Dell - Internal Use - Confidential PEAK16PEAK16
How Multi-Layer Sandboxing Detects More Zero-Day AttacksSonicWALL Capture Advanced Threat Protection Services
Brook R. Chelmo
Dell - Internal Use - Confidential PEAK16PEAK16
Stopping Advanced Threats with Capture ATP Per the Greatest Philosophical Minds of History 401SonicWALL Capture Advanced Threat Protection Services
Professor Sir Dr. Brook R. Chelmo XIV PhD Esq. III
Professor Emeritus of Philosophy & Modern History
Dell - Internal Use - Confidential3 PEAK16
Requisite Reading
• Advanced Persistent Threats and the Mid-Mongol Empire North of the 38 th Parallel
• A Reinterpretation of Catherine the Great’s Thesis on Anti-Virus
• Dissertations on IP Address Rotation inspired by Fredrick III of France
• Pseudepigraphal Representations of 14th Century Analytical Doctrinal Statements of Nosopoetic Lachrymose Prussian Clergy on Malware Signatures
• Existentialism, Kierkegaard & Encryption
• Also available on Amazon book list “Greatest Thinkers of the 22nd Century”
Dell - Internal Use - Confidential4 PEAK16
Agenda
• The Challenge
• Introducing Capture
• Understanding the Multi-Engine Framework
• Availability & SKUs
• Competitive Positioning
• Screen Shots
Dell - Internal Use - Confidential5 PEAK16
Challenge: Explosion of evasive, zero-day threats
• Today’s advanced threats are designed to evade sandbox analysis and detection
• Threats target not just windows environments, but also mobile and connected devices
• Hide in encrypted and unencrypted traffic
• Hide in more file types
2013:
20 Million
2014:
37 Million
2015:
64 Million
Unique Malware Created Annually
Dell - Internal Use - Confidential6 PEAK16
“A sandbox is an isolated environment to open &
examine suspicious code, files & programs. It is akin to a
bomb squad examining packages in an isolated field
instead of a crowded shopping mall.”
– Albert Einstein
.
Dell - Internal Use - Confidential7 PEAK16
Building a better zero-day malware trapEffective advanced threat protection requires:
• Multi-layer threat analysis technology - more difficult for malware to detect and evade
• Inspection of encrypted and unencrypted traffic
• Ability to analyze many file types, operating systems
• Ability to block suspicious files from entering the network until verdict
• Rapid deployment of new malware signatures across the network
Single-engine sandboxes may be providing
organizations with a false sense of security
Dell - Internal Use - Confidential8 PEAK16
Customers need help from zero-day attacks and need powerful tools to stay secure - Gandhi
Dell - Internal Use - Confidential9 PEAK16
SuperMassive 9200-9600
SonicWALL CaptureAdvanced Threat Protection (ATP) ServiceCloud service detects and blocks zero-day threats at the gateway• Multi-engine sandbox detects more
threats than single sandbox technology
• Broad file type analysis and operating system support
• Can block until verdict at the gateway (HTTP/S only)
• Rapid deployment of threat intelligence
• Reporting and alerts
TZ 500 - TZ600 NSA 2600 – 6600
Dell - Internal Use - Confidential10 PEAK16
“Capture is a multi-engine sandbox that analyzes a broad range of files that can block files at the
.
gateway until verdict. It features the rapid
deployment of newly found signatures toother appliances with automated or
manual file submission coupled
with great reporting & alerts ” - Carrot Top
Dell - Internal Use - Confidential11 PEAK16
Increase security effectiveness against zero-day threats
• Multi-engine advanced threat analysis detects more threats, can’t be evaded– Virtualized sandbox
– Full system emulation
– Hypervisor level analysis
• Broad file type and OS environment analysis– PE, MS Office, PDF, archives, JAR,
APK
– Windows, Android and Mac OS (H216)
• Automated and manual file submission
11
Dell - Internal Use - Confidential14 PEAK16
The Capture Process
“The Capture process is designed for performance and avoid repeating processes for the same file.”- Sir Isaac Newton
Dell - Internal Use - Confidential15 PEAK16
Capture ATP =
Advanced Threat Protection
Not
APT, Advanced Persistent Threat
Dell - Internal Use - Confidential16 PEAK16
“Capture Advanced Threat Protection detects and stops advanced persistent threats (APT) and Ransomware”
- Abraham Lincoln
Dell - Internal Use - Confidential17 PEAK16
SonicWALL Capture ATP ServiceFeedback
• Over 500 appliances enabled with SonicWALL Capture Service
• Feedback from users:
“The enablement process was flawless with no issues.”
“Very exciting feature and I think it will be a hot item.”
“Super excited for this product ”
Dell - Internal Use - Confidential18 PEAK16
SonicWALL Capture ATP ServiceBeta Status
“Capture ATP is the best”- Confucius
Dell - Internal Use - Confidential19 PEAK16
Availability
SM 9400/9200 and NSA appliances:
August 2016 (US and EMEA colos, Japan colo fall 2016)
SM 9600 (Upon Stability)
SM 9800 (6.3.x)
TZ 600/500 (W)
September 2016
Dell - Internal Use - Confidential20 PEAK16
Service Offering
Product Description
Stand alone SKU
Capture Advanced Threat Protection Service (ATP)
Multi-engine threat analysis service detects and blocks unknown and zero-day threats at the gateway
Bundled SKUs
Advanced Gateway Security Suite (AGSS)
Includes Comprehensive Gateway Security Suite (CGSS) plus Capture ATP
Total Secure – Advanced Edition
Includes appliance and Advanced Gateway Security Suite (AGSS)
Secure Upgrade Plus – Advanced Edition
Includes appliance and 2 or 3 years of AGSS heavily discounted to customers who would like to upgrade their Gen5 SonicWALL
Dell - Internal Use - Confidential21 PEAK16
“Lead all of your sales with AGSS. Improve security for your customer and improve profitability for you.”
– Babe Ruth
Lead with AGSS
Dell - Internal Use - Confidential22 PEAK16
Requirements
Capture requires the GAV & IPS subscription.
GAV & IPS present great pre-filtering options to help take the burden off the sandbox
Dell - Internal Use - Confidential23 PEAK16
SonicWALL CaptureAdvanced Threat Protection ServiceMultiply the effectiveness of your threat analysis sandbox
• High security effectivenessMulti-engine sandbox analysis, broad file type/operating system support, any file size - detects more threats
• Fast response timeBlock till verdict at the gateway and rapid signature remediation across network appliances
• Reduced total cost of ownershipAdd-on firewall service, reduces complexity, cost
- Napoleon Bonaparte
Dell - Internal Use - Confidential24 PEAK16
SonicWALL CaptureAdvanced Threat Protection ServiceMultiply the effectiveness of your threat analysis sandbox
• High security effectivenessMulti-engine sandbox analysis, broad file type/operating system support, any file size - detects more threats
• Fast response timeBlock till verdict at the gateway and rapid signature remediation across network appliances
• Reduced total cost of ownershipAdd-on firewall service, reduces complexity, cost
- Napoleon Dynamite
Dell - Internal Use - Confidential25 PEAK16
Competitive PositionSonicWALL solution differentiation:
Multi-Engine No Yes
Block till Verdict No Yes
Dell - Internal Use - Confidential26 PEAK16
Competitive PositionSonicWALL solution differentiation:
Operating Systems Analyzed
Windows Windows, Android
Multi-Engine No Yes
Block till Verdict No Yes
Dell - Internal Use - Confidential27 PEAK16
Competitive PositionSonicWALL solution differentiation:
Price: $$$ $
NSS Labs Breach Detection Poor Great
Cloud-Delivery Poor Great
Block till Verdict No Yes
Dell - Internal Use - Confidential28 PEAK16
“FireEye’s financial troubles will guarantee their sandbox will remain very costly into their uncertain future.”– Richard Simmons
Dell - Internal Use - Confidential30 PEAK16
Competitive PositionSonicWALL solution differentiation:
Full System Emulation No Yes
Operating Systems Analyzed
Windows Windows, Android
Protocols Scanned HTTP/S, SMTP HTTP/S, FTP, SMTP, IMAP,
POP, CIFS
Dell - Internal Use - Confidential31 PEAK16
Competitive PositionSonicWALL solution differentiation:
Multi-Engine No Yes
Block till Verdict No Yes
Operating Systems Analyzed
Windows Windows, Android
Dell - Internal Use - Confidential32 PEAK16
Competitive Position
Multi-Engine No Yes
Block till Verdict No Yes
Dell - Internal Use - Confidential37 PEAK16
“Download the updated sales Kit & price List from PartnerDirect”- Wild Bill Shakespeare
Next steps