Eliminate Risks from Highly Evasive Malware

Unique malware samples, providing more accurate analysis and faster verdicts. Over 6X size of leading malware sample aggregator.


Active customers contributing to global distributed intelligence ensuring you stay protected


Up to 95% of unknown file-based threats prevented inline without requiring cloud analysis

WildFire - Business Benefits

  • Don’t be the first victim of a new threat. Inline prevention stops patient zero without affecting productivity.
  • Eliminate dwell time risk. Cut threat response time to seconds with automated delivery of coordinated protection across network, endpoint, and cloud.
  • Reduce actionable events and workload for the SOC. Stop the initial threat, delivering fewer detection events to investigate and contain.
  • Reduce TCO with cloud-based architecture. Eliminate costs to deploy, manage, patch, and maintain appliance-based sandboxes.
  • Gain infinite analysis capacity with no incremental costs. Subscription model delivers compute and scalability with no capacity-based charges.
  • Avoid manual integrations. Threat intel automatically flows into the Palo Alto Networks ecosystem, eliminating manual tooling or integration

Key Benefits

Prevent Unknown Threats at the Firewall Level with Inline Machine Learning

Powered by threat models continually honed in the cloud, WildFire includes an inline machine learning-based engine delivered within our hardware and virtual ML-Powered NGFWs. This innovative, signatureless capability prevents malicious content in common file types—such as portable executable files and fileless attacks stemming from PowerShell®—completely inline, with no required cloud analysis, no damage to the content, and no loss of user productivity. Whether an unknown file matches an existing signature or is classified by an ML-Powered NGFW, WildFire always performs full analysis, extracting valuable intelligence and data to provide context for security analysts, generate training updates for the machine learning models, and share intelligence with other subscriptions to prevent other attack vectors.

Get Global Prevention Across the WildFire Ecosystem, Delivered in Seconds

For highly customized threats that its inline machine learning-powered prevention cannot stop, WildFire applies powerful cloud-based analysis to deliver prevention across networks, clouds, endpoints, or wherever WildFire-enabled sensors are deployed. Working in tandem with the new capabilities of PAN-OS®, WildFire generates and delivers prevention globally within seconds of initial analysis for most new threats. This innovative, cloud-scale delivery of evasion-resistant signatures closes the window for adversaries to successfully deploy malicious content.

Use Signatures, Not Hashes

Because WildFire uses content signatures for prevention instead of hashes, it can identify more malware with a single signature. As a result, compared to the mostly hash-based systems that require 1:1 ratios, WildFire protects against more attacks with the same resources. A single WildFire signature can protect against up to millions of polymorphic variants of a single malware.

  • Automate reprogramming of security controls to block unknown threats: Shared real-time intelligence from more than 35,000 subscribers automatically updates and prevents threats across networks, endpoints, and clouds.
  • Gain detailed context on analyzed threats: Get thorough reports of every malicious file sent to WildFire across multiple operating system environments and application versions.
  • Integrate seamlessly with existing security tools: Leverage open API integration with SIEM, TIP, ticketing, SOAR, or XDR tools to process indicators of compromise (IOCs).
  • Leverage actionable threat intelligence: Together with AutoFocus™ contextual threat intelligence, you can understand adversaries and their intent as well as track campaigns to ensure your next move is the right one.