Automatically Prevent Highly Evasive Zero-Day Exploits and Malware

WildFire® cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.

Find the Unknown With a Unique Multi-Technique Approach

WildFire goes beyond legacy approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and evasion-resistant discovery, including:

  • Dynamic analysis: Observes files as they detonate in a custom-build evasion resistant virtual environment, enabling detection of zero-day malware and exploits using hundreds of behavioral characteristics.
  • Static analysis: Highly effective detection of malware and exploits that attempt to evade dynamic analysis, as well as instantly identifying variants of existing malware.
  • Machine learning: Extracts thousands of unique features from each file, training a predictive machine learning classifier to identify new malware and exploits not possible with static or dynamic analysis alone.
  • Bare metal analysis: Evasive threats are automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis techniques.

Together, these techniques allow WildFire to discover and automatically prevent unknown exploits and malware with high efficacy and near-zero false positives.

The Power of the Threat Intelligence Cloud

As part of the Palo Alto Networks Threat Intelligence Cloud, WildFire is the world’s largest distributed sensor system focused on identifying and preventing unknown threats, with more than 19,500 enterprise, government, and service providers contributing to the collective immunity of all other users. When a novel malware or exploit is seen, WildFire automatically creates and shares a new prevention control in about 5 minutes, without human intervention.

WildFire also forms the central prevention orchestration point for the Palo Alto Networks Next-Generation Security Platform, allowing the enforcement of new controls across:

  • Threat Prevention to block malware, exploits, as well as command-and-control (anti-C2 and DNS-based callback) activity.
  • URL Filtering with PAN-DB for the prevention of newly discovered malicious URLs.
  • AutoFocus™ contextual threat intelligence service, enabling the extraction, correlation, and analytics of threat intelligence with high relevance and context.
  • Traps™ advanced endpoint protection and Aperture™ SaaS security service for real-time verdict determination and threat prevention.
  • Integration with our technology partners for verdict determination on third-party services with the WildFire API.

Threat Intelligence, Analytics, and Correlation

In combination with WildFire, organizations can use AutoFocus to hone in on the most targeted threats with high relevance and context. AutoFocus provides the ability to hunt across all data extracted from WildFire, as well as correlate indicators of compromise (IoCs) and samples with human intelligence from the Unit 42 threat research team. Together, WildFire and AutoFocus provide a complete picture into unknown threats targeting your organization and industry, and speed your ability to quickly take action on intelligence, without adding specialized security staff.

Deployment Options That Meet Privacy Needs

WildFire is available in multiple deployment modes, which can meet even the strictest local privacy or regulatory requirements, including:

  • Global cloud for high fidelity detection and immense scale, without additional hardware.
  • Private cloud with an on-premise WildFire appliance to meet privacy and regulatory requirements.
  • Hybrid cloud combining the benefits of both global and private cloud options.
  • European Union (EU) cloud for organizations in the EU with regional data privacy needs.


See how WildFire works together with the Palo Alto Networks Next-Generation Security Platform to automatically identify and prevent unknown attacks in 300 seconds, across the network, endpoint and cloud.


Enrich WildFire with groundbreaking threat intelligence and analytics capabilities with AutoFocus. See how they provide high degrees of relevance, correlation and context for the most advanced threats.   

Learn More


Get the full details on how WildFire brings together dynamic and static analysis with machine learning to identify and automatically prevent unknown threats.   

Download Now

Experience WildFire Yourself

Security Lifecycle Review

Get the details behind unknown threats impacting your organization with the Security Lifecycle Review (SLR). You’ll be able to understand your organization’s risk posture, including malware, vulnerability exploits and command-and-control activity observed on your network.


Sign Up For an SLR Today


Ultimate Test Drive

Seeing is believing, so get hands-on with WildFire and the full suite of threat prevention capabilities at Palo Alto Networks. You will be able to get familiar with the product, set policy, and see how easily WildFire can help keep you safe from unknown threats.

Take WildFire for a Test Drive




Palo Alto Networks WildFire cloud-based threat analysis service is the most advanced analysis and prevention engine zero-day exploits and malware.
  • 7
  • 26827

WildFire Appliance (WF-500)

The WildFire Appliance WF-500 automatically detects and prevents zero-day exploits and malware with on-premise analysis that meets privacy and regulatory requirements.
  • 2
  • 4023

WildFire Privacy Datasheet

This document provides the customers of Palo Alto Networks with information needed to assess the impact of WildFire on their overall privacy posture.
  • 2
  • 3389

SilverTerrier: The Rise of Nigerian Business Email Compromise

Through our analysis, it remains clear that Nigerian cyber actors will continue to expand their attacks in terms of size, scope and capabilities. According to law enforcement organizations, the exposed losses to businesses worldwide from these threat actors are now estimated to be more than US$3 billion. Given the substantial risk these actors pose, we present techniques to enable large-scale attribution efforts to combat this threat. In doing so, we demonstrate a repeatable and sustainable process to identify SilverTerrier infrastructure and put preventive measures in place prior to the first samples of malware reaching our security products.
  • 0
  • 3052

Next-Generation Security Platform

To enable organisations to securely roll out new services and apps, Palo Alto Networks built the Next-Generation Security Platform to provide prevention through automation, applied consistently across the network, endpoint and cloud.
  • 0
  • 685

University of Arkansas

University cut through complexity to strengthen security while enabling open network access for unrestricted learning
  • 0
  • 1313