Advanced Threat Prevention Services

Protect your network against new and existing threats without impacting performance
0
K +

Customers

0
%

Evasions Blocked

0
X

Higher Throughput

Advanced Threat Prevention - Business Benefits

  • Reduce business risk by preventing unknown C2 inline
  • Eliminate cost and management for standalone IPS
  • Gain visibility into attacks assuring your organization is protected
  • Reduce resources needed to manage vulnerabilities and patches
  • Take advantage of full threat detection and enforcement of prevention controls

Key Benefits

Protect Against Known and Unknown Command and Control

There’s no silver bullet when it comes to preventing all threats from entering the network. After initial infection, attackers will communicate with the host machine through a C2 channel, using it to pull down additional malware, issue further instructions, and steal data. With the increasing use of tool sets such as Cobalt Strike as well as encrypted or obfuscated traffic, it is easier than ever for attackers to create completely customizable command-and-control channels that cannot be stopped with traditional approaches.

Unknown C2 Prevention Inline

Advanced Threat Prevention introduces inline deep learning for real-time enforcement for new and unknown command and control. Drawing on the unique dataset of malware from WildFire in addition to signals from soak sites and our Unit 42 research team, Advanced Threat Prevention leverages multiple deep learning and machine learning models running in the cloud. The models are aligned to key protocols, such as SSL, HTTP, unknown UDP, and unknown TCP. Specific models also identify C2 traffic from tools such as Cobalt Strike. As traffic traverses the firewall, a small prefiltered portion of traffic goes to the cloud for analysis, with a response sent back to the firewall to determine if the traffic should proceed. Based on these tuned models and integration with the NGFW, Advanced Threat Prevention provides real-time inline prevention of previously unknown C2.

Payload-Based Signatures

Palo Alto Networks goes beyond standard automation of C2 signatures based on URLs and domains. Our C2 protections home in on those unauthorized communication channels and cut them off by blocking outbound requests to malicious domains and from known toolkits installed on infected devices. We automatically generate and deliver researcher-grade signatures based on malicious traffic seen by WildFire at machine speed and scale. These signatures are payload-based and can detect C2 traffic even when the C2 host is unknown or changes rapidly.

Operational Benefits

The Threat Prevention subscription enables you to:

  • Gain comprehensive security for all data, applications, and users. Scan all traffic, with full context around applications and users.
  • Automate security with less manual work. Get automatic updates for new threats.
  • Deploy Snort signatures. Automatically convert, sanitize, upload, and manage Snort and Suricata rules to detect emerging threats and take advantage of intelligence.
  • Keep your network secure with granular, policy-based controls. Go beyond simply blocking malicious content to controlling specific file types, reducing the risk to your entire organization.
  • Lock down C2 risk. Automatically prevent known and unknown C2 attacks inline.