Threat Prevention Services

Comprehensive Exploit, Malware, and Command-and-Control Protection for Your Network

Breaches in 2019 involved unpatched vulnerabilities


Active customers using Threat Prevention on their Firewall


Annual growth rate for standalone intrusion prevention system

Threat Prevention - Business Benefits

  • Eliminate cost and management for standalone IPS. Leverage Snort and other powerful IPS capabilities, integrated with our NGFW for a single security policy rule base.
  • Gain visibility into attacks, assured your organization is protected. Inspect all traffic for threats, regardless of port, protocol, or encryption.
  • Reduce resources needed to manage vulnerabilities and patches. Automatically block known malware, vulnerability exploits, and C2.
  • Take advantage of full threat detection and enforcement of prevention controls without sacrificing performance.

Key Benefits

Comprehensive Exploit, Malware, and Command and Control Protection for Your Network

Palo Alto Networks Threat Prevention service protect your network by providing multiple layers of prevention, confronting threats at each phase of an attack. In addition to traditional IPS capabilities, Threat Prevention has the unique ability to detect and block threats on any and all ports instead of invoking signatures based on a limited set of predefined ports.

Our worldwide community of customers shares collective global threat intelligence, significantly reducing the success rate of advanced attacks by stopping them shortly after they are first encountered. Threat Prevention benefits from our other cloud-delivered security subscriptions for daily updates that stop exploits, malware, malicious URLs, command, and control (C2), spyware, etc. A necessity for every Palo Alto Networks NGFW, Threat Prevention can speed prevention of new unknown threats to near-real-time when paired with other Palo Alto Networks subscriptions, including WildFire® malware prevention service for unknown file-based threats, URL Filtering for web-borne attacks, DNS Security for attacks using the Domain Name Service, and IoT Security for unmanaged device visibility and context.

Eliminate Threats at Every Phase

Countless breaches over the years can be attributed to attackers bypassing single-purpose defensive tools. To ensure holistic protection, the Threat Prevention subscription, with its tight integration with our ML-Powered NGFWs, brings together multiple defensive mechanisms:

  • Heuristic-based analysis detects anomalous packet and traffic patterns, such as port scans, host sweeps, and denial-of-service (DoS) attacks.
  • Easy-to-configure, custom vulnerability signatures allow you to tailor intrusion prevention capabilities to your network’s unique needs, even importing rules from popular open-source formats such as Snort and Suricata®.
  • Other attack protection capabilities, such as blocking invalid or malformed packets, IP defragmentation, and TCP reassembly, protect against evasion and obfuscation techniques.

Palo Alto Networks employs natively integrated defensive technologies to ensure that, when a threat evades one technology, another catches it. The key to effective protection is to use security features that are purpose-built to share information and provide context around both the traffic they’re inspecting and the threats they’re identifying and blocking.

Operational Benefits

The Threat Prevention subscription enables you to:

  • Gain comprehensive security for all data, applications, and users. Scan all traffic, with full context around applications and users.
  • Automate security with less manual work. Get automatic updates for new threats.
  • Deploy Snort signatures. Automatically convert, sanitize, upload, and manage Snort and Suricata rules to detect emerging threats and take advantage of intelligence.
  • Keep your network secure with granular, policy-based controls. Go beyond simply blocking malicious content to controlling specific file types, reducing the risk to your entire organization.
  • Lockdown C2 risk. Automatically generate C2 signatures at machine scale and speed.

Note: Refer to the respective product summary spec-sheets for the most up-to-date information.