Question : NSa sending files to FortiSandbox for analysis
SunaBane
SonicWall Employee
Hi, Can NSa submit files (after extracting from network traffic) to a 3rd party Sandbox ?
If yes, can the 3rd party sandbox update the NSa with malware signature (after verdict) ?
Do we have any use case of this kind of integration ?
Thanks in advance.
Best Answer
-
CORRECT ANSWER
shiprasahu93
Moderator
Hello @SunaBane,
As far as I know, we cannot. SonicWall uses its own Sandbox platform Capture ATP.
It uses the RTDMI technology to give you the verdict of the file and also supports the Block until verdict feature for HTTPS/HTTPS traffic.
We only send traffic for further analysis to Capture ATP if GAV (Gateway Anti-Virus) declares that file to be clean.
This would be a good read.
There are several instances where SonicWall can be used in Wire/Tap mode to only perform security checks, but I do not think that integration with some 3rd party Sandbox tool is possible.
I hope that helps!
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
7
Answers
Thanks @shiprasahu93 for the quick response.
@SunaBane , if you require on-prem sandboxing due to regulatory/sovereignty requirements -- we will launch one in a couple of months. Talk to your SonicWall sales team.