Your network is facing a rapidly evolving threat landscape full of modern applications, exploits, malware, and attack strategies that can avoid traditional methods of detection. Threats are delivered via applications that:
- Dynamically hop ports
- Use non-standard ports
- Tunnel within other applications
- Hide within proxies, SSL or other types of encryption
Additionally, your enterprise is exposed to targeted and customized malware, which can easily pass undetected through traditional antivirus solutions.Threat Prevention Datasheet
Palo Alto Networks addresses these challenges with unique threat prevention abilities that you cannot find in other security solutions. First, our next-generation firewall removes the methods that threats use to hide from security through completely analyzing all traffic, on all ports, regardless of evasion, tunneling or circumvention techniques.
Then, Palo Alto Networks leverages multiple threat prevention disciplines, including IPS, anti-malware, URL filtering, DNS monitoring and sinkholing, and file and content blocking, to control known threats. Security teams can also use our Behavioral Botnet Report to identify the unique patterns of botnet infections in your network. Finally, WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) in a cloud-based virtual malware analysis environment. This scalable service automatically develops and shares protections worldwide in as little as 30 minutes.
Unique visibility and threat prevention architecture
Palo Alto Networks threat prevention is built on the unique ability to inspect all of your traffic on all ports, regardless of evasion tactics. Our solution decodes more than 100 applications and protocols to look for threats hidden within streams of your application data. You can selectively decrypt SSL by policy to ensure that threats are not allowed to hide inside the encrypted stream, and you can control the proxies, circumventors, and encrypted tunnels attackers use to hide.
Palo Alto Networks designed a unique approach that performs all threat analysis in a single unified engine, and leverages a common signature format. This means that your content is processed only once, and performance remains steady even as additional protections are enabled.
Multiple coordinated threat disciplines for known threats
Palo Alto Networks brings multiple security disciplines into a single context and single threat prevention engine. This context enables your security team to easily see beyond individual security events and recognize the full extent of a threat. In a uniform context, you can see the interconnection of:
- DNS queries
- Anomalous network behaviors
- Targeted malware
This context leads you to important conclusions faster, streamlines management and reporting, and ensures predictable performance by analyzing traffic once instead of progressive scanning in multiple engines.
WildFire: Protection from targeted and unknown threats
Modern attackers have increasingly turned to unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) to sneak past traditional security solutions. To meet this challenge, Palo Alto Networks developed WildFire, an advanced virtual malware analysis environment, purpose-built for high fidelity hardware emulation, analyzing suspicious samples as they execute. The cloud-based service detects and blocks targeted and unknown malware, exploits, and outbound C2 activity by observing their actual behavior, rather then relying on pre-existing signatures.
Once a file is deemed malicious, WildFire automatically generates that are shared globally in as little as 30 minutes. The security service tightly integrates with Palo Alto Networks next-generation firewalls, allowing complete control over cyber criminals as they attempt to deliver malware or communicate with infected systems.
WildFire users receive integrated logs, analysis, and visibility into WildFire events in the Palo Alto Networks management interface, Panorama, or the WildFire portal, enabling teams to quickly investigate and correlate events observed in their networks.