Posts

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs

SonicWall Capture ATP has earned its fifth consecutive perfect score in third-party ICSA Labs testing — validating SonicWall’s position as an industry leader in threat prevention.

It’s exactly one week after National High Five Day, and exactly one week before Cinco de Mayo. But this year, SonicWall has its own reason to celebrate the number five: SonicWall Capture Advanced Threat Protection (ATP) with patented Real-Time Deep Memory Inspection (RTDMI)™ just earned its fifth consecutive perfect score in independent ICSA testing.

Starting in Q1 2021, SonicWall Capture ATP has found 100% of malicious threats in quarterly test rounds without issuing a single false positive. This means that for 160 days of continuous testing, consisting of 6,719 total test runs, SonicWall Capture ATP found all 3,131 malicious samples — the majority of which were four hours old or less. And it did so without misidentifying a single one of the 3,588 innocuous apps scattered throughout.

“SonicWall has now received an amazing five consecutive perfect scores when tested against some of the most unknown and rigorous threats — an unprecedented achievement among tested vendors,” said SonicWall President and CEO Bill Conner. “These third-party, real-world tests validate SonicWall as a clear leader in the cybersecurity space and play a significant role in our efforts to deliver quality-driven security products.”

As the latest in a streak of perfect scores, SonicWall’s Q1 2022 test results reflect not only excellence, but also consistency. From Jan. 19 through Feb. 19, 2022, a SonicWall NSa 3600 next-generation firewall equipped with Capture ATP and patented RTDMI™ technology was once again put through its paces. And once again, it correctly identified all 553 of the malicious samples (100% detection rate) without alerting on any of the 578 innocuous apps (0% false positive rate).

ICSA Advanced Threat Defense: Real-World Results

Standard ICSA Labs Advanced Threat Defense (ATD) testing evaluates vendor solutions designed to detect new threats that traditional security products miss.

Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects the vendors’ advanced threat solutions to hundreds of test runs consisting of a mixture of innocuous applications, new threats and little-known threats. These threats are delivered via the primary vectors that lead to enterprise breaches, according to Verizon’s Data Breach Investigations Report. The test cycles evaluate how good vendor ATD solutions are at detecting unknown and little-known threats — and whether they can do so while minimizing false positives.

100% Efficacy. One Solution.

The continued success of SonicWall Capture ATP with RTDMI is due to two main factors: the solution’s ability to identify even the most sophisticated and obfuscated threats, and its ability to use what it learns doing so to improve itself over time.

SonicWall Capture ATP is a multi-layer sandbox service designed to mitigate new forms of malware capable of circumventing traditional network defenses.

Included as part of Capture ATP, RTDMI™ leverages proprietary memory inspection, CPU instruction tracking and machine-learning capabilities to become increasingly efficient at recognizing and mitigating never-before-seen cyberattacks — including threats that traditional sandboxes will most likely miss.

And since RTDMI can detect malicious code or data in memory and in real time during execution, no malicious system behavior is necessary for detection. In other words, the presence of malicious code can be identified prior to any malicious behavior taking place, allowing for a quicker verdict.

Best of all, because it incorporates AI and machine learning technologies, RTDMI™ is continuously becoming more efficient and effective.

In 2021, the technology identified a total of 442,151 never-before-seen malware variants, a 65% increase over 2020’s count. And while 2022 numbers have not yet been tallied, in 14 of the last 16 quarters through the end of 2021, the number of new malware variants identified has exceeded that found in the previous quarter.

“In today’s fast-moving and unpredictable threat landscape, it is really hard to earn consistent third-party validation,” said SonicWall Vice President of Software Engineering & Threat Research Alex Dubrovsky. “Our five consecutive perfect scores are a confirmation of our vision and a significant milestone to the SonicWall team’s dedication to providing organizations with the very best threat intelligence technology.”

Third-Party ICSA Testing – Perfect Score Number 4

SonicWall Capture ATP with RTDMI identified all malicious samples with no false positives — four times in a row.

As those in the cybersecurity industry know, ICSA doesn’t grade on a curve: testing rounds with no perfect scores are common, and the standards are both objective and unforgiving. It’s highly unusual for any vendor solution to identify 100% of malicious threats without flagging a single benign sample.

So when SonicWall’s Capture Advanced Threat Protection (ATP) with patented Real-Time Deep Memory Inspection (RTDMI)™ did just that in Q1 2021, it was quite the accomplishment.

Then we did the same thing in Q2, Q3 and Q4, becoming the first cybersecurity vendor in history to earn four consecutive perfect scores in Standard ICSA Labs Advanced Threat Defense (ATD) testing.

How ICSA Testing Works

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed with vendor solutions in mind, and helps determine new threats traditional security products do not detect. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, the ICSA Labs subjects advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats and innocuous applications and activities.

Q4 2021’s testing cycle was particularly rigorous. Over 32 days of continuous testing, a SonicWall NSa 3600 NGFW with Capture ATP was subjected to 1,625 total test runs. During this time, SonicWall Capture ATP detected all 801 of the malicious samples, including the 432 threats that were four hours old or less. The testing also included 824 innocuous apps — none of which were improperly categorized as malicious by Capture ATP.

As a result, SonicWall received the highest ranking in this category, concluding a full year of perfect scores and eight consecutive ICSA certifications for SonicWall Capture ATP.

Capture ATP: Superior Threat Detection

Third-party testing cycles like these become even more important as cyberattacks become increasingly sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, and what used to be no more than a hobby or a source of secondary income has turned into a full-time job. As a result, we are seeing a slew of complex and refined never-before-seen attacks that are capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity:  the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture ATP — a cloud-based service available with SonicWall firewalls — detects and can block advanced threats at the gateway until verdict. This service is the only advanced threat-detection offering that combines multi-layer sandboxing (including SonicWall’s RTDMI™ technology), full-system emulation and virtualization techniques in order to analyze suspicious code behavior.

A graph showing the results of malware variants found by SonicWall Capture ATP

This combination allows Capture ATP to detect more threats than single-engine sandbox solutions, which are compute-environment specific and susceptible to evasion. And because it incorporates AI and machine learning technologies, it’s constantly becoming more effective.

For example, 141,390 never-before-seen malware variants were recorded in Q4 2021 — more than any quarter on record. A total of 442,151 total never-before-seen malware variants was identified in 2021, a 65% increase over 2020’s count and an average of 1,211 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.