WildFire: Sandbox analysis of unknown threats
Network attacks are increasingly driven by sophisticated malware that is designed to avoid traditional antivirus controls. WildFire extends the next-generation firewall to identify and block targeted and unknown malware by actively analyzing unknown malware in a safe, cloud-based virtual environment, where Palo Alto Networks can directly observe malicious malware behaviors. WildFire automatically generates protections for newly discovered malware, and delivers these protections globally, enabling all customers to benefit from the analysis.
Turning the Power of the Cloud Against Malware
WildFire is built on a revolutionary architecture that marries the high throughput and full visibility of the next-generation firewall to inspect all traffic with the scalability and flexibility of the cloud to safely analyze vast quantities of potentially malicious files. By performing analysis in the cloud, WildFire can give complete freedom to malware to perform any actions without putting the your network at risk. Also, leveraging the power of the cloud removes the need to install additional single-use hardware in your network, and as malware analysis demands grow, the WildFire cloud can simply add capacity as needed. Furthermore as malware evolves, sandbox logic can easily be updated in the cloud without requiring any updates to your firewalls.
Automatically Protect Users and Stop Outbreaks
Detecting a threat is always the first step, but the real value lies in protecting users and the network itself. When WildFire identifies new malware, it automatically generates protections, which are delivered to all WildFire subscribers world-wide within 1 hour. This allows subscribers to share in the intelligence gathered from all WildFire users, and stop malware outbreaks before they spread. WildFire also analyzes command-and-control behaviors, URLs and DNS patterns to identify and block traffic from any users who may already be infected. Furthermore, as a true inline firewall, Palo Alto Networks always retains the ability to directly drop malicious traffic instead of relying solely on TCP resets which can easily be filtered or ignored by malicious endpoints.
Correlation and Reporting
WildFire provides a wealth of analysis and forensics for all inspected files. The WildFire portal is available to all WildFire users and provides a window in malware behavior including any malicious actions, domains the sample visited, files that were created and registry entries that were affected. Customers with the WildFire subscription additionally gain access to fully integrated WildFire logs and reports via the standard Palo Alto Networks user interface or Panorama. This log integration makes it easy to quickly tie malware to users, applications, URLs, files or other threats for fast incident response, and even modifying policies to reduce future attack vectors.