Posts

Network Sandboxing Takes On Malware, More than 26,000 New Strands Identified in August

Malware never sleeps. Threat actors and criminal organizations are relentless in testing, optimizing and deploying exploit kits that target businesses and organizations across the globe. August 2017 was no different.

In fact, the month presented SonicWall’s network sandbox, Capture Advanced Threat Protection (ATP), with a few milestones.

First, the Capture ATP service celebrated its first anniversary protecting customer systems across the globe. Second, according to some sources, it surpassed install base figures of some of our competitors. Finally, the service also broke its own record for the number of new forms of malware it discovered and stopped on our customer networks.

How many? 26,438 to be exact!

This means that nearly 26,500 forms of malware — ranging from ransomware, to other Trojans, to Malvertising — were never seen by SonicWall before this month. Out of this, a little more than 7,100 were identified by one of the numerous anti-virus sources we work with. But over 19,300 were never seen by anyone and this includes a strong list of over 50 vendors including some very large names.

On top of this, last year we cataloged 60 million new forms of malware in order to prevent a patient-zero situation among the customer base. But despite our round-the-clock vigilance, there will always be a customer out there who will find something before we do.

To better eliminate this type of rare event, we created the industry’s first multi-engine network sandbox that can block until verdict, which means a customer can elect to have all unknown files blocked at the gateway until SonicWall can vet the code.

By combining the power of hypervisor-level analysis, full-system emulation and virtualized sandboxing, we have been very successful at finding some of the most evasive forms of ransomware in history, such as Cerber.

By combining the research from SonicWall’s Capture Labs, which place their signatures in SonicWall’s Gateway Security (and other places like Email Security for example) and Capture ATP, customers can stop known and unknown forms of malware. It is the latter group that causes the most fits for security professionals and gives end users with good technology something to brag about.

Since February we’ve seen a large increase in the new malware Capture ATP catches. This momentum stems from an ever-expanding customer base, but also a large rise in the percentage of malicious files that are out there. Here are some key facts:

  • Since February 2017, we’ve seen an increase of 524 percent in the new forms of malware discovered
  • In August 2017, the percentage of malicious files found was .22 percent, which is up from .14 percent
  • We made improvements in our performance and saw that 71.5 percent of all files were processed with a verdict in under 5 seconds

Is network sandboxing right for you? Based on our data, the average Capture ATP customer is on pace to detect and stop 30 new forms of malware within a year.

To learn more about the power of network sandboxing, I encourage you to read this executive brief: Why Network Sandboxing is Required to Stop Ransomware.