Prevent Known Threats Across All Traffic

Threats do not discriminate between application delivery vectors, requiring an approach that has full visibility into all application traffic, including SSL encrypted content, with full user context. Threat Prevention leverages the visibility of our next-generation firewall to inspect all traffic, automatically preventing known threats, regardless of port, protocol or SSL encryption.

Protection Across the Full Attack Lifecycle

In order for adversaries to be successful, they must move through multiple stages of the attack lifecycle, representing opportunities to stop them at each step. Threat Prevention automatically blocks multiple phases of the attack, including exploitation of known vulnerabilities, known malware and command-and-control activity. If zero-day malware or exploits are used, other elements of the Palo Alto Networks Next-Generation Security Platform can keep your organization safe.

Security AND Performance

Threat Prevention leverages our unique single-pass scanning architecture, so traffic is only scanned once, even with all subscription services enabled, including Threat Prevention, WildFire and URL Filtering. The single-pass architecture allows full threat detection and enforcement of prevention controls, without sacrificing performance.

Adversaries have become highly targeted, leveraging sophisticated playbooks to breach an organization, move laterally, and extract valuable data, all while remaining invisible to traditional defenses. Threat Prevention automatically stops vulnerability exploits with IPS capabilities, offers in-line malware protection, and blocks outbound command-and control-traffic. When combined with WildFire and URL Filtering, organizations are protected at every stage of the attack lifecycle, including both known and zero-day threats.

Intrusion Prevention

Vulnerability-based protections detect and block exploits and evasive techniques on both the network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation. Our IPS protections include both anomaly detection and signature matching, using stateful pattern matching to understand packet arrival order and sequence.

Our signature creation team reverse-engineers exploits to understand the underlying vulnerabilities on which our protections are based, ensuring that individual signatures are high fidelity and can protect you against multiple exploit attempts. Palo Alto Networks also offers Traps advanced endpoint protection to block zero-day exploits on the endpoint.

Additionally, the Palo Alto Networks threat research team, Unit 42, applies human intelligence to identify critical zero-day vulnerabilities in Microsoft, Adobe, Apple, Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government and service provider networks.

Malware Protection

Threat Prevention enforces in-line malware protection, preventing malware delivery and installation through our proprietary payload-based signature, which are updated through daily content updates, which also leverages the WildFire service for zero-day malware discovery.

Payload-based signatures do not rely on easily changed attributes, instead detecting patterns in the body of the file that can be used to identify future variations of the malware, even if the content has been slightly modified. This allows us to immediately identify and block polymorphic malware that otherwise would be treated as a new, unknown file.

Organizations can further enhance their security posture by deploying the WildFire threat detection and prevention service, which enables prevention of zero-day malware in 300 seconds from first discovery anywhere in the world.

Command-and-Control Prevention

Threat Prevention stops command-and-control (C2) activity from being used to exfiltrate data, deliver secondary malware payloads, or provide additional instructions for future stages of the attack. The service employs a revolutionary approach to shutting down this critical channel, generating automated C2 signatures that go beyond basic domain and URL matching to produce research-grade protections at machine speed and scale.

Threat Prevention also provides sinkhole capabilities for requests to malicious DNS entries, allowing outbound requests to malicious domains or IP addresses to be redirected to your own internal IP address, preventing command-and-control activity and providing you with a report of compromised machines.



Palo Alto Networks WildFire cloud-based threat analysis service is the most advanced analysis and prevention engine zero-day exploits and malware.

  • 5
  • 18786

WildFire Privacy Datasheet

This document provides the customers of Palo Alto Networks with information needed to assess the impact of WildFire on their overall privacy posture.

  • 2
  • 1632

VM-Series for AWS Hybrid Cloud Deployment Guidelines

This whitepaper walks through both AWS and VM-Series deployment guidelines for building a hybrid cloud that extends your data center into AWS.

  • 2
  • 3120

Machine Learning and Endpoint Security

The most promising weapon in the endpoint security arsenal is machine learning. Read how it quickly learns, makes instant decisions and rapidly prevent threats.

  • 1
  • 672

What Is URL Filtering?

This brief provides an easy to understand explanation of what URL filtering is and how it works to prevent employees from accessing unproductive, harmful sites.

  • 3
  • 1346

CAME Group

CAME Group (CAME) provides automation systems for residential and industrial entrances, parking lots, and access control points. With 50 branches in 40 countries all networked with its corporate headquarters in Italy, CAME was uniquely challenged to provide a network architecture that ensured both secure network access and secure endpoints. Targeted attacks by malware, such as CryptoLocker, were frequently infiltrating servers and PCs, disrupting productivity and creating unpredictable remediation costs. Traditional antivirus software was ineffective in stopping such attacks. By deploying the Palo Alto Networks Next-Generation Security Platform with Next-Generation Firewalls, Threat Intelligence Cloud services, and Advanced Endpoint Protection, CAME successfully prevents cyberthreats from infiltrating endpoint devices and its network. Through consolidation, CAME is saving $2.5 million over three years, with an additional $250,000 in savings by eliminating remediation costs on endpoint devices. Moreover, the company now has uniform security policies enterprise-wide, with increased visibility and control over network traffic for improved bandwidth and application performance.

  • 2
  • 2347