In today’s threat landscape, traditional malware has become highly targeted and evasive, and specifically designed to be completely undetectable. The goal is to breach the network perimeter by delivering malware that can move laterally across an organisation, extracting valuable data as it spreads – all while remaining invisible to traditional network defenses.
Palo Alto Networks® protects your network against these threats by providing multiple layers of prevention, confronting threats at each phase of the attack. Our Threat Prevention subscription protects the network from advanced threats by identifying and scanning all traffic – applications, users, and content – across all ports and protocols.
Block Threats At The Perimeter
Vulnerability-based protections detect and block exploit attempts and evasive techniques on both the network and application layers, including port scans, buffer overflows, protocol fragmentation and obfuscation.
- Protections are based on both signature matching and anomaly detection.
- Anomaly detection decodes and analyzes protocols, and uses the information learned to block malicious traffic patterns.
- Stateful pattern matching detects attacks across multiple packets, taking into account arrival order and sequence.
Check out Intrusion Prevention at a glance.
A large portion of today’s network traffic – nearly 35% – is encrypted with SSL, leaving a gaping hole in network defenses if left unchecked. Palo Alto Networks next-generation firewalls have built-in SSL decryption capabilities, eliminating this blind spot. All traffic is inspected and advance security services, all without the need for a separate device – removing the complexities of having to manage separate, non-integrated technology.
Reduce the likelihood of a malware infection by preventing file types known to hide malware from entering your network. Further narrow your window of exposure by sending allowed file types to the WildFire® threat analysis service for analysis.