Palo Alto Networks WildFire


Published on

Brief presentation of Palo Alto Networks WildFire malware protection solution.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • \n
  • Consists of two main components: virtual machine-based sandbox environment and an automatic malware signature generator\nCloud-based file analysis\n Virtual machines up in the cloud, no added burden on the customer\n Analyzes behavior looking for over 70 signals\n Registry mods, browser safety mods, file creation in windows system folders, injecting code into processes, deleting itself\n Automated report generation accessible via automated email reports and web portal\nAutomated malware signature generation\n Signatures generated automatically\n All signatures automatically and continually regression tested against a database of known clean files\n
  • Step through the process\n\nSetup and Sending of the File\nAdmin sets up policy to forward samples from internet to the cloud\nWhen firewall encounters binary to forward, checks signer.\n If signed by trusted source, don’t send.\nGenerate file hash and query the cloud for the file hash\n If we saw the file already, don’t send, just get result\nOtherwise, send up file (user configurable file size range limit)\n\nSample run in virtual machine for a period of time for analysis\nBehavior of sample analyzed.\n If malicious, a signature is automatically generated and appears in the next AV release.\nReports for all sample uploads are made available via the web portal and also via automated and configurable email reports\n
  • \n
  • Palo Alto Networks WildFire

    1. 1. Palo Alto Networks - WildFire• Werner Schmidt, CISSP - Email: - Phone: 866-833-4070 - Web: www.altaware.com1
    2. 2. Introducing WildFire• Identifies unknown malware by direct observation in a virtual sandbox environment - Looks for more than 70 malicious behaviors• Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates• Provides forensics and insight into malware behavior - Actions on the target machine2
    3. 3. WildFire Architecture Compare to Known Files Sandbox Environment Signature Generator Admin Web Portal • New Signatures • Unknown • Firewall Delivered to ALL Files From Submits File Firewalls. Portal Untrusted to WildFire provides malware Zones Cloud forensics3
    4. 4. An Integrated Approach to Threat Prevention App-ID™ Signatures Sources Behaviors• All traffic, all ports, •Block threats on all • Malware hosting •WildFire malware all the time ports URLs analysis• Application •93.4% block rate of • Recently registered •Download patterns signatures known exploits domains •Unknown traffic• Heuristics •5M+ malware • SSL decryption of •Malware behaviors samples high-risk sites• Decryption• Reduce the attack • Prevents known • Block known surface threats sources of threats • Pinpoints live infections and• Remove the ability • 90% of threats • Be wary of unknown threats to hide through 2015 unclassified and (Gartner) new domains4