As with all Palo Alto Networks analysis, threat prevention is applied in full application and protocol context – across all of your traffic and ports – to ensure that threats are detected and blocked, despite evasion attempts. Content-ID provides you with fully integrated protection from vulnerability exploits, malware and malware-generated command and control traffic. Our threat prevention technologies include:
- IPS – IPS functionality blocks vulnerability exploits, buffer overflows, and port scans. Additional capabilities, like blocking invalid or malformed packets, IP defragmentation and TCP reassembly, protect you from the evasion and obfuscation methods used by attackers (available as part of our Threat Prevention subscription).
- Anti-Malware – Known malware as well as future variations of known malware are detected by a stream-based engine that blocks in-line at very high speeds; updated protection for unknown malware is available within as little as 5 minutes for WildFire customers (available as part of our Threat Prevention subscription).
- Command and Control – Stops malware outbound communications, as well as passively analyzes DNS queries, and will identify the unique patterns of botnets. This reveals infected users, prevents secondary downloads and data from leaving your enterprise (available as part of our Threat Prevention subscription).
- URL Filtering – Our fully integrated URL Filtering database lets you more easily and effectively enforces your policies for Web browsing, as well as reduces malware incidents by blocking access to known malware and phishing download sites (available as part of our URL Filtering PAN DB subscription).
- File and Data Filtering – The data filtering features in Content-ID enable you to implement policies that reduce the risks associated with the transfer of unauthorized files and data, such as file blocking by type; data filtering to control the transfer of sensitive data patterns, including credit card and Social Security numbers in application content or attachments; and file transfer function control that provides control over file transfer functionality within an individual application, allowing application use while preventing undesired inbound or outbound file transfers (available on all Next-Generation Firewalls).