WildFire: Protection from targeted and unknown threats.
Modern attackers are increasingly using targeted and new unknown variants of malware to sneak past traditional security solutions. To address this, Palo Alto Networks developed WildFire, which identifies new malware in minutes. By executing suspect files in a virtual environment and observing their behavior, Palo Alto Networks identifies malware quickly and accurately, even if the malware sample has never been seen before.
Once a file is deemed malicious, WildFire automatically generates protections that are delivered to all WildFire subscribers within an hour of detection. A WildFire license provides your IT team with a wealth of forensics to see exactly who was targeted, the application used in the delivery, and any URLs that were part of the attack.
Learn more about WildFire Technology.
Sandbox analysis of unknown threats.
Advanced cyber attacks are employing stealthy, persistent methods to evade traditional security measures. WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis in a scalable cloud-based, virtual environment. We directly observe the behavior of the malicious malware and exploits, then WildFire automatically generates and distributes protections globally in as little as 30 minutes.
DNS traffic exists in nearly every organization, creating an overwhelming ocean of data security teams often ignore, or do not have the tools to properly analyze. Knowing this, cyber attackers are increasingly abusing DNS to mask their command-and-control (C2) activity in order to deliver additional malware or steal valuable data. Malicious domain names controlled by attackers enable the rapid movement of command-and-control centers from point to point, bypassing traditional security controls such as blacklists or web reputation. Palo Alto Networks addresses this by:
- Allowing opt-in passive DNS monitoring, creating a database of malicious domains and infrastructure across our global customer base. This intelligence is used by PAN-DB URL filtering, DNS-based command-and-control signatures, and WildFire to prevent future attacks.
- Enabling customers to create local a DNS sinkhole, re-directing malicious queries to an address of your choosing to quickly identify and block compromised hosts on the local network.
Behavioral botnet report.
Our behavioral botnet report correlates traffic anomalies and end-user behaviors to identify devices on your network that are likely to be infected by a botnet. The logic supporting the report tracks unknown or anomalous TCP and UDP, as well as a variety of potentially suspicious behaviors such as repeated download patterns, and the use of dynamic DNS and browsing anomalies. These factors are correlated to create a report that provides you with a list of users that are likely infected, and the behaviors that led to the diagnosis.