* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Prisma Cloud Improves Ant...

# Prisma Cloud Improves Anti-Malware Capabilities with WildFire Integration

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-cloud-and-wildfire-integration%2F)  
[](https://twitter.com/share?text=Prisma+Cloud+Improves+Anti-Malware+Capabilities+with+WildFire+Integration&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-cloud-and-wildfire-integration%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprisma-cloud-and-wildfire-integration%2F&title=Prisma+Cloud+Improves+Anti-Malware+Capabilities+with+WildFire+Integration&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/prisma-cloud-and-wildfire-integration/&ts=markdown)  
\[\](mailto:?subject=Prisma Cloud Improves Anti-Malware Capabilities with WildFire Integration)  
Link copied  
By [Hari Srinivasan](https://www.paloaltonetworks.com/blog/author/hari-srinivasan/?ts=markdown "Posts by Hari Srinivasan") and [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith")  
Jun 15, 2021  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/tag/cloud-workload-protection/?ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown)

Trusting [container images](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) or virtual machines simply because they come from public registries, marketplaces, or previous snapshots is dangerous. Container images, running containers, and virtual machines may contain misconfigurations or malware, such as crypto miners or viruses. For example, Unit 42 found [30 malicious images](https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/) in Docker Hub with cryptominers that had been pulled 20 million times.

Prisma Cloud has included threat intelligence feeds from public feeds and private research that identify [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) in container images. To further advance that capability, we are excited to announce that we now offer a native integration with [Palo Alto Networks WildFire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire?ts=markdown) for advanced malware analysis for containers and hosts in both CI/CD pipelines and in runtime.
![WildFire based malware detection integrated into the CI pipelines](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-63.png)
WildFire based malware detection integrated into the CI pipelines

## Full Lifecycle Anti-Malware Identification

Prisma Cloud performs malware analysis in two places: CI pipelines leveraging our command line tool twistcli and in runtime. In CI pipelines, images with recognized file hashes are checked locally against threat feeds from Prisma Cloud and WildFire in near-real time.

For unrecognized files, the new integration takes the suspicious file and checks them with WildFire for deeper malware analysis. WildFire identifies new and unknown malware through multiple cloud-based analysis techniques, including [sandboxing](https://www.paloaltonetworks.com/cyberpedia/sandboxing?ts=markdown).
![Diagram of the checkpoints that include malware analysis](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-64.png)
Diagram of the checkpoints that include malware analysis

WildFire observes files in a purpose-built, evasion-resistant virtual environment, enabling detection of zero-day exploits and malware using hundreds of behavioral characteristics. If the WildFire analysis detects malware, you can choose to alert or block those builds. Limiting deployments to just Trusted Images that have been vetted prevents malicious images from ever entering your system.
![Continuous integration rules for malware detected](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-65.png)
Continuous integration rules for malware detected

Wildfire analysis is integrated as a part of the compliance checks in your [CI/CD pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown), creating a secure path for vetted, trusted images and preventing supply chain attacks, like poisoned image attacks. Prisma Cloud can explicitly mark these verified images as trusted and can build a [secure software development lifecycle (SDLC)](https://www.paloaltonetworks.com/cyberpedia/sdlc-software-development-lifecycle?ts=markdown) by restricting container deployments to only those trusted images. However, not all malware comes from images. If a bad actor gains access to a host or container, it's necessary to add another layer of protection.

Prisma Cloud's runtime defense detects and blocks anomalous and malicious processes, filesystem access and network behavior. With the WildFire integration, if malware is written to the file system, Prisma Cloud will block the malware and automatically capture forensic data about the events leading to and after the malware was detected. This provides full lifecycle, end-to-end protection against malware.
![Malicious executable and linkable format (ELF) file detected on a host](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-66.png)
Malicious executable and linkable format (ELF) file detected on a host

## Combining the Power of the Palo Alto Networks Portfolio

If a zero day is detected in the Prisma Cloud WildFire integration or other Palo Alto Networks products such as our NGFW and Cortex XDR, all products that use WildFire will be protected from that unknown malware. Reports aggregate all analysis performed in a centralized format.
![Centralized report from WildFire analyses across products](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-67.png)
Centralized report from WildFire analyses across products

The WildFire integration is configurable from the System menu in Prisma Cloud. There is a switch to enable WildFire detection and you can pick the cloud region that is closest to the workload. Here you can further configure WildFire settings to fit your needs.
![Setting up the WildFire integration in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-68.png)
Setting up the WildFire integration in Prisma Cloud

Prisma Cloud provides comprehensive security across the full development lifecycle to maximize the protection of cloud native workloads. With WildFire, we continue advancing our better together story by working across our entire portfolio of Palo Alto Networks products.

Find out more about [WildFire malware protection](https://www.paloaltonetworks.com/products/secure-the-network/wildfire?ts=markdown) and Prisma Cloud's [latest cloud workload protection capabilities](https://www.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Automated Container Image Scanning with the Prisma Cloud GitHub Action](https://www.paloaltonetworks.com/blog/cloud-security/github-action-container-image-scanning/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Expands Runtime Protection to Azure Serverless Functions](https://www.paloaltonetworks.com/blog/cloud-security/azure-serverless/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Partners To Secure AWS Graviton Arm-Based Compute Instances](https://www.paloaltonetworks.com/blog/cloud-security/aws-graviton/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### The Journey to Coursera with Google Cloud and Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/google-qwiklabs/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### WAAS-Up with Cryptojacking Microservice-Based Web Apps?](https://www.paloaltonetworks.com/blog/cloud-security/waas-cryptojacking-microservice-based-web-apps/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Our Latest Open Source Innovation, Yor: Automated IaC Tag and Trace](https://www.paloaltonetworks.com/blog/2021/05/yor-automated-iac-tag-and-trace/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language