SonicWall Third-Party Threat Performance: Seven Times Superior

The Q3 2022 ICSA ATD testing results are in — and SonicWall has earned its seventh-consecutive 100% threat detection score.


The number seven is often associated with luck. But when it comes to SonicWall’s ongoing streak of top scores in independent ICSA testing, luck has nothing to do with it.

“SonicWall Capture ATP did remarkably well during this test cycle, detecting 100% of previously unknown threats while having zero false positives,” ICSA noted in its Q3 2022 Advanced Threat Defense (ATD) report.

From July 20 through Aug. 16, 2022, a SonicWall NSa 3600 NGFW equipped with SonicWall Advanced Threat Protection (ATP) and patented Real-Time Deep Memory Inspection™ (RTDMI) technology was subjected to 28 days of continuous testing by independent third-party testing firm ICSA Labs.

To measure the technology’s threat detection capabilities, a total of 1,292 test runs were conducted. 672 of these test rounds consisted of new and little-known threats, all of which were flagged as malicious by Capture ATP. The other 620 were innocuous apps and activities, none of which were improperly categorized by the SonicWall solution.

How SonicWall Stacks Up

This performance resulted in a perfect score in Q3 testing, but this isn’t a first for SonicWall. Since Q1 2021, quarterly ICSA Labs ATD testing has found that SonicWall offers the highest overall security efficacy, with 100% threat detection and the lowest rate of false positives. This has resulted in seven consecutive 100% threat detection scores, six of which were perfect scores (no false positives).

SonicWall’s performance in these testing cycles is unmatched. As of this test cycle, SonicWall has now had seen straight quarters of earning the highest overall score among participants, all with a solution that’s available at an industry-leading TCO.

What is ICSA ATD Testing?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed to determine how well vendor solutions detect new and advanced threats that traditional security products are likely to miss. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects their advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats, and innocuous applications and activities, designed to rate solutions on how well they detect these threats without miscategorizing the non-malicious items.

What are Capture ATP and RTDMI?

Third-party testing cycles like these become increasingly important as cyberattacks become more sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, turning “cybercriminal” into a full-time government job. As a result, we are seeing a slew of complex and refined attacks capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity: the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture Advanced Threat Protection (ATP) multilayer sandbox service is designed to mitigate new forms of malware that use sophisticated evasion tactics to circumvent traditional network defenses. This cloud-based service, available for SonicWall firewalls and other solutions, was built to give malicious code different environments in which to detonate harmlessly, sparing the network itself.

Included as part of Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI™) leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating cyberattacks never before seen by anyone in the cybersecurity industry — including threats that don’t exhibit any malicious behavior and hide their weaponry via encryption. These are attacks that traditional sandboxes will most likely miss.

Best of all, because RTDMI incorporates AI and machine learning technologies, it’s constantly becoming more effective. For example, through Q3 2022, RTDMI has found 373,756 never-before-seen malware variants. This represents a 20% year-to-date increase, and an average of 1,374 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.

This post is also available in: Portuguese (Brazil) French German Spanish Italian

Amber Wolff
Senior Digital Copywriter | SonicWall
Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.