SonicWall's Capture ATP is leading the ICSA Labs test scores for the six quarters straight. Patented RTDMI technology leverages AI and machine-learning for protecting against Zero-day attacks and unknown threats.
SonicWall Capture ATP is a cloud-based, multi-engine sandbox that revolutionizes advanced threat detection. Included with Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) blocks zero-day and unknown threats at the gateway — even those that hide via encryption or don’t exhibit malicious behavior.
Here's a snippet from SonicWall's blog by Amber Wolff reflecting on ICSA Labs test results back in 2022.
What Is ICSA Labs Testing and How Does It Work?
For more than two decades, SonicWall has been committed to independent third-party testing performed by ICSA Labs, an independent division of Verizon. The goal of ICSA Labs is to significantly increase trust in information security products and solutions by providing credible, independent third-party security product testing and certification. Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed with vendor solutions in mind and helps determine new threats traditional security products do not detect. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects the vendors’ advanced threat defense solutions to hundreds of test runs consisting of a mixture of innocuous applications, new threats and little-known threats. These threats are delivered via the primary threat vectors that lead to enterprise breaches, according to Verizon’s Data Breach Investigations Report. The focus is on how effectively vendor ATD solutions detect these threats while minimizing false positives.
SonicWall's patented Real-Time Deep Memory Inspection (RTDMI):
SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI™) leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating cyberattacks never before seen by anyone in the cybersecurity industry — including threats that don’t exhibit any malicious behavior and hide their weaponry via encryption. These are attacks that traditional sandboxes will most likely miss. RTDMI is capable of finding malware that relies on various evasion techniques — frequently variants of existing malware that have been obfuscated, repacked or recompiled to evade all existing industry detection. And since RTDMI can detect malicious code or data in memory and in real time during execution, no malicious system behavior is necessary for detection. In other words, the presence of malicious code can be identified prior to any malicious behavior taking place, allowing for a quicker verdict. Best of all, because it incorporates AI and machine learning technologies, RTDMI™ is continuously becoming more efficient and effective.