Capture Advanced Threat Protection in partnership with SonicWall are delighted to introduce the Capture Advanced Threat Protection service. This is a cloud-based multi-engine sandbox that is designed to discover and stop unknown, zero-day attacks such as ransomware at the gateway with automated remediation.


For effective zero-day threat protection, organizations need solutions that include malware-analysis technologies and can detect evasive advanced threats and malware — today and tomorrow. To protect customers against the
increasing dangers of zero-day threats, SonicWall Capture Advanced Threat Protection Service — a cloud-based service available with SonicWall firewalls — detects and can block advanced threats at the gateway until verdict. This service is the only advancedthreat-detection offering that combines multi-layer sandboxing, including full system emulation and virtualization techniques, to analyze suspicious code behavior.

This powerful combination detects more threats than singleengine sandbox solutions, which are compute-environment specific and
susceptible to evasion. The solution scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, analyzes a broad range of file sizes and types. Global threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all SonicWall network security appliances, thus preventing further infiltration. Customers benefit from high-security effectiveness, fast response times and reduced total cost of ownership.


Capture executes suspicious code and analyzes behavior simultaneously in multiple engines. This provides you with comprehensive visibility into malicious activity, while resisting evasion tactics and maximizing zero-day threat detection.

Advanced Threat Protection


  • High security effectiveness
    against unknown threats
  • Near real-time signature deployment
    protects from follow on attacks
  • Reduced total cost of ownership


SonicWall Capture Advanced Threat Protection service is a cloud-based network sandbox that analyzes suspicious code to help discover and stop newly developed malware.

  • Multi-engine cloud sandbox that includes virtualization, hypervisor level analysis and full-system emulation
  • High security effectiveness at diagnosing new threats
  • Automated breach prevention enabled by blocking files until a security verdict is determined
  • Near real-time signature deployment protects organizations from follow-on attacks
  • Email and app notifications with robust reporting from the sandbox environment

Multi-engine advanced threat analysis — 

SonicWall Capture Service extends firewall threat protection to detect and prevent zero-day attacks. The
firewall inspects traffic, and detects and blocks intrusions and known malware. Suspicious files are sent to the SonicWall Capture cloud service for analysis. The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisor-level analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection. 

Broad file type analysis —

The service supports analysis of a broad range of file sizes and types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR and APK, plus multiple operating systems including Windows and Android. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size,
sender, recipient or protocol. In addition, administrators can manually submit files to the cloud service for analysis.

Blocks until verdict —

To prevent potentially malicious files from entering
the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.


Capture Advanced Threat Protection offers an at-a-glance dashboard with reports that detail the analysis results for files sent to the service, including session information, OS information, OS activity and network activity.

Rapid deployment of remediation signatures —

When a file is identified as malicious, a signature is immediately available to firewalls with SonicWall Capture subscriptions to prevent follow on attacks. In addition, the malware is submitted to the SonicWall Threat Intelligence Team for further analysis and inclusion with threat information into the Gateway Anti-Virus and IPS signature databases. Additionally, it is sent to URL,
IP and domain reputation databases within 48 hours.

Contact Us

Get in Touch

Do you have a question or simply want some IT advice for your business. Just fill in the form below and we’ll get right  back to you.