Threats can be tricky and dangerous, executing in multiple stages with multiple payloads, changing behavior on the fly, launching automatically, and spreading quickly. To keep up, your protections must be intelligent, automated, and just as dangerous to attack components.

Our signatures are created based on the content of traffic and files, engineered to focus on how each threat operates, and automatically updated when new threats are identified. By delivering protections designed to look at the nuts and bolts of each threat, we can accurately identify them and prevent a broader number, to effectively defend customer organizations.

Payload-Based Signatures

Signatures based on hash match on a file’s fixed encoding. Because a file hash is very easily changed, hash-based signatures aren’t effective at detecting polymorphic malware or variants of the same file. Using hash-based signatures is like determining whether the contents of a box have spoiled based only on the box design, instead of looking at what’s inside.

Malware signatures based instead on payload can detect patterns in the body of the file, including payload characteristics, which act as reference points; so, if a malware file has been modified resulting in a new hash, our signature is still able to identify the payload and block the file.

Vulnerability-based Signatures

Exploits are traffic specially crafted to take advantage of vulnerabilities, or weaknesses, within software. There are multiple ways to exploit a single vulnerability, and, once a zero-day exploit is discovered, it’s not long before variations of that new exploit start to show up in the wild.

By designing our IPS signatures to focus on the targeted vulnerability, we’re able to identify both the application and the type of vulnerability targeted, and prevent multiple exploits with a single signature, blocking the exploitive traffic before it’s able to take advantage of your network.  

Communication-based Signatures

Command and control (CnC) channels primarily leverage HTTP and DNS to establish a communication link with attackers, through which they can control the host’s actions or exfiltrate data. Blocking these channels involves more than simply analyzing the reputation of the target IP address or domain.

Our CnC protections identify the reputation, type, and behavior of the communication channel to accurately determine its purpose and block those connections that are used to propagate threats. Because it’s relatively easy for attackers to establish new CnC channels, we constantly update these protections through WildFire.

Highly Effective Protection

Because they hone in on the payload, our malware signatures are capable of preventing multiple malware variations and exploits, including variations that haven’t yet been seen in the wild. Our malware protection is so effective that we’ve seen a single signature block more than 300,000 malware variations!

What this also means is that our customers require fewer signatures to prevent a greater amount of malware and exploits, decreasing the latency inherent in other stream-based prevention products.


Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 88
  • 247507

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 94319

PA-800 Series Datasheet

Palo Alto Networks PA-800 Series next-generation firewall appliances, comprised of the PA-820 and PA-850, are designed to secure enterprise branch offices and midsized businesses.
  • 19
  • 88744

PA-3200 Series Datasheet

Palo Alto Networks® PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220, all of which are targeted at high-speed internet gateway deployments. The PA-3200 Series secures all traffic, including encrypted traffic, using dedicated processing and memory for networking, security, threat prevention and management.
  • 3
  • 26997

PA-220 Datasheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices and retail locations.
  • 21
  • 77854

PA-3000 Series Datasheet

Key features, performance capacities and specifications for our PA-3000 Series.
  • 24
  • 107761