WildFire: Automatically Detect and Prevent Unknown Threats

WildFire™ cloud-based malware analysis environment offers a completely new approach to cybersecurity. Through native integration with Palo Alto Networks® Enterprise Security Platform, the service brings advanced threat detection and prevention to every security platform deployed throughout the network, automatically sharing protections with all WildFire subscribers globally in about 15 minutes. The service offers:

  • Unified, hybrid cloud architecture deployed via either the public cloud, a private cloud appliance that maintains all data on the local network, or a combination of the two.
  • Dynamic analysis of suspicious content in a cloud-based virtual environment to discover unknown threats.
  • Automatic creation and enforcement of best-in-class, content-based malware protections.
  • Link detection in email, proactively blocking access to malicious websites.

Advanced attacks are not point-in-time events. Adversaries deliver attacks persistently, often using non-standard ports, protocols or encryption for subsequent attack stages. Like Palo Alto Networks Next-Generation Firewall, WildFire provides complete visibility into unknown threats within all traffic across thousands of applications, including Web traffic, email protocols (SMTP, IMAP, POP), and FTP, regardless of ports or encryption (SSL).

WildFire simplifies an organization’s response to the most dangerous threats, automatically detecting unknown malware and quickly preventing threats before an enterprise is compromised. Unlike legacy security solutions, WildFire quickly identifies and stops these advanced attacks without requiring manual human intervention or costly Incident Response (IR) services after the fact.

Check out WildFire at a glance.

Turn the Power of the Cloud Against Unknown Threats

WildFire has a unified public/private cloud-based architecture that maximizes the sharing of threat intelligence while minimizing hardware requirements. The architecture allows the service to be deployed from any Palo Alto Networks security platform, with no additional hardware, or as a private cloud option (WF-500 appliance), where all analysis and data remain on the local network.

Whether deployed as a public or private cloud, or a hybrid of the two, the WildFire analysis environment is shared across all security platforms on a customer’s network, as opposed to deploying single-use sandboxing hardware at every ingress/egress point and network point of presence.

WildFire can also detect unknown malware pervasively throughout the network. Any location where a Palo Alto Networks security platform is deployed now becomes a point of malware detection and prevention, including:

Automatically Protect Users and Stop Compromise

The first step is to detect unknown threats, but next you must automatically close the loop to prevent them from reaching the network. Once WildFire discovers a new threat, the service automatically generates protections across the attack lifecycle, blocking malicious files and command-and-control traffic. Uniquely, these protections are content-based, not relying on easily changed attributes such as hash, filename or URL, allowing the service to block the initial malware and future variants without any additional action or analysis. WildFire informs the protection of other Palo Alto Networks security services, blocking threats in-line through:

Create a closed loop of detection and prevention: Threat Prevention at a glance

Quick Investigations with Rich Forensics and Reporting

Quickly identify infected users and investigate potential breaches with integrated logs, analysis, and visibility of unknown threat events directly accessible in Panorama™, the Palo Alto Networks management interface, or via the WildFire portal. Integration with User-ID™ allows security administrators to quickly identify targeted users based on corporate directory information, not IP addresses. This detailed intelligence provides insight into:

  • Network and host-based indicators of compromise
  • Malware behaviors
  • Detailed email forensics on sender, recipient and subject
  • Malicious URLs and DNS queries
  • Detailed malware intelligence

Actionable Intelligence

Complementing WildFire is the new AutoFocus service, which provides users with the ability to quickly investigate highly targeted and unique attacks, discover the context around them, and correlate them with adversaries and campaigns. AutoFocus gives you actionable intelligence and context, so you can better understand how attacks on your network relate to threat campaigns around the globe.

Breaking the Cyber Attack Lifecycle

A new approach to prevention and resilience.



New Strategies to Detect, Prevent, and Defend. 
iSMG Advanced Threat Prevention Survey

Learn more about our WildFire product in this Datasheet

Leverage global threat intelligence to prevent the latest attacks: Threat Intelligence Cloud

Chat with Sales
Have questions?
Connect with someone who has answers.
Chat now