Call us
+44 (0)20 8830 6820

Capture Security Appliance CSa 1000

This is the base appliance. No intelligence updates or support is included.
SKU: 02-SSC-2853
(not including discount)

The SonicWall Capture Security appliance™ (CSa) brings Capture Advanced Threat Protection™ (ATP) and sandboxing malware analysis to on-premises deployment scenario.

This appliance offers customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization, an ability to take advantage of the superior threat detection capabilities formerly offered only in the cloud.

The CSa 1000 can analyse suspicious files coming from other SonicWall products to provide rapid, high accuracy detection of previously unseen threats, with the customer retaining custody of their files. Additionally, the REST API functionality on the CSa opens up the benefits of this highly effective file analysis capability to threat intelligence teams, third-party security systems and any software stack that can integrate with published APIs.

The CSa uses a combination of reputation-based checks, static file analysis and SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) engine for dynamic analysis. This ensures that it provides not only the best possible detection rate of malicious files, but also does this efficiently, in the shortest possible time. The SonicWall ecosystem of security products, already fully integrated with the cloud-delivered Capture ATP analysis, is able to enforce inline security with features such as Block Until Verdict. The same capabilities are supported when the SonicWall products are connected to the CSa series instead of the cloud Capture ATP.


This is the base SonicWall CSa 1000 Appliance. No intelligence updates or support is included. To include the full package, please see

Capture Security Appliance CSa 1000 with Intelligence Updates and Support Bundle

  1. Memory-based inspection with RTDMI
  2. Multi-Stage Analysis with reputation check, static analysis and dynamic analysis
  3. API access for threat analysis
  4. Broad file type support
  5. Block Until Verdict support
  6. High security effectiveness
  7. Reporting and Role-Based Access
Capture Security Appliance Screenshot 1
Capture Security Appliance Screenshot 2

The CSa 1000 brings the technology from SonicWall’s Capture ATP, a cloud-based service trusted and used by over 150,000 customers across the globe, into an appliance form factor

  • CSa also gets regular intelligence updates (license required) to synchronize with the threat intelligence gathered globally via SonicWall Capture ATP file analysis
  • CSa offers insight into files submitted from all sources with an easy-to-navigate dashboard and file analysis history, providing an insight into the frequency, sources, verdicts and other insights around files submitted for analysis
  • Reporting capabilities provide a global view into ATP protection across the organization, with the ability to schedule regular reports configured based on different roles
  • Administrators can grant granular access to the CSa 1000 to a variety of roles, with the ability to restrict access to any part of the UI
  • Security analysts can be given access to scanning history, with the ability to modify the allowed devices and whitelist/ blacklist, as well as report any suspected false positives or false negatives
  • Network-level administrators can be granted access to the operational configuration of the appliance while being restricted, for confidentiality reasons, from seeing the submitted files and their sources

SonicWall CSa 1000 Introduction Video:

Download the CSa 1000 datasheet:

SonicWall Capture Security Appliance Data Sheet

back to top