Palo Alto gives firewalls a cloud-based anti-malware sandbox with WildFire
Network security company Palo Alto Networks on Monday introduced a new anti-malware product for on-premises firewalls known as WildFire, which vets new and unknown files in a virtual sandbox to see if they're a new piece of malware, and then creates a distributable signature if they're determined to actually be bad files.
With the WildFire engine in place, a firewall will submit (either manually, or automatically based on policy) new and unknown .EXEs and .DLLs to a virtual cloud-based environment, where they are modeled against 70 different behavioral profiles to determine if they're malware.
If the files display the characteristics of malware, IT is then notified which user or machine has downloaded a malicious file and how it was delivered.
WildFire then generates a unique signature for both the individual file and the traffic it generates to protect all others on the network.
The information collected and analyzed by the service is available to administrators as reports in the WildFire portal, this includes information about the targeted user, application that delivered the malware, and URLs involved in the malware's delivery.
“Our approach to modern malware is the latest example of how we question conventional network security approaches until we’ve developed a better way of addressing the problem,” said Nir Zuk, founder and CTO of Palo Alto Networks. “Combining prior technical contributions such as sandboxing technology and cloud-based malware analysis with the unprecedented capabilities of a next-generation firewall has resulted in innovation that enterprises can feasibly deploy throughout their networks.”
WildFire is available to Palo Alto customers immediately.