Tag: behavioral scanning

Capture Client from SonicWall Backs Your Defenses with Machine Learning

Meet the SonicWall Capture Client

A phrase has appeared on our blog many times before and it will be repeated here today: the era of set-it-and-forget-it security has passed. With thousands of newly-minted malware variants created each day, it is just no longer viable to maintain an up-to-the-minute list of malware signatures. Instead, firewall manufacturers are refocusing their efforts into behavior-based scans. Signature-based scans entail some baked-in limitations: signatures are based on a set of known patterns, leaving networks vulnerable to any never-seen-before (or zero day) threats. In addition, maintaining the highest chance of success translates into near-constant updates to ensure that the very latest signatures are accounted for. With 2017 witnessing the birth of over 58 million different variants of known malware, this quickly becomes a Sisyphean task. Your task list just got a lot shorter thanks to SonicWall’s newly-released Capture Client.

SonicWall has taken a huge step forward in this arena with the recent release of the Capture Client, powered by SentinelOne. SentinelOne is a cyber intelligence company specializing in safeguarding endpoints through innovations in artificial intelligence and machine learning. Machine learning—a computer science discipline focused on harnessing advanced statistical analysis to imbue systems with the ability to learn through data—is the primary driver that allows behavioral-based scanning to detect zero day exploits and adapt to new threats. Capture Client and SentinelOne work together to provide one unified endpoint strategy featuring a wide array of security capabilities.

Continuous Behavioral Monitoring

Capture Client traces activities of all kinds occurring on your network. This includes file creation & modification, disk & memory scripts, process executions, and monitoring of internal communication within programs. Since Capture Client is solely monitoring files for behavior rather than handling and processing that data, there is absolutely no limit to the size of files that Capture Client can handle. No signatures need to be refreshed. Capture Client can effortlessly handle executable files, memory-only malware, document-based exploits, macros, drive-by downloads, scripts, credential scraping, and so much more. For your organization, this manifests in the form of relentless protection backed by the most current data available.

Multilayered Protection

The use of cloud intelligence enables Capture Client to learn how your network operates and react when those documented behaviors deviate from the norm. Static analysis, tag-teaming with machine learning, are able to make initial calls to determine whether a suspicious sample may pose a threat. During further dynamic behavioral analysis, Capture Client observes how a given sample may behave in a network environment without the risks of “detonating” the payload in your network.

No Scheduled Scans or Updates

When’s the last time your firewall got a firmware update? With Capture Client, it doesn’t matter. Cloud-based management with no handling of files means that your system is perpetually updated against the latest, the greatest, the leanest, and meanest of malware on the market.

Rollback Capabilities

Mistakes happen and despite our best laid plans, often human error can lead to unforeseen threats gaining a foothold on your network. But even if a malware payload is able to modify a few of your files, you can rely on the Capture Client’s rollback feature to restore you to pre-attack status. Capture Client’s rollback function reverts files to the last available version prior to malware modification. Rollback utilizes Windows Volume Shadow Copy Service (VSS) available on all Windows machines. Because rollback relies on VSS, this feature is solely compatible with Microsoft systems.

Capture Client lives peacefully side-by-side with other SonicWall services such as the SonicWall Content Filtering Client and Global VPN Client. Policies for all of these products are conveniently managed via a single pane of glass through a cloud-based management console. When integrated with SonicWall firewall appliances, Capture Client blends perfectly into your security environment, offering a zero-touch experience for deployment on unprotected clients.

If your organization still relies on static policies, signature-based scanning, and firmware updates, you may be falling behind in the battle against advanced Internet threats. As the threat landscape changes, malware has shifted from a simple game of quantity to one of quality, versatility, and speed. Expect behavior-based security to become the norm in coming days. Where we currently stand, SonicWall’s Capture Client platform represents a huge step forward in meeting the demands of cybersecurity in 2018.

If you’re ready to really supercharge your network security, link up SonicWall’s Capture Client with a trusted local Managed Security Service Provider in your area for a partnership made in Heaven. Just as behavioral monitoring is becoming the standard for data scanning, Security As A Service is becoming standard operating procedure for businesses serious about security.