We offer unique malware prevention capabilities across the network, endpoint and cloud. Our stream-based engine blocks malware in-line, stopping attacks before they can succeed, without impacting performance. We provide high-efficacy malware prevention through multiple techniques, including:

  • Consistent protection and enforcement across all deployment scenarios.
  • Signatures based on payload, not hash, or other easily changed attributes.
  • In-line, stream-based detection and prevention of malware hidden within compressed files, web content or other common file types.
  • Near real-time updates from the WildFire® threat analysis service, ensuring protection against zero-day malware.
  • Replace legacy host-based antivirus with Traps™ advanced endpoint protection.

Shared Threat Intelligence and Analytics

When zero-day exploits or malware are discovered by any WildFire user, the service automatically orchestrates enforcement of high-fidelity, evasion-resistant protections for all WildFire subscribers in 300 seconds of first discovery anywhere in the world. These protections are shared across more than 14,000 WildFire users, forming the industry’s largest distributed sensor network focused on detecting and preventing unknown threats.

In combination with WildFire, organizations can use AutoFocus™ contextual threat intelligence to hone in on the most targeted threats with high relevance and context. AutoFocus provides the ability to hunt across all data extracted from WildFire, as well as correlate indicators of compromise (IoCs) and samples with human intelligence from the Unit 42 threat research team. Together, WildFire and AutoFocus provide a complete picture into unknown threats targeting your organization and industry, and increase your ability to quickly take action on intelligence, without adding specialized security staff. 

Threat Research and Sharing

We pair our automated threat identification and prevention systems with human intelligence from our Unit 42 threat research team. Using the wealth of malware intelligence in the Palo Alto Networks Threat Intelligence Cloud, Unit 42 uses the AutoFocus service to conduct proactive threat hunting, identifying previously unknown malware families, campaigns or adversaries to create new protections for our customers. We partner with other leading vendors to share intelligence on never-before-seen threats, helping keep the entire ecosystem safe.

Palo Alto Networks® is also a founding member of the Cyber Threat Alliance, a partnership of security and research vendors striving to defeat attackers by sharing malware samples and research. We ingest newly discovered samples from our alliance partners, as well as various third-party feeds, to generate new protections for our customers.