Using Capture ATP and RTDMI

Capture Advance Threat Protection brings a layer of defense to capture and identity Zero-day threats in real time. This involves two elements:

• Our multi-engine sandbox continuously isolates and analyzes never-before-seen and potentially malicious files.
• Our patent-pending Real-Time Deep Memory Inspection™ (RTDMI) leverages artificial intelligence and machine learning to catch what others do not.

All of this occurs in real time across all attack surfaces (network, cloud, email, remote/mobile, endpoints, apps). This comprehensive coverage also facilitates the sharing of threat intelligence across the products. If the same malware targets multiple layers, detection in one layer automatically leads to identification in the others. The Capture Labs team uses real-time intelligence from the SonicWall Capture Threat Network, which comprises data from various sources:

• Intelligence-sharing consortiums of threat researchers
• 1.1 million sensors located across the globe
• Continuous real-time monitoring
• The more than 100K malware samples collected per day and 100K events analyzed each day

To set up Capture ATP

1. Navigate to Policy | Capture ATP | Settings > Basic.
2. Click the switch to Enable Capture ATP.

3. Enable to the appropriate features on the Basic, Advanced, and Capture ATP Location tabs.

   For more information refer to SonicOS 8 Capture ATP Administration Guide.