Sandbox technology, which you can find a definition for on our Network Security Glossary, is the latest buzzword clawing its way through the info sec community. The rise of cloud-based threat protection is here and already the major players are proving they intend to maintain their seat in the pantheon of info sec titans. Perhaps the most successful showing, however, is from SonicWall. Capture ATP is making a real impact thanks to consistent successes in the face of a spike in high-profile ransomware attacks. ATP stands for Advanced Threat Protection and with Capture ATP that is exactly what you get.
Some major feats so far for the emerging cyber security champion include protecting its users from Petya thanks to having detected threat signatures a year in advance and silencing the encroachment of Eternal Blue exploits in April 2017, just before WannaCry. The bottom line is that Capture ATP is the real deal.
So how does it work?
Capture ATP detects suspicious code right at the gateways of your network and quarantines them in a virtual emulation of your system, allowing threats to unpack themselves and betray their nasty secrets in a safe sandbox environment where they can be monitored, tested, and neutralized.
Remember this scene from Jurassic Park?
It’s sort of like that: corral potential threats into a cage, then let them openly demonstrate their viciousness against disposable targets while we watch at a distance.
Okay, sandboxes aren’t new. So what makes Capture ATP stand out among the crowd?
Most sandbox systems run suspicious threats through one engine before giving threats the thumbs up or thumbs down. In these cases, you are relying on the manufacturers’ inspection systems to get it right the first time, every time. SonicWall seems to understand that getting another pair of eyes on an issue can be beneficial. In addition to SonicWall’s own threat-detecting engine, Capture ATP scans are backed up by LastLine Breach Detection and VMRay Analyzer engines that provide a second and third opinion before giving a verdict on potential threats.
I have standard anti-virus protection already. Why do I need ATP?
AV clients are great for blocking known threats. But cyber criminals of 2017 are shape-shifters and masters of disguise. The bad guys are becoming much better at sneaking through your gateways and in response, security protocol must tighten. Where once stateful inspection was sufficient, serious security firms are now demanding nothing less than deep packet inspection. As the enemy evolves, so too must the good guys.
The greatest threat to your network is now from zero-day threats. Zero-day threats are cyber attacks that target exploits that have, at the time of the attack, not been discovered or discussed widely by the cyber security community. These are attacks that could not properly be prepared for because the danger was not yet apparent or understood. With Capture ATP, suspicious code is stopped at the gateway and held in custody until an official verdict is determined. This is better-safe-than-sorry security that errs on the side of caution. With Petya, Wannacry, Eternal Blue, and other major exploits in the global spotlight, this understandably draconian style of network security is saving the day again and again for those of us under its protection.
SonicWall’s motto for the sandbox campaign is “Fear Less” and with Capture ATP, it seems more a promise than a tagline. Let’s face it, businesses everywhere just want to get this ransomware thing behind them so they can get back to taking care of customers and making money. Capture ATP cannot cure the ills of the cyber world, but it can take the pressure off of small to medium-sized businesses and enterprises alike so that we can stop worrying over every email attachment and get back to worrying about growth, customer relationships, and values.