With the introduction of SonicWall CSa 1000, we brought the threat prevention capabilities of Capture ATP and our patented Real-Time Deep Memory Inspection™ (RTDMI) on prem — allowing government, healthcare and other organizations subject to compliance or data residency restrictions to utilize similar protection formerly offered only in the cloud.
But at the time, using these appliances still required admins to connect to the cloud to check for previously registered verdicts for files.
With the introduction of Capture Security appliance 1.2 (CSa 1.2), however, we have eliminated this requirement, further strengthening our commitment to preserving the privacy and security of closed networks for our most compliance- and security-sensitive customers.
CSa can now be deployed in closed, air-gapped networks, behind other vendor firewalls and/or proxies. To further support these types of networks, we are preparing the FIPS 140-2 certification for the CSa.
CSa is designed to be an on-premises malware detection appliance, giving IT administrators the power of RTDMI when analyzing suspicious files. It analyzes a broad range of file types, detecting and blocking threats that target zero-day exploits, suspicious files and even side-channel attacks, such as Meltdown, Spectre, Foreshadow, PortSmash, Spoiler, MDS and TPM-Fail.
This update also includes improvements to automation and usability. We are expanding the API’s ability from just the submission of files to also include the management of users and devices, and the ability to add or remove users and devices from the “allow” list within CSa.
Furthermore, to limit the potential for one or more of your sources to overuse the CSa, we added rate limiting by source. With the introduction of this feature, you can now select how may files per hour or per day a particular device can submit to the CSa.