Palo Alto Networks

The rapid evolution of malware dictates that a new approach to detection and protection mechanism development be taken. Introducing WildFire, a new, more responsive approach to modern malware protection. Using the combined power of Palo Alto Networks next-generation firewalls and a cloud-based service, WildFire exposes previously unseen malicious executable files by directly observing their behavior in a secure virtualized environment. This direct analysis quickly and accurately identifies new malware, leading to the automated creation of new signatures that are distributed to all Palo Alto Networks devices via the current threat prevention subscription service.
Stacks Image 8024
When the firewall encounters an unknown .EXE or .DLL that has been delivered by any application, even those that are encrypted with SSL, the file can be submitted to the WildFire virtualized sandbox, where Palo Alto Networks can directly observe more than 70 malicious behaviors that can reveal the presence of malware. Submissions can be made manually or automatically based on policy.

When a sample is identified as malware, the sample is passed on to WildFire's signature generator, which automatically generates a signature for the sample and tests it for accuracy. The new signature is then distributed in the next content update. Palo Alto Networks also develops signatures for the all-important command and control traffic, enabling staff to immediately disrupt the communications of any malware inside the network.

WildFire intelligence and forensics

In addition to providing protection, administrators have access to a wealth of actionable information about the detected malware through the WildFire portal. A detailed behavioral report of the malware is produced, along with information on the user that was targeted, the application that delivered the malware, and all URLs involved in the delivery or phone-home of the malware.

Integration of firewall and the cloud

WildFire makes use of a customer's on-premises firewalls in conjunction with Palo Alto Networks cloud-based analysis engine to ensure in-line performance, while using the cloud to deliver the fastest protections for all enterprise locations.
Is WildFire a FireEye alternative?
In our opinion, yes it can be. WildFire will continue to evolve, but already offers near realtime protection against new unknown malware by using a cloud based virtual sandbox or on-premise appliance. Palo Alto Networks will continue to develop and expand the product. The firewall is the proper location to perform this inspection. PAN firewalls offer tremendous real performance and now leverage the cloud to add further protections.

FireEye is a great point solution, now with Palo Alto Networks this becomes another feature on an already existing powerful security gateway. Did we mention this saves a lot of money compared to multiple point solutions?
How much does WildFire cost?
WildFire “knowledge” of new malware from other reporting sites is eventually included in the Threat Prevention license. This is a tremendous value add that Palo Alto Networks has added to further secure networks. Optionally use GlobalProtect to secure roaming mobile platforms.

However, if you want even more timely protection you can subscribe to a WildFire subscription to get threat updates in less then an hour, on average every 30 minutes. This offers superior zero day (0 day) protection versus waiting 24 hours for a threat subscription update.
Why is WildFire better for protecting against malware than standard desktop software?
Endpoint software is based upon signature matches. In today's threat landscape with polymorphic (rapidly changing) malware, signatures provide limit protection. Based upon on some studies, as much as 70% of malware could be undetected with purely signature based desktop or laptop agent based software protection.
How often are updates applied?
Potential threats are sent to the cloud near realtime (you determine the frequency). The virtual sandbox analyzes the characteristics of the attachment to determine if it could be malicious based upon those actions. If it is, the PAN WildFire service will create a new threat signature match and release that as an update to the PAN threats database. You can set your PAN to check hourly or every 30 minutes for new signatures and apply those on the firewall automatically. This also means that as a valid subscriber to the threats database that you get additional protection from all the other deployed devices across the world.

With an optional WildFire subscription, updates on average can be received every 30 minutes, typically no more than a one hour delay. Again, this requires the optional WildFire subscription to get updates within the hour versus after 24 hours.
How can I tell what was found in the cloud?
As part of WildFire and having a support account, you get access to your own WildFire portal and can view what was found for your own PAN firewalls. It will let you know what has been determined to not be a threat, is still pending an analyses or was in fact a new threat. Please note, as of PANOS 5.s, there have been additional enhancements to WildFire and on box integration versus could portal login.
What does WildFire do?
It inspects EXE and DLL files and some other tile types. If the inspected files are currently unknown, based upon signatures, then they are submitted to a virtual sandbox in the cloud where it is checked to see if it exhibits any of roughly 70 malicious behaviors that malware might be exhibiting. It then tracks and reports those observations via a hosted portal site that the end customer can access. It then notes the signature and distributes that to all PAN firewalls with current threat licenses preventing further spread of the malware.

With the optional Palo Alto Networks WildFire subscription, signatures updates are applied much more frequently, this is especially important during the critical first 24 hours.
Got a question? Click anywhere on the line to send a message to us at Altaware, Inc.
Alternatively, you can find out how to reach us via our Contact Us page.
Palo Alto Networks | WildFire