WildFire: Sandbox analysis to identify and block unknown threats.
Attacks on your network are increasingly driven by sophisticated malware designed to avoid traditional antivirus controls. WildFire extends the capabilities of our next-generation firewalls to identify and block targeted and unknown malware by actively analysing it in a safe, cloud-based virtual environment. In our ‘sandbox,’ we directly observe the behavior of malicious malware, then through WildFire we automatically generate and distribute protections globally for the newly discovered malware. A subscription to WildFire allows you to better protect your network.
Learn more about the APT Prevention Feature.
Turning the Power of the Cloud Against Malware
WildFire is built on a revolutionary architecture. It takes the full visibility and in-line enforcement of our next-generation firewall, and weds it to a centralised cloud-based virtual environment where new and unknown files can be actively executed and observed for malicious behaviors. The WildFire cloud can be delivered either as a public cloud (default) or as a private cloud (deployed locally on a WF-500 appliance).
Whether deployed as a public or private cloud, the WildFire architecture is uniquely designed to meet the demands of safely analysing large numbers of potentially malicious files. With WildFire, the virtual malware environment is shared across all firewalls, as opposed to deploying single-use hardware at every ingress/egress point and network point of presence. This approach ensures maximum sharing of malware information, while minimising the hardware requirements of the task.
Automatically Protect Users and Stop Outbreaks
Detecting a threat is always the first step, but the real value of WildFire lies in protecting your users and network. When WildFire identifies new malware, within an hour it automatically generates and delivers protections to all WildFire subscribers worldwide. This allows subscribers to quickly share in the intelligence we gather from all WildFire users, and stop malware outbreaks before they spread.
WildFire also analyses command-and-control behaviors, URLs, and DNS patterns to identify and block traffic from any users who may already be infected. In addition, as a true inline firewall, Palo Alto Networks always retains the ability to directly drop malicious traffic instead of relying solely on TCP resets, which can easily be filtered or ignored by malicious endpoints.
Correlation and Reporting
WildFire provides you with a wealth of analysis and forensics on all malicious files seen on your network. The WildFire portal is available to all WildFire users. The information gives you a window into malware behavior including:
- Malicious actions
- Domains the sample visited
- Files that were created
- Affected registry entries
Customers with a WildFire subscription also get access to fully integrated WildFire logs and reports via the standard Palo Alto Networks user interface or through Panorama. This log integration makes it really easy to quickly tie malware to users, applications, URLs, files or other threats for fast incident response, and for modifying your policies to reduce future attack vectors.
Palo Alto Networks Firewall Overview
- 8-Page PDF: Palo Alto Firewall Oveview
Palo Alto Networks Panorama
- 5-Page PDF: Panorama Specsheet
Palo Alto Networks VM-Series Datasheet
- 3-Page PDF: VM-Series Datasheet
Palo Alto Networks Wildfire
- 6-Page PDF: Palo Alto Networks Wildfire