Tag Archives: WildFire

Palo Alto Wildfire Malware Analysis

Network attacks are increasingly driven by sophisticated malware that is designed to avoid traditional antivirus controls. WildFire extends the next-generation firewall to identify and block targeted and unknown malware by actively analyzing unknown malware in a safe, cloud-based virtual environment, where Palo Alto Networks can directly observe malicious malware behaviors.

WildFire automatically generates protections for newly discovered malware, and delivers these protections globally, enabling all customers to benefit from the analysis. With version 5 of PAN OS, Wilfire is now available in a pay-for subscription service.

Basic WildFire functionality is available to all Palo Alto Networks customers at no charge. You can automatically submit suspicious files to WildFire and protections are delivered with regular threat prevention content updates (threat prevention license is required). The pay-for WildFire license provides WildFire protection within 1 hour of new malware being detected anywhere in the world, integrated logging/reporting; access to WildFire API for programmatic submission of up to 100 samples per day and up to 1,000 report queries by file hash per day.

About Wildfire:

Turning the Power of the Cloud Against Malware

WildFire is built on a revolutionary architecture that marries the high throughput and full visibility of the next-generation firewall to inspect all traffic with the scalability and flexibility of the cloud to safely analyze vast quantities of potentially malicious files. By performing analysis in the cloud, WildFire can give complete freedom to malware to perform any actions without putting the your network at risk. Also, leveraging the power of the cloud removes the need to install additional single-use hardware in your network, and as malware analysis demands grow, the WildFire cloud can simply add capacity as needed. Furthermore as malware evolves, sandbox logic can easily be updated in the cloud without requiring any updates to your firewalls.

Automatically Protect Users and Stop Outbreaks

Detecting a threat is always the first step, but the real value lies in protecting users and the network itself. When WildFire identifies new malware, it automatically generates protections, which are delivered to all WildFire subscribers world-wide within 1 hour. This allows subscribers to share in the intelligence gathered from all WildFire users, and stop malware outbreaks before they spread. WildFire also analyzes command-and-control behaviors, URLs and DNS patterns to identify and block traffic from any users who may already be infected. Furthermore, as a true inline firewall, Palo Alto Networks always retains the ability to directly drop malicious traffic instead of relying solely on TCP resets which can easily be filtered or ignored by malicious endpoints.

Correlation and Reporting

WildFire provides a wealth of analysis and forensics for all inspected files. The WildFire portal is available to all WildFire users and provides a window in malware behavior including any malicious actions, domains the sample visited, files that were created and registry entries that were affected. Customers with the WildFire subscription additionally gain access to fully integrated WildFire logs and reports via the standard Palo Alto Networks user interface or Panorama. This log integration makes it easy to quickly tie malware to users, applications, URLs, files or other threats for fast incident response, and even modifying policies to reduce future attack vectors.

If you have any questions regarding Wildfire or require assistance in activating or upgrading your PAN-OS appliance, please contact your NCI rep today.