Advanced persistent threats (APTs) are the result of sophisticated adversaries executing a malicious playbook to breach an organization and steal sensitive data. These attacks often occur over an extended time frame, targeting individual users with highly evasive tools, bypassing legacy security approaches with ease.

Palo Alto Networks® identifies and prevents APTs across the entire attack lifecycle, from initial compromise to endgame tactics. We offer unique best-of-breed capabilities – all natively integrated within the Next-Generation Security Platform – to discover and block even the most advanced threat, across the network, cloud and endpoint.

Identify the Most Evasive Threats

APTs will often use highly evasive threats that can evade detection by traditional identification approaches. Palo Alto Networks brings forth years of groundbreaking innovation to conclusively identify and enforce prevention for even the most evasive advanced threats, including:

  • Visibility into threats in all application traffic, regardless of port, protocol or encryption.
  • The most evasion-resistant malware analysis environment in the industry, with the WildFire® service’s custom-built hypervisor and bare metal analysis environment.
  • Unique payload-based, anti-malware and command-and-control protections that cannot be bypassed by new variants or commonly changed attributes.

Prevent Threats With Multiple Techniques 

Palo Alto Networks prevents APTs at each stage of the attack lifecycle through the Next-Generation Security Platform, which provides:

  • Full visibility into all network traffic, including stealthy attempts to evade detection, such as the use of non-standard ports or SSL encryption. 

  • Attack surface reduction with positive security controls to proactively take away infection vectors. 

  • Automatic known threat prevention with Palo Alto Networks Next-Generation Firewall, Threat Prevention, URL Filtering, Traps™ advanced endpoint protection and Prisma™ SaaS security service, providing defenses against known exploits, malware, malicious URLs and command-and-control (C2) activity. 

  • Zero-day threat detection and prevention with WildFire, including threat analytics with high relevance and context through the AutoFocus™ service. 

Shared Threat Intelligence & Analytics

When malware or zero-day exploits are discovered by any WildFire user, the service automatically orchestrates the enforcement of high-fidelity, evasion-resistant protections for all WildFire subscribers in 300 seconds of first discovery anywhere in the world. These protections are shared across more than 14,000 WildFire users, forming the industry’s largest distributed sensor network focused on detecting and preventing unknown threats.

In combination with WildFire, organizations can use AutoFocus to hone in on the most targeted threats with high relevance and context. AutoFocus provides the ability to hunt across all data extracted from WildFire, as well as correlate indicators of compromise (IoCs) and samples with human intelligence from the Unit 42 threat research team. Together, WildFire and AutoFocus provide a complete picture into unknown threats targeting your organization and industry, and increase your ability to quickly take action on intelligence, without adding specialized security staff.