Call us
+44 (0)20 8830 6820

RTDMI

Real-Time Deep Memory Inspection (RTDMI) engine
SonicWall Real-Time Deep Memory Inspection (RTDMI™) technology enables SonicWall Capture Advanced Threat Protection (ATP) and Capture Security appliance (CSa) to catch more malware faster than behavior-based sandboxing methods, with a lower false positive rate.

Advanced malware detection engines execute files, log the resulting activity, and then, after execution, look for and attempt to correlate malicious behavior. The correlation and scoring of these activities and behaviors are prone to both false positives and negatives. They are also prone to cause delays, unsatisfactory end user experience and subsequent IT ticket requests.

To allow malicious behavior to remain hidden, modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically. In most cases, these are impossible to analyze in real-time using static detection techniques. When SonicWall released Capture ATP, it was the industry’s first multi-engine sandbox that could block files at the gateway until a verdict. The multi-engine design answered the need to detect and stop evasive malware. Capture ATP was designed to process unknown files in isolated parallel environments to see what suspicious code intends to do, from the application, to the OS and down to the software that resides on the hardware.

As a next step, in February 2019, SonicWall released a new engine for Capture ATP called Real-Time Deep Memory Inspection (RTDMI) to improve the technology’s security effectiveness. Invented and developed by SonicWall’s Capture Labs threat researchers, the patent-pending RTDMI engine had already been running in the background of Capture ATP service for months beforehand, dynamically self-learning and self-enhancing. Additionally, after a year and a half of improvement, RTDMI was released as the core technology into the on-premise Capture Security appliance (CSa) in August 2020.

How it works

SonicWall RTDMI technology detects and blocks malware that does not exhibit any malicious behavior or that hides its weaponry via encryption. To discover packed malware code that has been compressed to avoid detection, RTDMI allows the malware to reveal itself by unpacking its compressed code in memory in a secure threat detection environment. It sees what code sequences are found within and compares it to what it has already seen. Identifying malicious code in memory is more precise than trying to differentiate between malware system behavior and clean program system behavior, which is an approach used by some other analysis techniques. Besides being highly accurate, RTDMI also improves sample analysis time. Since it can detect malicious code or data in memory in real-time during execution, no malicious system behavior is necessary for detection. The presence of malicious code can be identified prior to any malicious behavior taking place, thereby rendering a quicker verdict.

For the complete guide to RTDMI, download the full solution brief below:

 Solution Brief RTDMI

With RTDMI, SonicWall customers should see a significant improvement in detection rates when analyzing files on a larger scale.
 
This is a revolution in engineering, execution and innovation
 

General Michael Hayden, Principal at the Chertoff Group, a global advisory firm focused on security and risk management.

 
To introduce this technology in the relatively early stages of these advanced attacks is a huge win for the security industry, as well as the public and private sectors.
 

Contact Us

Talk to us to get the best solution for your environment, or if you would like to:

  • get advice on the correct feature, appliance or renewal
  • get the BEST quote for an appliance, upgrade or subscription renewal
  • outsource your firewall management, single device or large network
  • arrange configuration from SonicWall accredited engineers

...Or if you just need HELP!

+44(0)20 8830 6820

sales@sonicwallsecurity.co.uk

*
*
*
back to top