• Save
Palo Alto Networks WildFire

Palo Alto Networks WildFire



Brief presentation of Palo Alto Networks WildFire malware protection solution.

Brief presentation of Palo Alto Networks WildFire malware protection solution.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • \n
  • Consists of two main components: virtual machine-based sandbox environment and an automatic malware signature generator\nCloud-based file analysis\n Virtual machines up in the cloud, no added burden on the customer\n Analyzes behavior looking for over 70 signals\n Registry mods, browser safety mods, file creation in windows system folders, injecting code into processes, deleting itself\n Automated report generation accessible via automated email reports and web portal\nAutomated malware signature generation\n Signatures generated automatically\n All signatures automatically and continually regression tested against a database of known clean files\n
  • Step through the process\n\nSetup and Sending of the File\nAdmin sets up policy to forward samples from internet to the cloud\nWhen firewall encounters binary to forward, checks signer.\n If signed by trusted source, don’t send.\nGenerate file hash and query the cloud for the file hash\n If we saw the file already, don’t send, just get result\nOtherwise, send up file (user configurable file size range limit)\n\nSample run in virtual machine for a period of time for analysis\nBehavior of sample analyzed.\n If malicious, a signature is automatically generated and appears in the next AV release.\nReports for all sample uploads are made available via the web portal and also via automated and configurable email reports\n
  • \n

Palo Alto Networks WildFire Palo Alto Networks WildFire Presentation Transcript

  • Palo Alto Networks - WildFire• Werner Schmidt, CISSP - Email: wschmidt@altaware.com - Phone: 866-833-4070 - Web: www.altaware.com1
  • Introducing WildFire• Identifies unknown malware by direct observation in a virtual sandbox environment - Looks for more than 70 malicious behaviors• Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates• Provides forensics and insight into malware behavior - Actions on the target machine2
  • WildFire Architecture Compare to Known Files Sandbox Environment Signature Generator Admin Web Portal • New Signatures • Unknown • Firewall Delivered to ALL Files From Submits File Firewalls. Portal Untrusted to WildFire provides malware Zones Cloud forensics3
  • An Integrated Approach to Threat Prevention App-ID™ Signatures Sources Behaviors• All traffic, all ports, •Block threats on all • Malware hosting •WildFire malware all the time ports URLs analysis• Application •93.4% block rate of • Recently registered •Download patterns signatures known exploits domains •Unknown traffic• Heuristics •5M+ malware • SSL decryption of •Malware behaviors samples high-risk sites• Decryption• Reduce the attack • Prevents known • Block known surface threats sources of threats • Pinpoints live infections and• Remove the ability • 90% of threats • Be wary of unknown threats to hide through 2015 unclassified and (Gartner) new domains4