WildFire: Automatically Detect and Prevent Unknown Threats
WildFireTM simplifies an organization’s response to the most dangerous threats—automatically detecting unknown malware and quickly preventing threats before organizations are compromised. Unlike legacy security solutions, WildFire quickly identifies and stops these advanced attacks without requiring manual human intervention or costly Incidence Response (IR) services after the fact.
WildFire offers a completely new approach to Cybersecurity. Through native integration with Palo Alto Networks’ Enterprise Security Platform, the service brings advanced threat detection and prevention to every security platform deployed throughout the network, automatically sharing protections with all WildFire subscribers globally in about 15 minutes. The service offers:
- Unified hybrid cloud architecture, either deployed through the public cloud, or via a private cloud appliance that maintains all data on the local network.
- Dynamic analysis of suspicious content in a cloud-based virtual environment to discover unknown threats.
- Automatic creation and enforcement of best-in-class content-based malware protections.
- Link detection in email, proactively blocking access to malicious websites.
Advanced attacks are not point in time events. Adversaries deliver attacks persistently, often using non-standard ports, protocols, or encryption for subsequent attack stages. Like Palo Alto Networks’ next-generation firewall, WildFire provides complete visibility into all traffic—including advanced threats—across nearly 400 applications, including web traffic, email protocols (SMTP, IMAP, POP), and FTP regardless of ports or encryption (SSL).
Turn the Power of the Cloud Against Unknown Threats
WildFire’s unified public/private cloud-based architecture maximizes the sharing of threat intelligence while minimizing hardware requirements. The architecture allows the service to be deployed from any Palo Alto Networks security platform, with no additional hardware, or as a private cloud option (WF-500 appliance), where all analysis and data remain on the local network.
Whether deployed as a public or private cloud, WildFire’s analysis environment is shared across all security platforms on a customer’s network, as opposed to deploying single-use sandboxing hardware at every ingress/egress point and network point of presence.
Uniquely, WildFire can also detect unknown malware pervasively throughout the network. Wherever a Palo Alto Networks security platform is deployed now becomes a point of malware detect and prevention, including:
Automatically Protect Users and Stop Compromise
The first step is to detect unknown threats, but next you must automatically close the loop to prevent them from reaching the network. Once WildFire discovers a new threat, the service automatically generates protections across the cyber attack kill-chain, blocking malicious files and command-and-control traffic. Uniquely, these protections are content-based, not relying on easily changed attributes such as hash, filename or URL. These advanced protections allow the service to block the initial malware, and future variants without any additional action or analysis. WildFire informs the protection of other Palo Alto Networks security services, blocking threats in-line through:
- Threat Prevention (Anti-malware, DNS, command-and-control)
- Web Security (malicious URLs in PAN-DB)
- GlobalProtect (Anti-malware for mobile devices)
Quick Investigations with Rich Forensics and Reporting
Quickly identify infected users and investigate potential breaches with integrated logs, analysis, and visibility of unknown threat events directly accessible in Panorama, the Palo Alto Networks management interface, or via the WildFire portal. Integration with User-ID allows security administrators to quickly identify targeted users based on corporate directory information, not IP addresses. This detailed intelligence provides insight into:
- Network and host-based indicators of compromise
- Malware behaviors
- Detailed email forensics on sender, recipient and subject
- Malicious URLs and DNS queries
- Detailed malware intelligence