Palo Alto Networks Advanced WildFire
About the product
Palo Alto Networks Advanced WildFire (AWF) is an advanced malware analysis and prevention solution that combines sandboxing, machine learning, and global real-time analysis to protect against known and unknown threats. Its architecture is based on a hybrid model that combines Palo Alto Networks’ Next Generation Firewall with an extensive cloud-based analytics platform. WildFire is available as a Cloud-Delivered Security Service integrated and available as an additional NGFW feature or as a physical appliance dedicated to environments without Internet access.
Wildfire uses a virtual sandbox environment for dynamic and static analysis of files and data streams, emulating over 130 system behaviors to detect evasion techniques. The analysis includes monitoring changes in the host system (e.g., registry modifications, persistence mechanisms), network traffic (including SSL/TLS-encrypted traffic), and anti-analysis techniques such as debugger detection.
The dynamic analysis includes a custom-built, enhanced hypervisor that enables covert observation of malicious code behavior, checking whether it is running in a sandbox environment to avoid detection. In addition, Advanced WildFire uses automated unpacking to fully expose the contents of packed or encrypted files, and introduces dependency emulation, which allows the analysis environment to simulate all necessary resources and libraries, enabling full execution and observation of malicious code.
A key innovation of AWF is intelligent real-time memory analysis that performs memory dumps at critical moments of malware activity, allowing the detection of hidden, advanced attack techniques.
WildFire uses machine learning and deep learning models to analyze large, structured and unstructured data sets, enabling the detection of new, previously unknown malware variants, including those generated by AI. The machine learning engine integrated with NGFW allows threats to be blocked inline, without the need to send files to a sandbox environment. ML models are continuously updated by the WildFire cloud, enabling the detection of scripted attacks (e.g., PowerShell) and advanced exploits. The system uses recursive analysis to unpack nested archives and extract embedded payloads.
Wildfire generates signatures based on content (content-based signatures), allowing to detect milions of polimorphic variants of threats using single signature
Advanced WildFire works based on cloud infrastructure, which enable analysis of milions unique files each day from diffrent sources providing quick reaction and delivering signatures during seconds from detecting threats.
See other products Palo Alto Networks 17
Cortex XDR
Cortex XDR is the world's first extended threat detection and response platform that collects and integrates all security data, making it easier to block sophisticated attacks.
Palo Alto Networks Next Generation Firewall (PA-Series, VM-Series, CN-Series)
Next Generation Firewall (NGFW) from Palo Alto Networks is an advanced network security platform that integrates traditional firewall functions with modern security mechanisms, application identification, and identity-based access control.
Palo Alto Networks Prisma Access
Palo Alto Networks Prisma Access is a comprehensive Secure Service Edge (SSE) platform that integrates advanced security features with cloud-based software-defined WAN technology (Prisma SD-WAN), delivering the Secure Access Service Edge (SASE) model.
Palo Alto Networks Prisma SDWAN
Palo Alto Networks Prisma SD-WAN is an advanced, cloud-delivered software-defined WAN solution that transforms traditional WANs into a virtualized, secure infrastructure.
Palo Alto Networks Threat Prevention (NGFW’s module)
In Palo Alto Networks solutions, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) functionalities are an integral part of the ATP (Advanced Threat Prevention) module, which extends the functionality of Palo Alto NGFW.
Palo Alto Networks NGFW Webproxy
Next Generation Firewall (NGFW) from software version 11.0 offers the ability to configure a web proxy feature that allows you to inspect and control HTTP/HTTPS traffic in one of two ways: explicit or transparent.
Palo Alto Networks Advanced DNS Security
Advanced DNS Security (ADNS) is a modern solution for Palo Alto Networks that protects against threats hidden in the DNS (Domain Name System) layer.
Palo Alto Networks SSL Decryption (build-in within PA-Series, VM-series, Prisma Access)
Palo Alto Networks SSL Decryption is an advanced feature built into Palo Alto Networks' Next Generation Firewall that enables SSL/TLS traffic decryption for threat detection, security policy enforcement, and prevention of hidden attacks.
Palo Alto Networks Enterprise DLP
Palo Alto Networks Enterprise Data Loss Prevention (DLP) is an advanced security solution that enables the detection and prevention of data leaks in network traffic.
Prisma Cloud (Cloud Security)
The Cloud Security module of Palo Alto Prisma Cloud provides security and regulatory compliance for cloud environments.
Palo Alto Networks Cortex XSOAR
Palo Alto Networks Cortex XSOAR (formerly DEMISTO) is dedicated SOAR (Security Orchestration, Automation, and Response) software that has been on the market since 2015.
Cortex XSIAM (Extended Security Intelligence and Automation Management)
The needs of SOC teams have evolved. Detecting security incidents and neutralizing them after detection takes organizations too much time.
Palo Alto Xpanse
Palo Alto Networks Xpanse is an advanced ASM solution that enables automatic detection and monitoring of all your organization's Internet-facing assets, regardless of who created them or where they are located.
Palo Alto Networks CASB
The Palo Alto Networks CASB (Cloud Access Security Broker) solution is an advanced cloud security platform designed to monitor, control, and protect access to SaaS applications and other cloud services in real time.
Palo Alto Networks Secure Web Gateway
Secure Web Gateway (SWG) is an advanced security solution from Palo Alto Networks designed to protect internet and cloud traffic from modern threats.
Palo Alto Networks Prisma Access Browser
Prisma Access Browser (PAB) is an advanced web browser based on the Chromium engine, natively integrated with the Prisma Access SSE solution, designed specifically for enterprises to secure both managed and unmanaged devices.
Palo Alto ITDR
Identity-related threats and malicious insiders are currently significant attack vectors for organizations. These threats involve unauthorized access to user accounts as a result of theft or the use of weak credentials, phishing attacks, or social engineering techniques.