Palo Alto Networks WildFire Subscription 1 Year Renewal - PA-3020 - PAN-PA-3020-WF-R

WILDFIRE: BEYOND TRADITIONAL SANDBOXING

Palo Alto Networks WildFire cloud-based threat analysis service is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.

KEY CAPABILITIES

Prevent Unknown Threats at the Firewall Level with Inline Machine Learning

Powered by threat models continually honed in the cloud, WildFire includes an inline machine learning-based engine delivered within our hardware and virtual ML-Powered NGFWs. This innovative, signatureless capability prevents malicious content in common file types such as portable executable files and fileless attacks stemming from PowerShell completely inline, with no required cloud analysis, no damage to the content, and no loss of user productivity. Whether an unknown file matches an existing signature or is classified by an ML-Powered NGFW, WildFire always performs full analysis, extracting valuable intelligence and data to provide context for security analysts, generate training updates for the machine learning models, and share intelligence with other subscriptions to prevent other attack vectors.

Get Global Prevention Across the WildFire Ecosystem, Delivered in Seconds

For highly customized threats that its inline machine learning-powered prevention cannot stop, WildFire applies powerful cloud-based analysis to deliver prevention across networks, clouds, endpoints, or wherever WildFire-enabled sensors are deployed. Working in tandem with the new capabilities of PAN-OS, WildFire generates and delivers prevention globally within seconds of initial analysis for most new threats. This innovative, cloud-scale delivery of evasion-resistant signatures closes the window for adversaries to deploy malicious content successfully

Use Signatures, Not Hashes

Because WildFire uses content signatures for prevention instead of hashes, it can identify more malware with a single signature. As a result, compared to the mostly hash-based systems that require 1:1 ratios, WildFire protects against more attacks with the same resources. A single WildFire signature can protect against up to millions of polymorphic variants of a single malware.

Root Out Malicious Behavior in All Traffic

WildFire identifies files with potential malicious behaviors, and then delivers verdicts based on their actions by applying threat intelligence, analytics, and correlation alongside advanced capabilities:

• Complete malicious behavior visibility identifies threats in all traffic across hundreds of applications, including web traffic; email protocols like SMTP, IMAP, and POP; and file sharing protocols like SMB and FTP, regardless of ports or encryption.
• Suspicious network traffic analysis monitors all network activity produced by a suspicious file, including backdoor creation, downloading of next-stage malware, visiting low-reputation domains, network recon naissance, and much more.
• Fileless attack/script detection identifies when potentially malicious scripts, such as JScript and PowerShell, are traversing the network and forwards them to WildFire for analysis and execution.
The powerful discovery and analysis capabilities of WildFire are seamlessly integrated with numerous products across the Palo Alto Networks portfolio as well as within leading partner solutions across email and cloud platforms.

Stop Complex, Multi-Stage Attacks

Threat actors continue to evolve malware to evade existing analysis techniques by breaking attacks into distinct components and stages, using multiple concurrent delivery vectors, and exploiting reputable cloud services to avoid detection. These strategies render traditional single-stage, single-vector malware analysis ineffective. By combining the cloud-scale of WildFire with advanced file analysis and URL crawling, Multi-Vector Recursive Analysis (MVRA) delivers a unique and comprehensive solution to prevent threat actors from sophisticated multi-stage, multi-hop attacks. Unlike other solutions, WildFire can follow multiple stages of attack from a file analysis standpoint even if execution fails in a given stage. This workflow unifies analysis across both web and file attack vectors, enabling a unique, holistic view of a campaign over multiple stages. Attackers can no longer hide malicious content behind multiple stages of benign URLs or reputable document sharing sites.

Deploy in a Safe, Scalable Cloud-Based Architecture

The cloud-based architecture of WildFire supports unknown threat analysis and prevention at a massive scale across networks, endpoints, and clouds. Files are submitted to the WildFire global cloud, delivering scale and speed, and any Palo Alto Networks customer can quickly turn on the service, including users of hardware and virtual MLPowered NGFWs, public cloud offerings, Prisma SaaS, and Cortex XDR agents. Palo Alto Networks manages the WildFire infrastructure directly, following industry-standard best practices for security and confidentiality, with regular SOC 2 compliance audits.