Question : NSa sending files to FortiSandbox for analysis

SunaBane

Hi, Can NSa submit files (after extracting from network traffic) to a 3rd party Sandbox ?

If yes, can the 3rd party sandbox update the NSa with malware signature (after verdict) ?

Do we have any use case of this kind of integration ?

Thanks in advance.

shiprasahu93

Hello @SunaBane,

As far as I know, we cannot. SonicWall uses its own Sandbox platform Capture ATP.

It uses the RTDMI technology to give you the verdict of the file and also supports the Block until verdict feature for HTTPS/HTTPS traffic.

We only send traffic for further analysis to Capture ATP if GAV (Gateway Anti-Virus) declares that file to be clean.

This would be a good read.

https://www.sonicwall.com/support/knowledge-base/capture-advanced-threat-protection-feature-overview/170504863294345/

There are several instances where SonicWall can be used in Wire/Tap mode to only perform security checks, but I do not think that integration with some 3rd party Sandbox tool is possible.

I hope that helps!

Thanks!

SunaBane

Thanks @shiprasahu93 for the quick response.

MasterRoshi

@SunaBane , if you require on-prem sandboxing due to regulatory/sovereignty requirements -- we will launch one in a couple of months. Talk to your SonicWall sales team.