WildFire: Dynamic analysis to identify and block unknown threats.
Advanced cyber attacks are employing stealthy, persistent methods to evade traditional security measures. Skilled adversaries demand that modern security teams re-evaluate their basic assumptions that traditional intrusion prevention systems, antivirus and single-purpose sandbox appliances are up to the task of defeating APTs.
WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) by directly executing them in a scalable cloud-based, virtual sandbox environment. WildFire automatically creates and disseminates protections in near real-time to help security teams meet the challenge of advanced cyber attacks.
Extending the next-generation firewall platform that natively classifies all traffic across nearly 400 applications, WildFire uniquely applies this behavioral analysis regardless of ports or encryption, including full visibility into web traffic, email protocols (SMTP, IMAP, POP), FTP, and SMB.
Learn more about the APT Prevention Feature.
Turning the Power of the Cloud Against Unknown Threats
To support dynamic malware analysis across the network at scale, WildFire is built on a cloud-based architecture that can be leveraged by your existing Palo Alto Networks next-generation firewall, with no additional hardware. The WildFire cloud can be delivered either as a public cloud (default) or as a private cloud (deployed locally on a WF-500 appliance).
Whether deployed as a public or private cloud, the WildFire architecture is uniquely designed to meet the demands of analyzing large numbers of potentially malicious content. With WildFire, the virtual malware analysis environment is shared across all firewalls, as opposed to deploying single-use hardware at every ingress/egress point and network point of presence. This approach ensures maximum sharing of threat information, while minimizing the hardware requirements of the task.
Automatically Protect Users and Stop Outbreaks
Detecting a threat is always the first step, but the real value of WildFire lies in protecting your users and network. When an unknown threat is discovered, WildFire automatically generates protections to block the threat across the cyber kill-chain, sharing these updates with all subscribers across the globe in as little as 30 minutes. These quick updates are able to stop rapidly spreading malware, as well as identify and block the proliferation of all future variants without any additional action or analysis.
In conjunction with protection from malicious and exploitive files, WildFire analysis looks deeply into malicious outbound communication, disrupting command-control activity with anti-C2 signatures and DNS-based callback signatures. The information is also fed into PAN-DB, where newly discovered malicious URLs are automatically blocked. This correlation of data and in-line protections are key to identifying and blocking ongoing intrusions as well as future attacks on a network.
Correlation and Reporting
WildFire users receive integrated logs, analysis, and visibility into WildFire events in the Palo Alto Networks management interface, Panorama, or the WildFire portal, enabling teams to quickly investigate and correlate events observed in their networks. This allows security staff to quickly locate the data needed for timely investigations and incident response, such as host-based and network-based indicators of compromise, and make this data actionable through log queries or custom signatures.
The information gives you powerful insight into malicious behavior including:
- Malicious actions
- Domains the sample visited
- Files that were created
- Affected registry entries