Palo Alto Networks® prevents the full spectrum of the cyberattacker’s playbook, including outbound command-and-control (C2) activity. Attackers will often leverage C2 as part of a multi-stage attack, with secondary downloads to exfiltrate sensitive data or provide additional instruction for future stages of the attack. Even if malware is delivered, we can prevent the attack from succeeding by stopping command-and-control traffic.

Nearly Up-to-the-Minute Prevention 

We prevent command-and-control activity through multiple complementary techniques, including:

  • Going beyond standard C2 signatures typically based on URLs and domains, with the automatic generation of pattern-based C2 signatures. This capability delivers researcher-grade protections at machine speed and scale for Threat Prevention subscribers.
  • WildFire® threat analysis service provides DNS protections to all subscribed firewalls around the globe, protecting customers from newly created domains controlled by attackers and embedded within zero-day malware.

Positively Identify Infected Hosts

We speed security teams’ ability to identify and take action on infected hosts with our DNS sinkhole capability. Using the DNS sinkhole, outbound requests to malicious domains or IP addresses are redirected to an internal IP address set up by an administrator, preventing those requests from leaving the network and providing you with a report of the compromised machines initiating those requests on which incident response teams can act.




Command-and-Control Research 

The Palo Alto Networks threat research team proactively investigates new command-and-control techniques, reverse engineering them to create high-fidelity C2 protections that conclusively identify and block the malicious activity. By proactively identifying new command-and-control activity, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.


 

No results found