Content-ID combines a real-time threat prevention engine with a comprehensive URL database and elements of application identification to limit unauthorized data and file transfers, detect and block exploits, malware and malware communications as well as control of unapproved web surfing. The application visibility and control delivered by App-ID, combined with the content inspection enabled by Content-ID means that IT departments can regain control over application traffic and the related content.
Integrated IPS and AntiMalware.
Content-ID provides a fully integrated protection from vulnerability exploits, malware as well as the all-important malware generated command-and-control traffic. As with all Palo Alto Networks analysis, threat prevention is applied in full application and protocol context across all traffic and across all ports to ensure threats are detected and blocked regardless of evasion attempts. Threat prevention technologies include:
- NSS-Rated IPS - IPS functionality blocks vulnerability exploits, buffer overflows, DoS attacks and port scans from compromising and damaging enterprise information resources. Additional attack protection capabilities such as blocking invalid or malformed packets, IP defragmentation and TCP reassembly are utilized for protection against evasion and obfuscation methods employed by attackers.
- Stream-Based Network Antivirus - Palo Alto Networks maintains a database of more than 15 million samples of malware with an additional 50,000 samples analyzed daily. Malware is detected and blocked with a stream-based engine allowing for in-line blocking of malware at very high speeds. Malware enforcement is available across a variety of protocols including HTTP, SMTP, IMAP, POP3, FTP and SMB.
- AntiSpyware – In addition to controlling viruses and malware, Content-ID stops spyware and malware communications including botnet communications, browser hijacks, adware, backdoor behavior, keyloggers, data theft, net-worms, and peer-to-peer traffic. The solution also passively analyzes DNS queries to identify the unique patterns of botnets to reveal users who are infected and to prevent data from leaving the enterprise environment.
Fully integrated URL filtering database enables policy control over web browsing activity, complementing the policy-based application visibility and control that the Palo Alto Networks next-generation firewalls deliver. URL filtering visibility and policy controls can be tied to specific users through the transparent integration with enterprise directory services (Active Directory, LDAP, eDirectory) with additional insight provided through customizable reporting and logging.
- Securely enable web usage with the same policy control mechanisms that are applied to application – allow, allow and scan, apply QoS, block and more.
- Reduce malware incidents by blocking access to known malware and phishing download sites.
- Tailor web filtering control efforts with white lists (allow), black lists (block), custom categories and database customization.
- Facilitate SSL decryption policies such as “don’t decrypt traffic to financial services sites” but “decrypt traffic to blog sites”.
File and Data Filtering.
Data filtering features enable administrators to implement policies that will reduce the risks associated with the transfer of unauthorized files and data.
- File blocking by type: Control the flow of a wide range of file types by looking deep within the payload to identify the file type (as opposed to looking only at the file extension).
- Data filtering: Control the transfer of sensitive data patterns such as credit card and social security numbers in application content or attachments.
- File transfer function control: Control the file transfer functionality within an individual application, allowing application use yet preventing undesired inbound or outbound file transfer.