Protection Across All Traffic

User and application context and SSL decryption are basic features of our next-generation firewalls, allowing our threat prevention technologies to inspect and stop threats hiding within them. You’re also able to view threat logs within the context of applications and users, so you can fully understand the risks posed by specific applications.

Protection Across the Full Attack Lifecycle

There are several stages within an attack that must be completed before it’s successful. Our protections are coordinated across multiple stages within the attack lifecycle preventing a wide variety of threats, including vulnerability exploit, malware and botnets. If a zero-day component is used, our Threat Prevention technology can still block subsequent stages, maximizing your ability to prevent attacks. 

Security AND Performance

Our threat scanning technology leverages our single-pass scanning architecture (SP3), so traffic is only scanned once, even with all Threat Prevention features enabled (i.e., application control, IPS, anti-malware, command and control protection). Our method of traffic inspection means you get a complete view of an attack across different security controls, and you don’t sacrifice performance for security. 

Malware has become highly targeted and evasive to breach the organization's perimeter by delivering threats that can move laterally, and extract valuable data, while remaining invisible to traditional security defenses. We protect your organization against these threats. We confront threats at each stage of the attack. Our Threat Prevention subscription includes vulnerability and exploit protection with IPS capabilities, malware protection, and command and control protection, to thoroughly defend your network at every location.

By augmenting the Threat Prevention service with WildFire™ and URL Filtering we are able to provide comprehensive protection and automatic updates against previously unknown threats within as little as 5 minutes.

Intrusion Prevention

Vulnerability-based protections detect and block exploits and evasive techniques on both the network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation. Our IPS protections include both anomaly detection and signature matching, using stateful pattern matching to understand packet arrival order and sequence.

In addition to conducting their own independent research, our threat research teams skillfully reverse-engineer zero-day exploits to understand the underlying vulnerabilities on which our protections are based, ensuring that individual signatures are of high quality and will protect you against multiple exploit attempts. 

For complete exploit protection on your endpoints, we recommend adding Traps™ advanced endpoint protection.

Malware Protection

Malware protection prevents malware delivery and installation through custom-built signatures. Our content (i.e., payload based signatures) can detect patterns in the body of the file that can be used to identify future variations of the files even if the content has been slightly modified (polymorph). This allows us to immediately identify and block polymorphic malware that otherwise would be treated as a new, unknown file.

Updated protections against newly discovered malware from around the globe are delivered daily by WildFire, preventing the latest malware from breaching network. Adding the WildFire subscription can reduce this update time to as little as 5 minutes and enable you to submit suspicious files and links for analysis.

Command and Control Protection

There’s no silver bullet when it comes to preventing all threats from entering your organization. This is why we also focus on preventing attackers from leaving with important data through command and control protections, which block multistage malware and attacker-controlled communication channels, protecting your data from being stolen.

Threat Prevention also provides sinkhole capabilities for requests to malicious DNS entries. Outbound requests to malicious domains or IP addresses can be redirected to your own internal IP address, preventing command and control and providing you with a report of compromised machines, making incident response that much simpler.



WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. This datasheet is available in Chinese (Simple), French, ItalianJapanese, and Spanish.

  • 5
  • 12729

Lightboard Series: Advanced Prevention

Enable your platform to begin sending malware to a centralized cloud-based virtual environment where new and unknown files can be actively executed and observed for malicious behaviors.

  • 0
  • 5129

VM-Series for AWS Hybrid Cloud Deployment Guidelines

This whitepaper walks through both AWS and VM-Series deployment guidelines for building a hybrid cloud that extends your data center into AWS.

  • 0
  • 2087

CAME Group

CAME Group (CAME) provides automation systems for residential and industrial entrances, parking lots, and access control points. With 50 branches in 40 countries all networked with its corporate headquarters in Italy, CAME was uniquely challenged to provide a network architecture that ensured both secure network access and secure endpoints. Targeted attacks by malware, such as CryptoLocker, were frequently infiltrating servers and PCs, disrupting productivity and creating unpredictable remediation costs. Traditional antivirus software was ineffective in stopping such attacks. By deploying the Palo Alto Networks Next-Generation Security Platform with Next-Generation Firewalls, Threat Intelligence Cloud services, and Advanced Endpoint Protection, CAME successfully prevents cyberthreats from infiltrating endpoint devices and its network. Through consolidation, CAME is saving $2.5 million over three years, with an additional $250,000 in savings by eliminating remediation costs on endpoint devices. Moreover, the company now has uniform security policies enterprise-wide, with increased visibility and control over network traffic for improved bandwidth and application performance.

  • 1
  • 1481

Delta Holding

Delta Holding eliminated ransomware and gained a comprehensive shield against malware and zero-day attacks with Palo Alto Networks Next-Gen Security Platform.

  • 0
  • 685


Schauinsland-Reisen is one of the most important travel service companies in Germany and Europe. The Reiseveranstalter is the 7th largest package tour operator in Germany. The medium-sized, independent Reiseveranstalter based in Duisburg currently offers more than 60 travel destinations, with more destinations being added. This nearly 100-year-old company with a team of 300+ provides excellent availability and customer service to its customers. This Customer Story is also available in German.

  • 1
  • 1049