To make matters worse, network security products are still using the same defensive strategies employed before the threat landscape evolved. Traffic is only inspected on certain ports and, while adding single-function devices to the defensive stack may help alleviate a particular problem, it results in poor visibility and performance. This has left a dangerous situation, where gaping holes are present in network defenses because security solutions are fractured and difficult to manage, while attackers are increasingly adept at penetrating them. Show
Purpose-built within Palo Alto Networks® Next-Generation Security Platform, the Threat Prevention service protects networks across different attack phases:
Enable the Application, Prevent the ThreatApplications are an integral part of how companies do business and, because of that, they’ve made themselves increasingly available to users by entering networks using encrypted channels through non-standard ports and by hopping from open port to open port to guarantee users always have access. Unfortunately, advanced threats take advantage of the way in which applications make themselves available to users, leveraging them for a free ride into the network, undetected. They tunnel within applications, hide within SSL-encrypted traffic, and take advantage of unsuspecting targets to get a foothold within the network and execute malicious activity. Palo Alto protect your network against these threats by providing multiple layers of prevention, confronting threats at each phase of the attack. In addition to traditional intrusion-prevention capabilities, they provide the unique ability to detect and block threats on any and all ports, instead of invoking signatures based on a limited set of predefined ports. By leveraging User-ID™ user identification technology and App-ID™ application identification technology within their next-generation firewall, which identify and add context to all traffic on all ports, the Threat Prevention engine never loses sight of the threat, regardless of the evasion technique. Threat Prevention subscription includes intrusion prevention, network anti-malware, and command-and-control (CnC) protections. Eliminate Threats at Every PhasePalo Alto Networks employs natively integrated defensive technologies to ensure that, when a threat evades one technology, another catches it. The key to effective protection is to use security features that are purpose-built to share information and provide context around both the traffic they’re inspecting and the threats they’re identifying and blocking. Intrusion Prevention (IPS)Threat-based protections detect and block exploit attempts and evasive techniques at both the network and application layers, including port scans, buffer overflows, remote code execution, protocol fragmentation and obfuscation. Protections are based on signature matching and anomaly detection, which decodes and analyzes protocols and uses the information learned to send alerts and block malicious traffic patterns. Stateful pattern matching detects attacks across multiple packets, taking into account arrival order and sequence, and making sure all allowed traffic is well-intentioned and devoid of evasion techniques.
Malware ProtectionIn-line malware protection blocks malware before it ever reaches the target host, through signatures that are based on payload, not hash. Malware protections from Palo Alto Networks block known malware and future variants of that malware, including those that haven’t been seen in the wild yet. Our stream-based scanning engine protects the network without introducing significant latency, which is a serious drawback of network antivirus offerings that rely on proxybased scanning engines. The stream-based malware scanning inspects traffic as soon as the first packets of the file are received, eliminating threats as well as the performance issues associated with traditional, stand-alone solutions. Key anti-malware capabilities include:
Signatures for all types of malware are generated directly from billions of samples collected by Palo Alto Networks, including previously unknown malware sent to WildFire, our Unit 42 threat research team, and other third-party research and technology partners around the world. Command-and-Control (Spyware) ProtectionAfter initial infection, attackers will communicate with the host machine through a command-and-control (CnC) channel, using it to pull down additional malware, issue further instructions, and steal data. Our CnC protections hone in on those unauthorized communication channels and cut them off by blocking outbound requests to malicious domains and from known CnC toolkits installed on infected devices. Palo Alto Networks goes beyond standard automation of CnC signatures based on URLs and domains. We automatically generate pattern-based CnC signatures – delivering researcher-grade CnC signatures at machine speed and scale. Scan for All Threats in a Single PassThe Palo Alto Networks Threat Prevention engine represents an industry first by inspecting and classifying traffic and detecting and blocking both malware and vulnerability exploits in a single pass. Traditional threat prevention technologies require two or more scanning engines, adding significant latency and dramatically slowing throughput performance. We use a uniform signature format for all threats to ensure speedy processing by performing all analysis in a single, integrated scan, eliminating redundant processes common to solutions that use multiple scanning engines. Threat Prevention technology combs through each packet as it passes through the platform, looking closely at byte sequences within both the packet header and payload. From this analysis, we’re able to identify important details about that packet, including the application used, its source and destination, whether the protocol is RFC-compliant, and whether the payload contains an exploit or malicious code. Beyond individual packets, we also analyze the context provided by the arrival order and sequence of multiple packets to catch and prevent evasive techniques. All of this analysis and signature matching happens within one scan, so your network traffic remains as fast as you need it to be. Threat Prevention Subscription Integration With WildFireOrganizations can extend their protection for zero-day malware and exploits with the WildFire service. WildFire is the industry’s most advanced analysis and prevention engine for highly evasive zero-day malware and exploits. The cloudbased service employs a unique multi-technique approach that combines dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats. Attack Surface ReductionSSL Decryption File Blocking Drive-by Download Protection Easy and Accurate MitigationDNS Sinkhole Automated Correlation Objects Leverage Global Threat Intelligence to Prevent AttacksDetailed logs of all threats aren’t merely housed within the same management interface but shared among all prevention mechanisms to provide context. We leverage global threat intelligence through WildFire to automatically discover unknown malware and deliver protections to our entire customer base, keeping them continuously secured against the latest advanced threats. Passive DNS Network
Protect your organization against rapidly evolving malware networks and malicious websites by leveraging Palo Alto Networks DNS-based analysis. Benefit from a vast network of intelligence by enabling passive DNS monitoring, which feeds into our database of malicious domains and is then used in generating protections across our global customer base. Unit 42 Threat ResearchThe Palo Alto Networks threat research team, Unit 42, applies human intelligence to identify critical zero-day vulnerabilities in Microsoft®, Adobe®, Apple®, Android™ and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks. Download the Palo Alto Networks Threat Prevention Datasheet (PDF). |