The Capture Labs team pulls from the Capture Threat Network – which includes data from the following sources: Intelligence sharing consortiums of threat researchers, 1 million sensors located across the globe. Continuous real-time monitoring. We collect 100K malware samples per day and analyze 100k events per day.
We have a team of over 50 engineers Dedicated to identifying the latest threats Over our 28 years – have amassed hundreds of terabytes of data / artifacts.
All of our cloud capabilities integrated into our cloud platform.
This is technology that is central to SonicWall’s offering, makes us unique in the market, and a key component to our Capture Cloud Platform. We scan incoming traffic – PDFs, office docs, etc. and look at artifacts in those files that represent malicious activity. We utilize Machine Learning (all the data we’ve gathered over 27 years) with deep learning algorithms and block files until a verdict is rendered. If we suspect something, we send it to the Capture Cloud. First, we check it against the hundreds of terabytes of hashed artifacts that we’ve collected. If it isn’t found, we run through our multi-engine sandbox (analogy of a hurt arm). It has to pass all four engines with a green check. If it’s bad we hash the artifact, and it’s shared globally amongst the SonicWall products – FW, endpoint, email, client. Note that Capture renders a verdict for ~80% of all files in less than 2 seconds. Note the unique capability around RTDMI (can detect Meltdown, Spectre, Foreshadow); executes the malware in memory; less than 100 nanoseconds; patented. RTDMI is extremely effective and detects ~98% of what the other engines find. Important to note that we have the IP around RTDMI. We have a solution that can help. Our vision, straight up, is that we will provide automated breach detection and prevention in real-time. Run through the advanced threats, the challenges, and then the critical components needed to protect against this. Aligns directly with the cyber arms race and the cyber skills gap.
Providing real time decision support to Prevent coordinators
Technical decision support for
What’s this session about?
What is OSINT?
How can technology like this be
leveraged to provide early
indication of safeguarding issues
A few simple steps to become
more effective and efficient
I’m just (X), how can NCSC help
OSINT = Open Source Intelligence = our “Digital
We all leave it behind us
everywhere we go
Digital Economy now extant,
that horse has bolted
Security vs Privacy? Data is the
“Online Life” & “Real Life” are
merging, as are the norms
expected in both
A new form of Social Contract
The Need: Automated Real-Time Anomaly Detection &
Email, Browser, Apps, Files
Wired, Wireless, Mobile, Cloud
PC, Tablet, Phone, IoT
Inspect all SSL/encrypted traffic
Multi-engine, CPU-tracking cloud sandbox
Block files until a verdict is rendered
Integrated security platform (firewall,
endpoint, wireless, email, CASB, Wi-Fi)
Security center (SOC)
SonicWall Capture Labs
January to September
threats in 2019
hundreds of unique
variants every day
World-class threat and
Thousands of terabytes of
My problem isn’t with malware it’s with
Large and diverse young population
No control over devices
Security vs Privacy is in a different realm:
oOften need to secure one from another
oSafeguarding is not the same as Cyber
oPastoral care & Intervention often more
important than “policing”
o Early detection of issues thus becomes the desired
outcome of technology introduction
Automated Internet-Mediated Research Module
OSINT Analytics combines a dedicated search engine, context-
adjusted normalized social media analytics, and AI-powered
sentiment analysis into a powerful package.
OSINT Analytics provides snapshot insights of social media
ecosystems – revealing popular posts, opinion leaders, and topic
initiators with text and visualization.
INTO THE DEEP
Automated Trend Forecasting
P.O.I. generates a dynamic
activity view built around
keyword searches and topic
selection to reveal inflection
points and conversation drivers.
P.O.I. uses Machine Learning
algorithms to aid in pattern
identification and false profile
Since social networks are not just text and keywords, OSINT Analytics contextually
analyzes organic connections and content – more accurately identifying, flagging, and
ranking inflection points..
Activity timelines and other graphical data displays within P.O.I. allow you to stay ahead
of changes in trends within any domain. Know when things are heating up, before they
SUGGEST AND IDENTIFY
View activity patterns and post history – identify fake profiles and botnets at a glance.
Then, pass the information on to other operators, using integrated in-system notification
AUTOMATED AND DYNAMIC TOPCIS OF INTEREST
Create cross-platform social media monitors on any topic in seconds, and let P.O.I.
continuously float inflection points to your attention, based on preset queries of
popularity, sentiment, platform, activity, influence etc. or custom queries in real time.
What can I do in the meantime?
Talk to us: Bill Orme/David Peace:
Use the NCSC’s Protective DNS
Talk to people like the Cyber Foundry in Manchester
Tell your student populations up front about what is OK/!OK on your
networks (short policies in big letters)