How Multi-Layer Sandboxing Detects More Zero-Day Attacks · 22nd Century ” Dell - Internal ......

Dell - Internal Use - Confidential PEAK16PEAK16

How Multi-Layer Sandboxing Detects More Zero-Day AttacksSonicWALL Capture Advanced Threat Protection Services

Brook R. Chelmo


Stopping Advanced Threats with Capture ATP Per the Greatest Philosophical Minds of History 401SonicWALL Capture Advanced Threat Protection Services

Professor Sir Dr. Brook R. Chelmo XIV PhD Esq. III

Professor Emeritus of Philosophy & Modern History

Dell - Internal Use - Confidential3 PEAK16

Requisite Reading

• Advanced Persistent Threats and the Mid-Mongol Empire North of the 38 th Parallel

• A Reinterpretation of Catherine the Great’s Thesis on Anti-Virus

• Dissertations on IP Address Rotation inspired by Fredrick III of France

• Pseudepigraphal Representations of 14th Century Analytical Doctrinal Statements of Nosopoetic Lachrymose Prussian Clergy on Malware Signatures

• Existentialism, Kierkegaard & Encryption

• Also available on Amazon book list “Greatest Thinkers of the 22nd Century”


Agenda

• The Challenge

• Introducing Capture

• Understanding the Multi-Engine Framework

• Availability & SKUs

• Competitive Positioning

• Screen Shots


Challenge: Explosion of evasive, zero-day threats

• Today’s advanced threats are designed to evade sandbox analysis and detection

• Threats target not just windows environments, but also mobile and connected devices

• Hide in encrypted and unencrypted traffic

• Hide in more file types

2013:

20 Million

2014:

37 Million

2015:

64 Million

Unique Malware Created Annually


“A sandbox is an isolated environment to open &

examine suspicious code, files & programs. It is akin to a

bomb squad examining packages in an isolated field

instead of a crowded shopping mall.”

– Albert Einstein

.


Building a better zero-day malware trapEffective advanced threat protection requires:

• Multi-layer threat analysis technology - more difficult for malware to detect and evade

• Inspection of encrypted and unencrypted traffic

• Ability to analyze many file types, operating systems

• Ability to block suspicious files from entering the network until verdict

• Rapid deployment of new malware signatures across the network

Single-engine sandboxes may be providing

organizations with a false sense of security


Customers need help from zero-day attacks and need powerful tools to stay secure - Gandhi


SuperMassive 9200-9600

SonicWALL CaptureAdvanced Threat Protection (ATP) ServiceCloud service detects and blocks zero-day threats at the gateway• Multi-engine sandbox detects more

threats than single sandbox technology

• Broad file type analysis and operating system support

• Can block until verdict at the gateway (HTTP/S only)

• Rapid deployment of threat intelligence

• Reporting and alerts

TZ 500 - TZ600 NSA 2600 – 6600


“Capture is a multi-engine sandbox that analyzes a broad range of files that can block files at the

.

gateway until verdict. It features the rapid

deployment of newly found signatures toother appliances with automated or

manual file submission coupled

with great reporting & alerts ” - Carrot Top


Increase security effectiveness against zero-day threats

• Multi-engine advanced threat analysis detects more threats, can’t be evaded– Virtualized sandbox

– Full system emulation

– Hypervisor level analysis

• Broad file type and OS environment analysis– PE, MS Office, PDF, archives, JAR,

APK

– Windows, Android and Mac OS (H216)

• Automated and manual file submission

11


How the Multiple Layers of Capture Work

.


The Capture Process

“The Capture process is designed for performance and avoid repeating processes for the same file.”- Sir Isaac Newton


Capture ATP =

Advanced Threat Protection

Not

APT, Advanced Persistent Threat


“Capture Advanced Threat Protection detects and stops advanced persistent threats (APT) and Ransomware”

- Abraham Lincoln


SonicWALL Capture ATP ServiceFeedback

• Over 500 appliances enabled with SonicWALL Capture Service

• Feedback from users:

“The enablement process was flawless with no issues.”

“Very exciting feature and I think it will be a hot item.”

“Super excited for this product ”


SonicWALL Capture ATP ServiceBeta Status

“Capture ATP is the best”- Confucius


Availability

SM 9400/9200 and NSA appliances:

August 2016 (US and EMEA colos, Japan colo fall 2016)

SM 9600 (Upon Stability)

SM 9800 (6.3.x)

TZ 600/500 (W)

September 2016


Service Offering

Product Description

Stand alone SKU

Capture Advanced Threat Protection Service (ATP)

Multi-engine threat analysis service detects and blocks unknown and zero-day threats at the gateway

Bundled SKUs

Advanced Gateway Security Suite (AGSS)

Includes Comprehensive Gateway Security Suite (CGSS) plus Capture ATP

Total Secure – Advanced Edition

Includes appliance and Advanced Gateway Security Suite (AGSS)

Secure Upgrade Plus – Advanced Edition

Includes appliance and 2 or 3 years of AGSS heavily discounted to customers who would like to upgrade their Gen5 SonicWALL


“Lead all of your sales with AGSS. Improve security for your customer and improve profitability for you.”

– Babe Ruth

Lead with AGSS


Requirements

Capture requires the GAV & IPS subscription.

GAV & IPS present great pre-filtering options to help take the burden off the sandbox


SonicWALL CaptureAdvanced Threat Protection ServiceMultiply the effectiveness of your threat analysis sandbox

• High security effectivenessMulti-engine sandbox analysis, broad file type/operating system support, any file size - detects more threats

• Fast response timeBlock till verdict at the gateway and rapid signature remediation across network appliances

• Reduced total cost of ownershipAdd-on firewall service, reduces complexity, cost

- Napoleon Bonaparte


SonicWALL CaptureAdvanced Threat Protection ServiceMultiply the effectiveness of your threat analysis sandbox

• High security effectivenessMulti-engine sandbox analysis, broad file type/operating system support, any file size - detects more threats

• Fast response timeBlock till verdict at the gateway and rapid signature remediation across network appliances

• Reduced total cost of ownershipAdd-on firewall service, reduces complexity, cost

- Napoleon Dynamite


Competitive PositionSonicWALL solution differentiation:

Multi-Engine No Yes

Block till Verdict No Yes



Operating Systems Analyzed

Windows Windows, Android

Multi-Engine No Yes




Price: $$$ $

NSS Labs Breach Detection Poor Great

Cloud-Delivery Poor Great



“FireEye’s financial troubles will guarantee their sandbox will remain very costly into their uncertain future.”– Richard Simmons



Full System Emulation No Yes



Protocols Scanned HTTP/S, SMTP HTTP/S, FTP, SMTP, IMAP,

POP, CIFS



Multi-Engine No Yes





Competitive Position

Multi-Engine No Yes



SonicWALL Capture ATP Settings


SonicWALL Capture ATP Status


SonicWALL Capture ATP File Analysis Report


“Download the updated sales Kit & price List from PartnerDirect”- Wild Bill Shakespeare

Next steps


“Get Flippin’ Excited!”- Queen Elizabeth II

“Any Questions?”- Amelia Earhart


Thank You.

Please use the mobile app not to play Pokémon but to fill out your survey on this session.

How Multi-Layer Sandboxing Detects More Zero-Day Attacks · 22nd Century ” Dell - Internal ......

Documents

Transcript of How Multi-Layer Sandboxing Detects More Zero-Day Attacks · 22nd Century ” Dell - Internal ......