Geek Out Over 4 New WildFire and Threat Prevention Features in PAN-OS 7.0

Charissa Fleischer

PAN-OS 7.0 is out and is jam-packed with new features including the following noteworthy WildFire and threat prevention features:

Grayware Verdict


The new WildFire grayware analysis result is introduced to clearly identify executables that behave similarly to malware, but are not malicious in nature or intent. A grayware result might be assigned to executables that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows the security responder to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly. While antivirus signatures are not generated for grayware, WildFire logs can continue to alert the security responder to endpoints endpoints downloading grayware, in order to assess if such events are concerning.

Read more >> WildFire Grayware Verdict.

Blocking of Encoded Content

A new file type classification, Multi-Level-Encoding, can now be used to log or block content that has been compressed or otherwise encoded to a high degree. As the firewall can now decode and inspect up to four levels of encoding (see Increased Inspection Depth for Multi-Level Compression and Encoding), the new classification can be used to block files that have been encoded five times or more. Multiple levels of encoding can be used as an evasion technique to circumvent security devices; using the Multi-Level-Encoding file type to perform file-blocking ensures that unidentified files that have not been processed for threats are not passed through the firewall.

Read more >> Blocking of Encoded Content.

Hybrid Cloud

Security responders no longer have to choose between cloud-based and on-premise sandboxing and signature generation. Our hybrid cloud capabilities allow security responders more sandboxing flexibility, as they’re able to define which file types are sent to the WildFire public cloud versus the on-premise WF-500 appliance (used to host a private cloud). The new WildFire Hybrid Cloud feature enables customers to alleviate privacy or regulatory concerns by utilizing WildFire private cloud analysis for certain file types, and benefit from the comprehensive analysis capabilities of the WildFire public cloud for all other file types.

Read more >> WildFire Hybrid Cloud.

Intuitive Workflow to Forward Samples for WildFire Analysis

PAN-OS 7.0 introduces the new WildFire Analysis profile to set up a firewall to forward unknown files and email links for WildFire analysis—the WildFire analysis profile replaces the need in previous release versions to use a file-blocking profile to setup file-forwarding. Use a WildFire analysis profile to define traffic to be forwarded to the WildFire public cloud or a WildFire private cloud based on file type, application, or transmission direction (upload or download). Attach the WildFire analysis profile to a security policy rule, so that traffic allowed by the rule is evaluated against the WildFire analysis profile and forwarded to either the WildFire public cloud or private cloud for analysis.

Can’t Get Enough of PAN-OS 7.0?

Check out the New Features Guide 7.0 and the PAN-OS 7.0 Release Notes on the Technical Documentation Site, or select the 7.0 facet (under OS Version) on the Document Search page! Also, check out a few of our recent Technical Documentation posts highlighting other awesome features of PAN-OS 7.0:

Happy reading!
Your friendly Technical Publications team

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42