Prevent Known Threats Across All Traffic

Threats do not discriminate between application delivery vectors, requiring an approach that has full visibility into all application traffic, including SSL encrypted content, with full user context. Threat Prevention leverages the visibility of our next-generation firewall to inspect all traffic, automatically preventing known threats, regardless of port, protocol or SSL encryption.

Protection Across the Full Attack Lifecycle

In order for adversaries to be successful, they must move through multiple stages of the attack lifecycle, representing opportunities to stop them at each step. Threat Prevention automatically blocks multiple phases of the attack, including exploitation of known vulnerabilities, known malware and command-and-control activity. If zero-day malware or exploits are used, other elements of the Palo Alto Networks Next-Generation Security Platform can keep your organization safe.

Security AND Performance

Threat Prevention leverages our unique single-pass scanning architecture, so traffic is only scanned once, even with all subscription services enabled, including Threat Prevention, WildFire and URL Filtering. The single-pass architecture allows full threat detection and enforcement of prevention controls, without sacrificing performance.

Adversaries have become highly targeted, leveraging sophisticated playbooks to breach an organization, move laterally, and extract valuable data, all while remaining invisible to traditional defenses. Threat Prevention automatically stops vulnerability exploits with IPS capabilities, offers in-line malware protection, and blocks outbound command-and control-traffic. When combined with WildFire and URL Filtering, organizations are protected at every stage of the attack lifecycle, including both known and zero-day threats.

Intrusion Prevention

Vulnerability-based protections detect and block exploits and evasive techniques on both the network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation. Our IPS protections include both anomaly detection and signature matching, using stateful pattern matching to understand packet arrival order and sequence.

Our signature creation team reverse-engineers exploits to understand the underlying vulnerabilities on which our protections are based, ensuring that individual signatures are high fidelity and can protect you against multiple exploit attempts. Palo Alto Networks also offers Traps advanced endpoint protection to block zero-day exploits on the endpoint.

Additionally, the Palo Alto Networks threat research team, Unit 42, applies human intelligence to identify critical zero-day vulnerabilities in Microsoft, Adobe, Apple, Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government and service provider networks.

Malware Protection

Threat Prevention enforces in-line malware protection, preventing malware delivery and installation through our proprietary payload-based signature, which are updated through daily content updates, which also leverages the WildFire service for zero-day malware discovery.

Payload-based signatures do not rely on easily changed attributes, instead detecting patterns in the body of the file that can be used to identify future variations of the malware, even if the content has been slightly modified. This allows us to immediately identify and block polymorphic malware that otherwise would be treated as a new, unknown file.

Organizations can further enhance their security posture by deploying the WildFire threat detection and prevention service, which enables prevention of zero-day malware in 300 seconds from first discovery anywhere in the world.

Command-and-Control Prevention

Threat Prevention stops command-and-control (C2) activity from being used to exfiltrate data, deliver secondary malware payloads, or provide additional instructions for future stages of the attack. The service employs a revolutionary approach to shutting down this critical channel, generating automated C2 signatures that go beyond basic domain and URL matching to produce research-grade protections at machine speed and scale.

Threat Prevention also provides sinkhole capabilities for requests to malicious DNS entries, allowing outbound requests to malicious domains or IP addresses to be redirected to your own internal IP address, preventing command-and-control activity and providing you with a report of compromised machines.


WildFire Datasheet

WildFire Datasheet
  • 8
  • 29470

Magnifier Datasheet

Magnifier Behavioral Analytics empowers organizations to quickly find and stop the stealthiest network threats. By analyzing rich network, endpoint and cloud data with machine learning, Magnifier accurately identifies targeted attacks, malicious insiders and malware. Security analysts can rapidly investigative threats and leverage the Next-Generation Firewall to block attacks before the damage is done. Download the datasheet to learn the key features and benefits of Magnifier.
  • 9
  • 12716

Threat Prevention Datasheet

Today’s attackers are well-funded and well-equipped. They use evasive tactics to succeed in gaining a foothold in the network, launching both high-volume and sophisticated attacks while remaining invisible to an organization’s traditional defenses – from packet obfuscation, polymorphic malware and encryption to multi-phased payloads and fast-flux DNS.
  • 2
  • 23528

AutoFocus Datasheet

Palo Alto Networks AutoFocus™ threat intelligence service re-imagines how security teams protect their organizations from unique, targeted attacks. The hosted security service provides the intelligence, analytics, and context required to understand which attacks require immediate response, as well as the ability to make indicators actionable and prevent future attacks. Read the data sheet to learn the key benefits of the AutoFocus service.
Palo Alto Networks,
  • 2
  • 14812


AV-Comparatives, the independent organization that tests and assesses antivirus (AV) software, announced the completion of its 2017 “Comparison of Next-Generation Security Products” and presented Traps advanced endpoint protection with its “Approved” award. The firm conducted a series of malware protection and exploit prevention tests on Traps during September and October 2017. Download the report to view the results of this test.
  • 5
  • 13303

GlobalProtect Datasheet

The world you need to secure continues to expand as both users and applications shift to locations outside the traditional network perimeter. Security teams face challenges with maintaining visibility into network traffic and enforcing security policies to stop threats. Traditional technologies used to protect mobile endpoints, such as host endpoint antivirus software and remote access VPN, are not capable of stopping the advanced techniques employed by today’s more sophisticated attacker. GlobalProtect™ network security client for endpoints, from Palo Alto Networks®, enables organizations to protect the mobile workforce by extending the Next-Generation Security Platform to all users, regardless of location. It secures traffic by applying the platform’s capabilities to understand application use, associate the traffic with users and devices, and enforce security policies with next-generation technologies.
  • 4
  • 49298