Fair Licensing Strategies : Capture vs Capture Client
Here's one for the SW Licensing Team,
We are using Capture at SW Email Security (Stops Embedded Threat quite well), and Capture at the firewall appliance(stops more dynamic un-embedded threats) and is probably one of the better technologies offered by SonicWALL. While a two edged sword (slowed productivity/versus higher security at the firewall - waiting), it is quite effective at halting any inbound executable and examining them, and we naturally do a "Block Until Verdict" to do that. This we use across our customer base for our higher end customers.
If our clients have already paid for Capture by way of AGSS and ES, what dispensation can be offered them where Capture Client might be employed?
We have avoided Capture Client for this reason as paying for both might be seen as double(or even triple) dipping.
A per user model across the board would perhaps work better?
Hello @Halon5 ,
Here are a few things that Capture Client can offer but not the Capture feature on the firewall or Email Security appliance.
1) Device control - Any device plugged using USB directly to the end client can be blocked
2) Behavioral analysis for files that already sitting on the end machine and try to make changes or create suspicious processes or registry changes
3) Rollback capabilities for the end point in case it is somehow affected
4) Protection against attacks/malware when the endpoint is not present behind a firewall
5) Show the risky applications that are installed on the end machine so that the administrator can easily patch them
6) Enforce content filtering even when the firewall is not present behind a firewall.
We also have integration with Capture ATP on Capture Client for suspicious activity to protect against zero day attacks. But I think that is a very small portion of what it can do.
I hope this is helpful!
Technical Support Advisor, Premier Services
Hi @shiprasahu93 ,
Sure, I appreciate its capabilities(particularly the advanced edition), but that is not the question I am asking here.
Thanks for pointing those out all the same!
@Halon5 , you can disable CATP on Capture Client if you wish to but the advanced license (which includes all the goodies Shipra mentioned) comes with CATP by default and there should be no reason to disable it. CC on the endpoint also gives you the 'anytime-anywhere' protection, so even if they are not in the office/getting malware through other vectors like USB, you are protected. In our testing, the threat intelligence updates fast enough that the endpoint should not re-upload for analysis if the firewall already did it during a file transfer. CC also includes the NGAV engines from SentinelOne (who are a market leader in this space) so you are not duplicating efforts since you get third party behavioral/static engines on the endpoint. To your point about the 'per user model', it is an idea to consider but there are considerable difficulties to enforce this model.
Thanks for your reply my @MasterRoshi ,
As above I understand most of the functional characteristics well enough and where there is some "duplication" of effort. For one I would like to know how that would be controlled and managed (automatically I would hope).
But the main reason for my question is around licensing and the extra costs involved. Clearly there is at least a double up.
I'm really interested to know if there might be some better licensing models. We would like to use the SonicWALL model at all levels across our clients but it is cost prohibitive. A per user cost model per month would be better and easier to sell.
The endpoint AV solution which we employ today is a fifth of the costs of SW Capture Client but performs most functions well. That said the use of the SW Capture Client would marry up pretty well for "integration" reasons although I'm still not completely convinced. I really need to do a test out with the trial but haven't quite had time yet.
Thanks again for your input.
If it is easier to sell on a monthly base the SonicWall MSSP Program might be worth a try for you?
Hi @Bernhard_Winter ,
While we have qualified for the MSSP program we have no support for it.