High-Performance Threat Prevention

Enterprises of all sizes are at risk from a variety of increasingly sophisticated threats that have evolved to avoid many of the industry’s traditional security measures. Our Content-ID™ technology delivers a new approach based on the complete analysis of all allowed traffic, using multiple advanced threat prevention technologies in a single, unified engine.

Content-ID is based on a single-pass architecture, which is a unique combination of software and hardware that was designed from the ground up to integrate multiple threat prevention technologies (IPS, anti-malware, URL filtering, etc.) into a single stream-based approach that simplifies management, streamlines processing, and maximizes performance.

The user and application visibility and control of App-ID™ and User -ID™, coupled with the content inspection enabled by Content-ID, empowers IT teams to regain control over application traffic and related content. Watch this video to see how to retake control.


Learn more about the IPS, Antivirus, URL Filtering, and Data Filtering features.

As with all Palo Alto Networks analysis, threat prevention is applied in full application and protocol context – across all of your traffic and ports – to ensure that threats are detected and blocked, despite evasion attempts. Content-ID provides you with fully integrated protection from vulnerability exploits, malware and malware-generated command and control traffic. Our threat prevention technologies include:

  • IPS – IPS functionality blocks vulnerability exploits, buffer overflows, and port scans. Additional capabilities, like blocking invalid or malformed packets, IP defragmentation and TCP reassembly, protect you from the evasion and obfuscation methods used by attackers (available as part of our Threat Prevention subscription).
  • Anti-Malware – Known malware as well as future variations of known malware are detected by a stream-based engine that blocks in-line at very high speeds; updated protection for unknown malware is available within as little as 5 minutes for WildFire customers (available as part of our Threat Prevention subscription).
  • Command and Control – Stops malware outbound communications, as well as passively analyzes DNS queries, and will identify the unique patterns of botnets. This reveals infected users, prevents secondary downloads and data from leaving your enterprise (available as part of our Threat Prevention subscription).
  • URL Filtering – Our fully integrated URL Filtering database lets you more easily and effectively enforces your policies for Web browsing, as well as reduces malware incidents by blocking access to known malware and phishing download sites (available as part of our URL Filtering PAN DB subscription).
  • File and Data Filtering – The data filtering features in Content-ID enable you to implement policies that reduce the risks associated with the transfer of unauthorized files and data, such as file blocking by type; data filtering to control the transfer of sensitive data patterns, including credit card and Social Security numbers in application content or attachments; and file transfer function control that provides control over file transfer functionality within an individual application, allowing application use while preventing undesired inbound or outbound file transfers (available on all Next-Generation Firewalls).