The new service combines one sandbox Dell has used internally, and being productized for the first time, with two licensed third party sandboxes, on the principle that modern threats that try and evade sandboxes won’t be able to evade three different ones at the same time.
At RSA, Dell has announced the new Dell SonicWALL Capture Advanced Threat Protection Service. Designed to protect against modern zero-day threats, and tied to SonicWALL firewalls, it combines three different sandboxing technologies, one from Dell, and two from other vendors. While it is aimed at all markets, from SMBs to enterprises, the company believes the most immediate demand will be from the SMB and midmarket – which should make it a strong channel play.
“Security technology that looks at suspicious things in the network vendor are typically based on virtual sandboxing, but the threat actors have been learning how to evade sandboxes,” said Jane Wasson, Product Manager for Networking Security Services at Dell. “Some are also limited to file sizes they can scan. We wanted to bring a service to market that deals with advanced threats, and zero day threats. We believe this builds a better zero day malware trap. It is a platform that allows us to add best of breed solutions – an adaptive platform for the future.”
The Dell SonicWALL Capture Advanced Threat Protection Service is an advanced threat analysis platform that leverages multiple techniques. It combines Dell’s own SonicWALL Sonic Sandbox threat analysis engine with two third party ones, the VMRay third-generation Analyzer threat detection analysis engine, and the Lastline Breach Detection platform.
“VMRay and Lastline are primarily OEM players,” said Dmitriy Ayrapetov, Director, Network Security Product Management, Dell Security. “The third engine is our own. We developed the Dell Sandbox for our own research purposes, and it was used internally in our Threat Research Labs. It is now being productized, and being rolled out.”
The idea is that while crafty threats may be able to avoid one of the sandboxes, since all three engines have separate technologies and design principles, it will be basically impossible to evade all three.
“Deploying the three multiple sandboxing technologies is the key here,” Ayrapetov said. “Good luck evading three sandboxing techniques simultaneously.”
SonicWALL Capture conducts virtual sandbox analysis, full system emulation and hypervisor-level analysis across all key OS environments, including Android and Mac. File types for virtually any file size are protected. The service also blocks malware at the gateway until a verdict is determined.
“As traffic comes in, it’s stood up at gateway for analysis,” Wasson said. “If it passes through and is still suspicious, the customer can choose to do a block at gateway until verdict and it is sent up to the cloud for further analysis.”
The new service covers Dell SonicWALL product broadly from the TZ series at the low end to the SuperMassive on the high. Dell believes it will cover all markets, but to this point, interest is stronger downmarket.
“It is currently in beta, since early February, and we expect it to go to General Availability in July,” Wasson said. “At this point, customer interest has been mainly from the midmarket and SMB. It is also best suited for customers who don’t have restrictions around data privacy because of laws about where data can go.” That’s because the data centres are based in the U.S. (two), Europe (one) and Japan (one).
Ayrapetov acknowledged this could be a problem in Europe, where customers often want the data to be specifically hosted in their own country.
“The number one question in Europe was ‘where is the data center,’ he said. “We will build out an on prem appliance for anyone who is specifically concerned about that.
There are no laws in Canada which specifically compel data for any sector to be hosted domestically, but there has been an increasing customer preference to that effect. Neither Ayrapetov nor Wasson anticipate this will be an issue here, however.
“I have been working closely with hosted email and had one concern from Canada in two years,” Wasson said. “Still, it wouldn’t surprise me if over time, things changed here with respect to data centre location.”
The reaction from Dell’s channel partners has been extremely positive.
“Early channel feedback has been considerable excitement,” Wasson said. “They think it will be a very hot offering with their customers.”
“This is a great opportunity for partners, because they can go back to their customers and talk about randomware and advanced threats with them.” Ayrapetov said.