* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/)
* Findings from WildFire

# Findings from WildFire

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2011%2F11%2Ffindings-from-wildfire%2F)  
[](https://twitter.com/share?text=Findings+from+WildFire&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2011%2F11%2Ffindings-from-wildfire%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2011%2F11%2Ffindings-from-wildfire%2F&title=Findings+from+WildFire&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2011/11/findings-from-wildfire/&ts=markdown)  
\[\](mailto:?subject=Findings from WildFire)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Nov 08, 2011  
4 minutes  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown)  
[zero-day](https://www.paloaltonetworks.com/blog/tag/zero-day/?ts=markdown)

It has been a busy and exciting week at Palo Alto Networks where we have announced a brand new platform -- [the PA-200 a branch office appliance for the distributed enterprise](https://www.paloaltonetworks.com/products/platforms/pa-200.html?ts=markdown) , a new software update -- [PAN-OS 4.1 with more than 50 new features](https://www.paloaltonetworks.com/literature/whats-new.pdf?ts=markdown) , and [WildFire™, a completely new capability](https://www.paloaltonetworks.com/products/features/malware-protection.html?ts=markdown) of the next-generation firewall that allows security teams to detect and remediate unknown and targeted malware. Click to see Nir talking about the release on [Bloomberg TV](https://www.bloomberg.com/video/79753124). I want to share a little bit more on WildFire because I think that this technology has the potential to be one of the most significant recent developments in threat prevention, and I think the data from the beta testing bears this out.

First, a quick bit of background. IT security teams have been on the horns of a dilemma concerning targeted and unknown malware. On one hand, traditional IPS and anti-malware products are ineffective because they only detect things that are already known to be bad and unknown files are assumed to be benign. On the other hand, sandboxing technology, which can expose unknown malware by observing it in a virtual environment, has remained separate from the front lines of day-to-day security enforcement. Previous attempts at sandboxing solutions required lots of additional single-purpose hardware, and lacked the in-line enforcement capabilities needed to protect the network. In short, security teams have had only an expensive option that could provide some visibility into unknown malware, but which fell short when it came to enforcement.  
[![](https://www.paloaltonetworks.com/researchcenter/wp-content/uploads/2011/11/WF-overview-230x319.jpg "WildFire")](https://www.paloaltonetworks.com/researchcenter/2011/11/findings-from-wildfire/wf-overview/?ts=markdown)

WildFire bridges this gap by blending in-line capture and enforcement with out-of-band sandbox analysis to identify unknown threats. Additionally, WildFire offloads the sandbox analysis to a highly secure cloud-based environment, meaning that no new hardware is required. As a result, managing unknown malware threats becomes operationally similar to managing known threats. The next-generation firewall provides visibility into all traffic, known threats are blocked, and unknown files are sent up to the WildFire sandbox for analysis. If a file is found to be malware, WildFire generates signatures both for the infecting file and outbound malware traffic which are delivered with normal AV updates to prevent further infections and stop any malicious traffic. IT managers are provided details on: who was targeted, URLs that were involved in the attack and what applications were used in the attempted malware delivery.

So it all sounds good in theory, but how has WildFire performed in the real world? Over the past few months WildFire has been deployed at a variety of full production beta test sites worldwide, and we have found the results to be more than a little eye opening. First and foremost, literally every WildFire beta test site caught incoming malware that was previously unknown and unidentified in the industry. In fact, 57 percent of the malware that WildFire detected had no coverage or had not been seen by Virus Total at the time of discovery. Again, these are production networks, not honeypots or lab experiments, so they represent the types of activity that likely goes unnoticed throughout enterprise networks today. Here are a few other interesting stats and findings from the beta tests:

* 7% of unknown files encountered in the wild were found to be malware.
* 21% of newly discovered malware generated unknown traffic.
* More than 5,000 samples used a non-standard port.
* Specific phishing campaigns were found to have affinity for particular applications, with one phisher using AOL-Mail and another using the Hotfile file transfer application.

These results are just the tip of the iceberg, and we will continue to keep you updated with interesting findings. However, the most important findings will be the ones on your network, and since all of these WildFire features are available today and are free of charge as part of PAN-OS 4.1, there's no reason not to start actively finding and stopping malware on your networks. Happy hunting.

*** ** * ** ***

## Related Blogs

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Always Innovating: User Experience, Threat Coverage and Management](https://www.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative](https://www.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### PrintNightmare Prevention Update with Cortex XDR](https://www.paloaltonetworks.com/blog/security-operations/printnightmare-prevention-update-with-cortex-xdr/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Hunting PrintNightmare (CVE-2021-1675) Using Cortex XDR](https://www.paloaltonetworks.com/blog/security-operations/hunting-printnightmare/)

### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### NSS Labs 2019 BPS Test: Palo Alto Networks Earns 'Recommended' Rating](https://www.paloaltonetworks.com/blog/2019/08/2019-bps-test-palo-alto-networks-recommended/)

### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### SEGA Europe: You Cannot Protect What You Cannot See](https://www.paloaltonetworks.com/blog/2019/07/sega-europe/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language