What would happen if you gathered five days of newly discovered malware and unleashed it upon an end-point protected by SonicWall?

I have been working with SonicWall firewalls for 10 years, and I was beta testing SonicWall Capture as part of my role here as an escalation engineer. Since we are big believers in drinking our own champagne, I was testing on my home network. I logged in and stared at it for days but it just did nothing. I was starting to get concerned. Did it just not work? Was there a bug? I was sure it was configured properly, but still – nothing. Then I realized I was not downloading anything malicious enough to trigger it. My wife does Facebook and the banking I hangout on sites like blog.sonicwall.com. The cat does hop on the keyboard at times but other than that, we’re not downloading much malware.

I hatched a plan to download as much malware as possible. I scoured the internet and found a python script that did exactly this. It was a bit broken and I had to hack it up a bit to make it work, but in no time I was downloading thousands of potential viruses at a time. Super excited, I logged back in and navigated to the Capture feature and found that it actually did something: it analyzed two files and tagged them as clean.

This was making me sad, so I started digging a little deeper. After combing through the logs, I determined that the vast majority of what I was trying to download was being caught by all the other security services. As an example, some of the files were hosted on known botnets so they were blocked by the botnet filter before they even had a chance to hit the Capture engine. I turned off all the security things and ran my script again.

Once again, I logged into Capture with my fingers crossed and lo and behold, this thing was lit up like a Christmas tree. “OK so now I know it works,” I thought to myself. Next, I dug around a little bit and once I was satisfied, I shut my script down. Every time I tested a new firmware version I fired up the script to verify that it worked and then shut it down again.

A few weeks ago I was running the script, putting SonicWall Capture Advanced Threat Protection (ATP) through a rigorous test and I showed a few people, who showed a few other people, who thought it would be a good idea to show it to you guys.  The result of that is this video with an awesome introduction by my buddy Brook Chelmo, SonicWall Capture’s senior product marketing manager. Brook is great at explaining all the bits and pieces that make this work. Just watch the video and you’ll see what I mean.

In order for us to get the maximum number of malicious files, we turned off several safety mechanisms (e.g. botnet filtering) on the SonicWall next-gen firewall management console and ran a python script that pulled potential malware from a number of sites. The results were outstanding, and we identified a number of pieces of malware that were previously unknown to us and that would not have been caught without SonicWall Capture ATP.

Learn how SonicWall Capture ATP Service eliminates malware through the technology chain from the internet to the end-point. This is a security service you can purchase for your SonicWall next-gen firewall. Although most of the potential malware was stopped by SonicWall Gateway Anti-Virus (because it was known to us), a handful of malicious code was discovered by the SonicWall Capture ATP network sandbox.  The video above dives into the reports generated for malware discovered in sandbox pre-filtering, as well as SonicWall Capture ATP’s multi-engine processing.

Download the Tech Brief

FacebookTwitterGoogle+LinkedIn
Frank Burton
Network Security Escalation Engineer | SonicWall
Frank Burton is a Network Security Escalation Engineer with 10 years of experiencing troubleshooting Sonicwall firewalls. He has been described as a mix of a psychic, doctor, private investigator, auditor, and network detective. In his free time he enjoys building embedded network operating systems and has a passion for working with single board computers.

You might also like

Retail Networks at the Forefront – Have a Plan and Check Out SonicWall at NRF Retail’s the BIG Show
Read more
Zika Is Not the Only Virus You Can Get By Watching the Olympics
Read more
The Problem with Breach Detection
Read more
Higher Education Makes Cybersecurtiy a High Priority – Are you prepared?
Read more
Scale Out Network Security So You Don’t Have to Scale Down Business
Read more

10 comments

AliExpress

Their opportunities are so fantastic and working style so speedy. Thank you for sharing the nice article.

gangadhar yadati

I’m happy I located this blog! This is cool post and i enjoy to read this post. your blog is fantastic and you have good staff in your blog.
http://filmywaps.in/

Dream League Soccer

The sites you have referred were good. This is a great article, that I really enjoyed reading. Thanks for sharing.

GameStop

I loved the way you discuss the topic great work thanks for the sharing this valuable info. I really enjoy reading this article.
http://ssapptricks.com/gamestop/

SunTrust

Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing. Nice article i was really impressed by seeing this article, it was very interesting and it is very useful for me.
http://ssapptricks.com/suntrust/

Le Bon coin

http://ssapptricks.com/le-bon-coin/
I loved the way you discuss the topic great work thanks for the sharing this valuable info. I really enjoy reading this article.

Avito.ma

http://ssapptricks.com/avito-ma/
This is a very interesting web page and I have enjoyed reading many of the articles and posts contained on the website, keep up the good work and hope to read some more interesting content in the future.

Leave a reply

7 + 3 =