Palo Alto Networks WildFire™ WF-500 Platform

MSRP: $117,875.00

Please request a quote for pricing

Request a Quote
Category: SKU: PAN-WF-500

Description

Overview:

Modern cyberattacks and APTs rely on stealth, persistence, and the skilled avoidance of traditional security throughout the lifecycle of the attack. Palo Alto Networks offers an end-to-end approach to these threats that leverages the unique visibility of our next-generation firewall, combined with a cloud-based malware analysis environment in which new and unknown malware can run and conclusively be identified.

By default, you can leverage Palo Alto Networks WildFire infrastructure hosted in the public cloud, enabling any Palo Alto Networks firewall to add the ability to detect and block unknown malware. However, if you prefer not to use public cloud services, the WF-500 provides the ability to deploy WildFire as a private cloud on your own network.

Multiple firewalls can leverage a single WF-500 appliance for analyzing unknown malware. This allows you to deploy one large virtual environment for the analysis of malware that is shared across all firewalls, as opposed to deploying single-use hardware at every ingress/egress point and network point of presence.

Palo Alto Networks prepares cyber-security teams for this challenge by offering a new approach based on simple but powerful concepts:

  • All network traffic must be fully inspected.
  • Any unknowns must be actively and conclusively investigated at scale.
  • Threats need to be blocked, not just detected.

These core principles are the foundation of Palo Alto Networks WildFire solution, in which full visibility, scalable analysis, and automated protection all work together to secure the network and its data. Only the next-generation firewall provides full-stack analysis and enforcement of all network traffic regardless of evasion and encryption, ensuring that hidden or anomalous threats are exposed. WildFire then proactively runs any unknown files in a safe, scalable sandbox environment where malware is conclusively identified and new protections are automatically developed. The result is a completely unique, closed loop approach to controlling cyberthreats based on next-generation visibility, cloud-based malware sandboxing, and reliable in-line blocking of threats.

WildFire Overview

At its core, WildFire detects and blocks targeted, polymorphic, or otherwise unknown malware. To do so, WildFire marries the unique visibility and control of the nextgeneration firewall with a cloud-based environment where malware is safely analyzed at scale. By proactively executing unknown files in a virtual environment, WildFire uncovers malware based on its real behavior, ensuring malware is detected even if it gets past traditional signatures.

This style of sandbox analysis is computationally intense by nature, and as a result, WildFire is designed on a cloud-based architecture that ensures seamless scalability. The WildFire public cloud enables any Palo Alto Networks customer to perform true malware sandboxing of unknown files without the need for any additional hardware. However, a hardware-enabled private cloud option is available to extend the WildFire architecture to customers who cannot use public cloud resources due to regulatory or privacy requirements.

When a threat is detected, WildFire automatically feeds information and protections back to WildFire subscribers. Within in minutes, subscribers receive firewall logs with a verdict of the analysis including event context. More importantly, WildFire generates true malware protections for the newly discovered malware, and shares those protections with all WildFire subscribers world-wide within 30 to 60 minutes of the initial detection. These protections not only stop rapidly spreading malware, but also track unique identifiers in the malware body to proactively find and block malware variants. Additionally, WildFire analysis is used to update DNS-based malware signatures, update URL categories on the fly and to generate new command-and-control signatures, all of which can be used to identify and disrupt the all-important malware command-and-control traffic.