
To prevent potentially malicious files from entering the network, files sent to the cloud for analysis can be
held at the gateway until a verdict is determined .
Capture ATP is a flexible and effective advanced threat protection with numerous deployment options to protect organizations
of all sizes. By scanning and analyzing a wide range of file types and sizes, its global threat intelligence quickly deploys
remediation signatures, ensuring fast response times, and high security effectiveness.
3 | SonicWall Capture Advanced Threat Protection (ATP)
RAPID DEPLOYMENT OF REMEDIATION SIGNATURES
When a file is identified as malicious, a signature is immediately generated for SonicWall Capture
ATP products to block future attacks. The malware is also submitted to SonicWall Capture Labs for
further analysis and added to the Gateway Anti-Virus and IPS databases, as well as URL, IP, and domain
reputation databases within 48 hours.
REPORTING AND ALERTS
The SonicWall Capture ATP provides an at-a-glance threat analysis dashboard and reports, which detail
the analysis results for files sent to the service, including source, destination and a summary plus details
of malware action once detonated.
File Types Supported
.cpl .dll .drv .exe .elf .ocx .scr .sys .doc .dot .wbk .docx .docm .dotx .dotm .docb
.xls .xlt .xlm .xlsx .xlsm .xltx .xltm .xlsb .xla .xlam .xll .xlw .ppt .pot .pps .pptx
.pptm .potx .potm .ppam .ppsx .ppsm .sldx .sldm .o .dylib .bundle .dmg .pdf .jar
.apk .rar .bz2 .bzip2 .7z .xz .gz .zip
CAPTURE SECURITY APPLIANCE (CSa)
Capture Security Appliance (CSa) brings the technology of Capture ATP and RTDMI to on-premises
deployment scenarios. CSa offers customers a hardware platform that allows them to retain all their
data inside their organization, while taking advantage of Capture ATPās sophisticated threat detection
capabilities.
Learn more about Capture Security Appliance (CSa) here.
RAPID DEPLOYMENT OF REMEDIATION SIGNATURES
When a file is identified as malicious, a signature is immediately generated for SonicWall Capture
ATP products to block future attacks. The malware is also submitted to SonicWall Capture Labs for
further analysis and added to the Gateway Anti-Virus and IPS databases, as well as URL, IP, and domain
reputation databases within 48 hours.
REPORTING AND ALERTS
The SonicWall Capture ATP provides an at-a-glance threat analysis dashboard and reports, which detail
the analysis results for files sent to the service, including source, destination and a summary plus details
of malware action once detonated.
File Types Supported
.cpl .dll .drv .exe .elf .ocx .scr .sys .doc .dot .wbk .docx .docm .dotx .dotm .docb
.xls .xlt .xlm .xlsx .xlsm .xltx .xltm .xlsb .xla .xlam .xll .xlw .ppt .pot .pps .pptx
.pptm .potx .potm .ppam .ppsx .ppsm .sldx .sldm .o .dylib .bundle .dmg .pdf .jar
.apk .rar .bz2 .bzip2 .7z .xz .gz .zip
CAPTURE SECURITY APPLIANCE (CSa)
Capture Security Appliance (CSa) brings the technology of Capture ATP and RTDMI to on-premises
deployment scenarios. CSa offers customers a hardware platform that allows them to retain all their
data inside their organization, while taking advantage of Capture ATPās sophisticated threat detection
capabilities.
Learn more about Capture Security Appliance (CSa) here.
4 | SonicWall Capture Advanced Threat Protection (ATP)
CLOUD
ENDPOINT
NETWORK
Secure Mobile Access
Gateway Firewall
Gateway Firewall
Capture Client
Capture ATP
*Web Content Filtering is available with Capture Client and Firewall Security Services
Secure Mobile Access
Capture ATP
Real Time Deep Memory
Inspection (RTDMI)ā¢
Multi-engine
Advanced Threat
Analysis
Broad File Type
Analysis
Web Content Filtering*
Blocks Until
Verdict
Rapid
Deployment of
Remediation
Signatures
Threat Mitigation at Every Layer
Capture ATP strengthens threat mitigation by blocking advanced threats across cloud, network, and endpoint environments. Its
real-time detection, multi-layer sandboxing, and integration with global threat intelligence ensure comprehensive protection
against todayās evolving cyber threats.
1. Cloud
Capture ATP integrates with cloud-based applications and services, inspecting incoming files and data for malicious
content. It blocks threats before they infiltrate cloud environments.
2. Network
Capture ATP scans all traffic entering the network, detecting and blocking malware at the network perimeter before it
reaches endpoints and/or critical systems. Administrators can configure network traffic rules to filter files by type, size, or
protocol, allowing granular control over which files are analyzed and which are allowed into the network.
3. Endpoint
By blocking threats at the endpoint, Capture ATP helps prevent malware from spreading laterally through the endpoint. If a
malicious file is detected, Capture ATP generates a signature in real-time, ensuring all connected endpoints are protected
from follow-on attacks.
CLOUD
ENDPOINT
NETWORK
Secure Mobile Access
Gateway Firewall
Gateway Firewall
Capture Client
Capture ATP
*Web Content Filtering is available with Capture Client and Firewall Security Services
Secure Mobile Access
Capture ATP
Real Time Deep Memory
Inspection (RTDMI)ā¢
Multi-engine
Advanced Threat
Analysis
Broad File Type
Analysis
Web Content Filtering*
Blocks Until
Verdict
Rapid
Deployment of
Remediation
Signatures
Threat Mitigation at Every Layer
Capture ATP strengthens threat mitigation by blocking advanced threats across cloud, network, and endpoint environments. Its
real-time detection, multi-layer sandboxing, and integration with global threat intelligence ensure comprehensive protection
against todayās evolving cyber threats.
1. Cloud
Capture ATP integrates with cloud-based applications and services, inspecting incoming files and data for malicious
content. It blocks threats before they infiltrate cloud environments.
2. Network
Capture ATP scans all traffic entering the network, detecting and blocking malware at the network perimeter before it
reaches endpoints and/or critical systems. Administrators can configure network traffic rules to filter files by type, size, or
protocol, allowing granular control over which files are analyzed and which are allowed into the network.
3. Endpoint
By blocking threats at the endpoint, Capture ATP helps prevent malware from spreading laterally through the endpoint. If a
malicious file is detected, Capture ATP generates a signature in real-time, ensuring all connected endpoints are protected
from follow-on attacks.
SonicWall, Inc.
1033 McCarthy Boulevard | Milpitas, CA 95035
Refer to our website for additional information.
www.sonicwall.comĀ© 2024 SonicWall Inc. ALL RIGH TS RESERVED .
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their
respective owners. The information in this document is provided in connection with SonicWall Inc. and/or its affiliatesā products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of SonicWall products. Except as set forth in the terms and conditions as specified in the license agreement for this
product, SonicWall and/or its affiliates assume no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty
of merchantability, fitness for a particular purpose, or non- infringement. In no event shall SonicWall and/or its affiliates be liable for any direct, indirect, consequential, punitive, special or incidental
damages (including, without limitation, damages for loss of profits, business interruption or loss of information) arising out of the use or inability to use this document, even if SonicWall and/or its
affiliates have been advised of the possibility of such damages. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of
this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update
the information contained in this document.
About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and a relentless focus on its partners. With the
ability to build, scale and manage security across the cloud, hybrid and traditional environments in real time, SonicWall can
quickly and economically provide purpose-built security solutions to any organization around the world. Based on data from
its own threat research center, SonicWall delivers seamless protection against the most evasive cyberattacks and supplies
actionable threat intelligence to partners, customers and the cybersecurity community.
316.24 - Datasheet - Capture ATP
Supported Products
Capture ATP
ā¢ NSsp15700
ā¢ NSsp10700
ā¢ NSsp 12800
ā¢ NSsp 11700
ā¢ NSsp 12400
ā¢ NSsp 13700
ā¢ NSv 270
ā¢ NSv 470
ā¢ NSv 870
ā¢ NSa 9650
ā¢ NSa 9450
ā¢ NSa 9250
ā¢ NSa 6700
ā¢ NSa 6650
ā¢ NSa 5650
ā¢ SMA 200
ā¢ SMA 210
ā¢ SMA 400
ā¢ SMA 410
ā¢ SMA 500v
ā¢ 432o
ā¢ 621
ā¢ 641
ā¢ 681
ā¢ Capture Client Advanced
ā¢ Capture Client Premier
ā¢ Capture Client MDR
ā¢ TZ80
ā¢ TZ670 series
ā¢ TZ600 series
ā¢ TZ500 and 570 series
ā¢ TZ400 and 470 series
ā¢ TZ300, 350 and 370 series
ā¢ SOHO 250 series
Note: SonicWall Capture ATP is supported on firewalls running SonicOS 7.0 and higher
ā¢ SMA 6200
ā¢ SMA 6210
ā¢ SMA 7200
ā¢ SMA 7210
ā¢ SMA 8200v
ā¢ NSa 4700
ā¢ NSa 4650
ā¢ NSa 3700
ā¢ NSa 3650
ā¢ NSa 2700
ā¢ NSa 2650
NGFWs
(NSsp Series)
NGFWs
(NSa Series)
NGFWs
(TZ/SOHO
Series)
SMA
SonicWave
APs
(OS 10+) (OS 12.0+)
Endpoint
Security
NGFWs
(NSv Series)
1033 McCarthy Boulevard | Milpitas, CA 95035
Refer to our website for additional information.
www.sonicwall.comĀ© 2024 SonicWall Inc. ALL RIGH TS RESERVED .
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their
respective owners. The information in this document is provided in connection with SonicWall Inc. and/or its affiliatesā products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of SonicWall products. Except as set forth in the terms and conditions as specified in the license agreement for this
product, SonicWall and/or its affiliates assume no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty
of merchantability, fitness for a particular purpose, or non- infringement. In no event shall SonicWall and/or its affiliates be liable for any direct, indirect, consequential, punitive, special or incidental
damages (including, without limitation, damages for loss of profits, business interruption or loss of information) arising out of the use or inability to use this document, even if SonicWall and/or its
affiliates have been advised of the possibility of such damages. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of
this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update
the information contained in this document.
About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and a relentless focus on its partners. With the
ability to build, scale and manage security across the cloud, hybrid and traditional environments in real time, SonicWall can
quickly and economically provide purpose-built security solutions to any organization around the world. Based on data from
its own threat research center, SonicWall delivers seamless protection against the most evasive cyberattacks and supplies
actionable threat intelligence to partners, customers and the cybersecurity community.
316.24 - Datasheet - Capture ATP
Supported Products
Capture ATP
ā¢ NSsp15700
ā¢ NSsp10700
ā¢ NSsp 12800
ā¢ NSsp 11700
ā¢ NSsp 12400
ā¢ NSsp 13700
ā¢ NSv 270
ā¢ NSv 470
ā¢ NSv 870
ā¢ NSa 9650
ā¢ NSa 9450
ā¢ NSa 9250
ā¢ NSa 6700
ā¢ NSa 6650
ā¢ NSa 5650
ā¢ SMA 200
ā¢ SMA 210
ā¢ SMA 400
ā¢ SMA 410
ā¢ SMA 500v
ā¢ 432o
ā¢ 621
ā¢ 641
ā¢ 681
ā¢ Capture Client Advanced
ā¢ Capture Client Premier
ā¢ Capture Client MDR
ā¢ TZ80
ā¢ TZ670 series
ā¢ TZ600 series
ā¢ TZ500 and 570 series
ā¢ TZ400 and 470 series
ā¢ TZ300, 350 and 370 series
ā¢ SOHO 250 series
Note: SonicWall Capture ATP is supported on firewalls running SonicOS 7.0 and higher
ā¢ SMA 6200
ā¢ SMA 6210
ā¢ SMA 7200
ā¢ SMA 7210
ā¢ SMA 8200v
ā¢ NSa 4700
ā¢ NSa 4650
ā¢ NSa 3700
ā¢ NSa 3650
ā¢ NSa 2700
ā¢ NSa 2650
NGFWs
(NSsp Series)
NGFWs
(NSa Series)
NGFWs
(TZ/SOHO
Series)
SMA
SonicWave
APs
(OS 10+) (OS 12.0+)
Endpoint
Security
NGFWs
(NSv Series)
