SonicWall Capture ATP is a cloud sandbox service to detect and prevent zero-day threats at your gateway. SonicWall firewall.
+ Overview of SonicWall Capture Advance Threat Protection (ATP)
– SonicWall Capture ATP solution is available in SonicOS 6.2.6.x and above.
– Capture ATP helps the SonicWall firewall determine whether a file is a virus or not by transmitting the file to the Cloud, where the SonicWall Capture ATP cloud service analyzes the file to determine whether it is a virus and then sends the results. results to the SonicWall firewall. This process is performed in real time while the file is being processed by the SonicWall firewall. Capture ATP protocol usage UFTP to transfer files. UFTP stands for User Datagram Protocol (UDP) File Transfer Protocol (FTP).
– ATP’s Capture Process SonicWall firewall Communicating with the SonicWall Capture ATP cloud service involves six main steps:
- SonicWall Firewall sends files to SonicWall Capture ATP cloud services.
- SonicWall Capture ATP cloud services save files in its archive.
- SonicWall Capture ATP cloud services read and analyze files.
- SonicWall Capture ATP cloud services store results in a database.
- SonicWall Capture ATP cloud services access the database.
- SonicWall Capture ATP cloud services send results to the SonicWall firewall.
– Firewall is placed in the customer’s premises. The SonicWall Capture ATP cloud database and service are located at a SonicWall facility.
+ With Capture ATP, you have the ability to securely inspect, classify and manage the following file types.
- Executables (PE, Mach-O, and DMG)
- Office 97-2003 (.doc, .xls, etc.)
- Office (.docs, .xlsx, etc.)
- Archives ( .jar, .apk, .rar, .bz2, .bzip2, .7z, .xz, .gz, and .zip)
+ SonicWall Firewall sends files using Encrypted UDP File Transfer Protocol (UFTP)
– Benefits of UFTP Protocol
- Data encryption of UDP traffic
- Detect packet loss, repair and retransmit
- Can manage data duplication and unrecoverable errors
+ SonicWall Capture ATP supports all Gateway Anti-Virus (GAV) protocols
- HTTP
- HTTPS (requires DPI-SSL)
- FTP
- SMTP
- POP
- IMAP
- CIFS/NetBIOS
- TCP
+ SonicWall Capture ATP’s file blocking behavior allows two options
– Allow all files (this is the default option)
- The option to allow all files is less secure. You will receive a warning if files are determined to be malicious after the files have been allowed on your network.
– Block all files until results are returned
- This option is more secure but may slow down the download of some legitimate files. This option may require the user to retry the download.
- This option only applies to file downloads over HTTP and HTTPS.
+ You can also Upload files directly to the SonicWall Capture ATP cloud Service
– Files can be uploaded to the SonicWall Capture ATP cloud Service via the SonicWall User Interface.
– Go Policy | Capture ATP | Scanning History and choose Submit a Sample.
– Browse and select a file, click the button Upload to send.
+ Capture ATP reports and alerts
– Go Home | Dashboard | Capture ATP.
– Track files scanned in the last 30 days.
– Detailed list of scanned files.
– Go Policy | Capture ATP | Scanning History.
– The following is an example list of scanned files.
– Click on the scanned file for details:
- Click on a file reported as malicious.
- For a file not reported as malicious.
!!! Thank you for following the article!!!
Xem tiếp...