WildFire: Automatically Detect and Prevent Unknown Threats
WildFire™ cloud-based malware analysis environment offers a completely new approach to cybersecurity. Through native integration with Palo Alto Networks® Enterprise Security Platform, the service brings advanced threat detection and prevention to every security platform deployed throughout the network, automatically sharing protections with all WildFire subscribers globally in about 15 minutes. The service offers:
- Unified, hybrid cloud architecture deployed via either the public cloud, a private cloud appliance that maintains all data on the local network, or a combination of the two.
- Dynamic analysis of suspicious content in a cloud-based virtual environment to discover unknown threats.
- Automatic creation and enforcement of best-in-class, content-based malware protections.
- Link detection in email, proactively blocking access to malicious websites.
Advanced attacks are not point-in-time events. Adversaries deliver attacks persistently, often using non-standard ports, protocols or encryption for subsequent attack stages. Like Palo Alto Networks Next-Generation Firewall, WildFire provides complete visibility into unknown threats within all traffic across thousands of applications, including Web traffic, email protocols (SMTP, IMAP, POP), and FTP, regardless of ports or encryption (SSL).
WildFire simplifies an organization’s response to the most dangerous threats, automatically detecting unknown malware and quickly preventing threats before an enterprise is compromised. Unlike legacy security solutions, WildFire quickly identifies and stops these advanced attacks without requiring manual human intervention or costly Incident Response (IR) services after the fact.
Check out WildFire at a glance.
Turn the Power of the Cloud Against Unknown Threats
WildFire has a unified public/private cloud-based architecture that maximizes the sharing of threat intelligence while minimizing hardware requirements. The architecture allows the service to be deployed from any Palo Alto Networks security platform, with no additional hardware, or as a private cloud option (WF-500 appliance), where all analysis and data remain on the local network.
Whether deployed as a public or private cloud, or a hybrid of the two, the WildFire analysis environment is shared across all security platforms on a customer’s network, as opposed to deploying single-use sandboxing hardware at every ingress/egress point and network point of presence.
WildFire can also detect unknown malware pervasively throughout the network. Any location where a Palo Alto Networks security platform is deployed now becomes a point of malware detection and prevention, including:
Automatically Protect Users and Stop Compromise
The first step is to detect unknown threats, but next you must automatically close the loop to prevent them from reaching the network. Once WildFire discovers a new threat, the service automatically generates protections across the attack lifecycle, blocking malicious files and command-and-control traffic. Uniquely, these protections are content-based, not relying on easily changed attributes such as hash, filename or URL, allowing the service to block the initial malware and future variants without any additional action or analysis. WildFire informs the protection of other Palo Alto Networks security services, blocking threats in-line through:
- Threat Prevention (anti-malware, DNS, command-and-control)
- Web Security (malicious URLs in PAN-DB)
- GlobalProtect (anti-malware for mobile devices)
Create a closed loop of detection and prevention: Threat Prevention at a glance
Quick Investigations with Rich Forensics and Reporting
Quickly identify infected users and investigate potential breaches with integrated logs, analysis, and visibility of unknown threat events directly accessible in Panorama™, the Palo Alto Networks management interface, or via the WildFire portal. Integration with User-ID™ allows security administrators to quickly identify targeted users based on corporate directory information, not IP addresses. This detailed intelligence provides insight into:
- Network and host-based indicators of compromise
- Malware behaviors
- Detailed email forensics on sender, recipient and subject
- Malicious URLs and DNS queries
- Detailed malware intelligence
Complementing WildFire is the new AutoFocus service, which provides users with the ability to quickly investigate highly targeted and unique attacks, discover the context around them, and correlate them with adversaries and campaigns. AutoFocus gives you actionable intelligence and context, so you can better understand how attacks on your network relate to threat campaigns around the globe.
Breaking the Cyber Attack Lifecycle
A new approach to prevention and resilience.