The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization. The CSa 1000 can analyze suspicious files coming from other SonicWall products to provide rapid, high-accuracy detection of previously unseen threats with the customer retaining custody of their files. Additionally, the REST API functionality on the CSa opens up the benefits of this highly effective file analysis capability to threat intelligence teams, third-party security systems and any software stack that can integrate with published APIs. The CSa uses a combination of reputation-based checks, static file analysis and SonicWall's patented Real-Time Deep Memory Inspection (RTDMI) engine for dynamic analysis to ensure that it provides not only the perfect detection rate of malicious files, but also does this efficiently, in short times. The SonicWall ecosystem of security products, already fully integrated with the cloud-delivered Capture ATP analysis, is able to enforce inline security with features, such as Block Until Verdict.
SonicWall CSa 1000 - Security appliance - 10 GigE - 1U - rack-mountable (Voltage: AC 120/230 V (50/60 Hz))
Processor / Memory / Storage
Data Link Protocol:
- Gigabit Ethernet, 10 Gigabit Ethernet
Remote Management Protocol:
Performance:
- Reputation & global threat lookup throughput: 12000 files per hour
- Real-world file mix throughput: 2500 files per hour
- Dynamic analysis (RTDMI) throughput: 300 files per hour
Capacity:
- Max file size (MB): 100
- Maximum archive scan depth: 3
Status Indicators:
- Test mode, alarm, SSD activity, power 1, power 2
Features:
- 3 fans, black list, white list, Real-Time Deep Memory Inspection (RTDMI)
Interfaces:
- 6 x 1000Base-T - RJ-45
- 2 x USB - Type A
- 1 x console - RJ-45
- 1 x management - RJ-45
- 2 x 10GBase-X - SFP+
Compliant Standards:
- UL, TUV GS, VCCI, C-Tick, BSMI, CB, CCC, MIC, FCC, RoHS, FIPS 140-2, WEEE, ICES, China RoHS
Power Device:
- Internal power supply - hot-plug
Power Consumption Operational:
Min Operating Temperature:
Max Operating Temperature:
- RTDMI
SonicWall's Real-Time Deep Memory Inspection (RTDMI) file analysis engine is an advanced method of analyzing suspicious files by monitoring the behavior of an application in memory. RTDMI can see through any obfuscation or encryption techniques that modern malware may deploy to evade network and sandbox analysis, yielding extremely high accuracy detection of attacks borne by documents, executables, archive files and a variety of other file types. - Real-time protection
The combination of reputation and global intelligence checks, statics analysis and RTDMI technology operate in concert to deliver results quickly enough to enable technologies like Block Until Verdict in SonicWall products. This capability allows for a file inspection policy on the firewall to prevent suspicious files from being downloaded by the end user until the full inspection is completed and a verdict is reached by Capture ATP or CSa. - Broad-type file analysis
CSa supports analysis for a broad range of file types, including executable programs (PE), DLL, JAR, PDFs and MS Office documents, plus multiple operating systems, including Windows, Android and multi-browser environments. - Easy administration and reporting
Easy-to-understand reports clearly show why something was blocked, detailing the analysis results for files sent to the service including frequency, sources, verdicts and other insights around files submitted for analysis. - Multiple deployment options
Deploy CSa in your main datacenter and/or have it referenced by multiple locations via IP address, FQDN or with the REST API. Alternatively, manually upload files into CSa for quick analysis and results.
Roll over main image to zoom in. Click to open expanded view.
