PAN-OS 6.0: WildFire Delivers Breakthrough Visibility of Unknown Malware and Zero-Day Exploits

Scott Simkin


The tail end of 2013, and right into the New Year, has kept enterprise security teams working around the clock. Stealthy, persistent attacks have compromised tens of millions of customer records, often lurking in networks for extended periods of time to accomplish their mission. When it comes to these advanced attacks, one thing is clear: security teams require visibility into all traffic flowing over their network, irrespective of common evasions like port-hopping or hiding in SSL encryption.

With the new features in PAN-OS 6.0, Palo Alto Networks is delivering a breakthrough release for WildFire, extending our malware detection capabilities to more file types, discovering zero-day exploits, and simplifying the job of security and IR teams with granular malware intelligence.

WildFire now provides:

  • Extended threat detection across all common file types, including: Adobe PDF, Microsoft Office documents, Java, Zip files, and Android APKs. WildFire goes a step further across all these files, deeply analyzing them for high-risk embedded content such as Adobe Flash files, images, and Javascript.
  • Discovery of zero-day exploits across common applications and operating systems (OSs). This signature-less capability takes threat detection earlier in the cyber-kill chain, often identifying and preventing exploits from delivering malware.
  • New OSs in the WildFire cloud-based virtual analysis environment, to identify malware and exploits for both Windows XP and Windows 7. Unlike other solutions, threats are detected across both OSs in parallel, ensuring environment-aware threats are found and blocked.
  • Simplified identification and remediation of infected systems with new Indicators of Compromise (IOCs) such as detailing out changes to system files, registry modifications, and the actual behavior of malware across different operating systems.
  • Providing the original malicious file and full packet captures (PCAPs) of malware as it executes, for further analysis or development of custom protections.

These new features build on the native classification of all traffic within our Enterprise Security Platform, which includes visibility into nearly 400 applications that can transfer files, regardless of ports or encryption. Unlike other APT solutions, WildFire is built to understand threats based on how they truly operate, with the context of the applications used to deliver them, using a single integrated platform.

You can learn more about our new capabilities in the WildFire datasheet or PAN-OS 6.0 release notes. And take a minute to watch this short video covering new WildFire features.

 

 

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS