Leading Security vendor, SonicWall recently revealed that it has developed a new Capture Cloud engine, which has discovered hundreds of new malware variants not seen before by sandboxing technology. SonicWall Capture Labs security researchers engineered an advanced method for identifying and mitigating threats through deep memory inspection — all in real time.
“Threat actors have been so far ahead of the game they’ve been able to create highly evasive malware without the greater industry even knowing. This new real-time deep memory inspection technology, coupled with more than a decade of machine-learning experience, will help level the playing field and eliminate some of the most challenging attack vectors. The new engine is the latest addition to our Capture Cloud Platform that reinforces our leadership position.” said, Bill Conner, President and CEO at SonicWall.
The new SonicWall Capture Cloud Real-Time Deep Memory Inspection (RTDMI) technology and engine has been operational for months and is discovering hundreds of malware strands not detected by sandboxing technology.
The new RTDMI technology proactively detects and blocks unknown mass-market malware via deep memory inspection in real time. It also detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via custom encryption. This technology forces malware to “reveal” its weaponry into memory. In addition, it also identifies and mitigates sophisticated attacks where weaponry is exposed for less than 100 nanoseconds.
SonicWall Capture Labs threat researchers have validated SonicWall RTDMI technology is also effective against future exploits built on the Meltdown vulnerability, via the engine’s real-time analysis of instruction and memory usage.
The security company leveraging the technology to support SonicWall’s layered security platform, which includes next-generation firewalls, wireless network security, email security, secure mobile and remote access offerings, as well as cloud and IoT solutions.
SonicWall’s RTDMI technology detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware.
Sandbox engines execute files in a virtual environment, log the resulting activity, and then, after execution, look for and attempt to correlate malicious behavior. The correlation and scoring of these activities and behaviors are prone to both false positives and false negatives.
Modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically and, in most cases, is impossible to analyze in real-time using static detection techniques.
SonicWall Capture Labs researchers leveraged a variety of deep-learning techniques to analyze code blocks of hundreds of terabytes of malware and related high-quality metadata of extracted features, and those combined insights resulted in the RTDMI solution.
The CTO for SonicWall, John Gmuender said “Sandbox techniques are often ineffective when analyzing the most modern malware. SonicWall’s RTDMI technology is very fast and very precise, and can mitigate sophisticated attacks where the malware’s most protected weaponry is exposed for less than 100 nanoseconds.”
