SlideShare uma empresa Scribd logo

Palo Alto Networks WildFire

Altaware, Inc.
Altaware, Inc.

Brief presentation of Palo Alto Networks WildFire malware protection solution.

Tecnologia
1 de 4
Palo Alto Networks - WildFire • Werner Schmidt, CISSP - Email: wschmidt@altaware.com - Phone: 866-833-4070 - Web: www.altaware.com 1
Introducing WildFire • Identifies unknown malware by direct observation in a virtual sandbox environment - Looks for more than 70 malicious behaviors • Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates • Provides forensics and insight into malware behavior - Actions on the target machine 2
WildFire Architecture Compare to Known Files Sandbox Environment Signature Generator Admin Web Portal • New Signatures • Unknown • Firewall Delivered to ALL Files From Submits File Firewalls. Portal Untrusted to WildFire provides malware Zones Cloud forensics 3
An Integrated Approach to Threat Prevention App-ID™ Signatures Sources Behaviors • All traffic, all ports, •Block threats on all • Malware hosting •WildFire malware all the time ports URLs analysis • Application •93.4% block rate of • Recently registered •Download patterns signatures known exploits domains •Unknown traffic • Heuristics •5M+ malware • SSL decryption of •Malware behaviors samples high-risk sites • Decryption • Reduce the attack • Prevents known • Block known surface threats sources of threats • Pinpoints live infections and • Remove the ability • 90% of threats • Be wary of unknown threats to hide through 2015 unclassified and (Gartner) new domains 4

Recomendados

Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Netgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonNetgear ReadyNAS Comparison
Netgear ReadyNAS Comparison
Altaware, Inc.
 
SIP2 for ILS
SIP2 for ILSSIP2 for ILS
SIP2 for ILS
Altaware, Inc.
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configuration
Alberto Rivai
 
Juniper idp overview
Juniper idp overviewJuniper idp overview
Juniper idp overview
Mohamed Al-Natour
 
Palo Alto Networks - Just another Firewall
Palo Alto Networks - Just another FirewallPalo Alto Networks - Just another Firewall
Palo Alto Networks - Just another Firewall
pillardata
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
SWITCHPOINT NV/SA
 

Recomendados

Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Netgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonNetgear ReadyNAS Comparison
Netgear ReadyNAS Comparison
Altaware, Inc.
 
SIP2 for ILS
SIP2 for ILSSIP2 for ILS
SIP2 for ILS
Altaware, Inc.
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configuration
Alberto Rivai
 
Juniper idp overview
Juniper idp overviewJuniper idp overview
Juniper idp overview
Mohamed Al-Natour
 
Palo Alto Networks - Just another Firewall
Palo Alto Networks - Just another FirewallPalo Alto Networks - Just another Firewall
Palo Alto Networks - Just another Firewall
pillardata
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
SWITCHPOINT NV/SA
 
Aerohive datasheet br200
Aerohive datasheet br200Aerohive datasheet br200
Aerohive datasheet br200
Altaware, Inc.
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest Access
Altaware, Inc.
 
Juniper MAG Series
Juniper MAG SeriesJuniper MAG Series
Juniper MAG Series
Altaware, Inc.
 
Juniper Networks SRX Branch Solutions
Juniper Networks SRX Branch SolutionsJuniper Networks SRX Branch Solutions
Juniper Networks SRX Branch Solutions
Altaware, Inc.
 
Juniper Networks Product Comparisons
Juniper Networks Product ComparisonsJuniper Networks Product Comparisons
Juniper Networks Product Comparisons
Altaware, Inc.
 
Infoblox appliances
Infoblox appliancesInfoblox appliances
Infoblox appliances
Altaware, Inc.
 
Aerohive Branch on Demand Solution Brief
Aerohive Branch on Demand Solution BriefAerohive Branch on Demand Solution Brief
Aerohive Branch on Demand Solution Brief
Altaware, Inc.
 
Aerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLANAerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLAN
Altaware, Inc.
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
 
ScreenOS 6.1 Concepts & Examples
ScreenOS 6.1 Concepts & ExamplesScreenOS 6.1 Concepts & Examples
ScreenOS 6.1 Concepts & Examples
Altaware, Inc.
 
PANOS 4.1 Administrators Guide
PANOS 4.1 Administrators GuidePANOS 4.1 Administrators Guide
PANOS 4.1 Administrators Guide
Altaware, Inc.
 
Aerohive AP 350
Aerohive AP 350Aerohive AP 350
Aerohive AP 350
Altaware, Inc.
 
Aerohive AP 330
Aerohive AP 330Aerohive AP 330
Aerohive AP 330
Altaware, Inc.
 
Aerohive AP 170
Aerohive AP 170Aerohive AP 170
Aerohive AP 170
Altaware, Inc.
 
Aerohive AP 120
Aerohive AP 120Aerohive AP 120
Aerohive AP 120
Altaware, Inc.
 
Aerohive 802.11 Technology Primer
Aerohive 802.11 Technology PrimerAerohive 802.11 Technology Primer
Aerohive 802.11 Technology Primer
Altaware, Inc.
 
Aerohive - TeacherView and Student Manager
Aerohive - TeacherView and Student ManagerAerohive - TeacherView and Student Manager
Aerohive - TeacherView and Student Manager
Altaware, Inc.
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
Altaware, Inc.
 
PAN PA500
PAN PA500PAN PA500
PAN PA500
Altaware, Inc.
 
PAN Platform Summary
PAN Platform SummaryPAN Platform Summary
PAN Platform Summary
Altaware, Inc.
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 

Mais conteúdo relacionado

Mais de Altaware, Inc.

Mais de Altaware, Inc. (20)

Aerohive datasheet br200
Aerohive datasheet br200Aerohive datasheet br200
Aerohive datasheet br200
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest Access
 
Juniper MAG Series
Juniper MAG SeriesJuniper MAG Series
Juniper MAG Series
 
Juniper Networks SRX Branch Solutions
Juniper Networks SRX Branch SolutionsJuniper Networks SRX Branch Solutions
Juniper Networks SRX Branch Solutions
 
Juniper Networks Product Comparisons
Juniper Networks Product ComparisonsJuniper Networks Product Comparisons
Juniper Networks Product Comparisons
 
Infoblox appliances
Infoblox appliancesInfoblox appliances
Infoblox appliances
 
Aerohive Branch on Demand Solution Brief
Aerohive Branch on Demand Solution BriefAerohive Branch on Demand Solution Brief
Aerohive Branch on Demand Solution Brief
 
Aerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLANAerohive whitepaper-cooperative control WLAN
Aerohive whitepaper-cooperative control WLAN
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
 
ScreenOS 6.1 Concepts & Examples
ScreenOS 6.1 Concepts & ExamplesScreenOS 6.1 Concepts & Examples
ScreenOS 6.1 Concepts & Examples
 
PANOS 4.1 Administrators Guide
PANOS 4.1 Administrators GuidePANOS 4.1 Administrators Guide
PANOS 4.1 Administrators Guide
 
Aerohive AP 350
Aerohive AP 350Aerohive AP 350
Aerohive AP 350
 
Aerohive AP 330
Aerohive AP 330Aerohive AP 330
Aerohive AP 330
 
Aerohive AP 170
Aerohive AP 170Aerohive AP 170
Aerohive AP 170
 
Aerohive AP 120
Aerohive AP 120Aerohive AP 120
Aerohive AP 120
 
Aerohive 802.11 Technology Primer
Aerohive 802.11 Technology PrimerAerohive 802.11 Technology Primer
Aerohive 802.11 Technology Primer
 
Aerohive - TeacherView and Student Manager
Aerohive - TeacherView and Student ManagerAerohive - TeacherView and Student Manager
Aerohive - TeacherView and Student Manager
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
 
PAN PA500
PAN PA500PAN PA500
PAN PA500
 
PAN Platform Summary
PAN Platform SummaryPAN Platform Summary
PAN Platform Summary
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Palo Alto Networks WildFire

  • 1. Palo Alto Networks - WildFire • Werner Schmidt, CISSP - Email: wschmidt@altaware.com - Phone: 866-833-4070 - Web: www.altaware.com 1
  • 2. Introducing WildFire • Identifies unknown malware by direct observation in a virtual sandbox environment - Looks for more than 70 malicious behaviors • Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates • Provides forensics and insight into malware behavior - Actions on the target machine 2
  • 3. WildFire Architecture Compare to Known Files Sandbox Environment Signature Generator Admin Web Portal • New Signatures • Unknown • Firewall Delivered to ALL Files From Submits File Firewalls. Portal Untrusted to WildFire provides malware Zones Cloud forensics 3
  • 4. An Integrated Approach to Threat Prevention App-ID™ Signatures Sources Behaviors • All traffic, all ports, •Block threats on all • Malware hosting •WildFire malware all the time ports URLs analysis • Application •93.4% block rate of • Recently registered •Download patterns signatures known exploits domains •Unknown traffic • Heuristics •5M+ malware • SSL decryption of •Malware behaviors samples high-risk sites • Decryption • Reduce the attack • Prevents known • Block known surface threats sources of threats • Pinpoints live infections and • Remove the ability • 90% of threats • Be wary of unknown threats to hide through 2015 unclassified and (Gartner) new domains 4

Notas do Editor

  1. \n
  2. Consists of two main components: virtual machine-based sandbox environment and an automatic malware signature generator\nCloud-based file analysis\n Virtual machines up in the cloud, no added burden on the customer\n Analyzes behavior looking for over 70 signals\n Registry mods, browser safety mods, file creation in windows system folders, injecting code into processes, deleting itself\n Automated report generation accessible via automated email reports and web portal\nAutomated malware signature generation\n Signatures generated automatically\n All signatures automatically and continually regression tested against a database of known clean files\n
  3. Step through the process\n\nSetup and Sending of the File\nAdmin sets up policy to forward samples from internet to the cloud\nWhen firewall encounters binary to forward, checks signer.\n If signed by trusted source, don’t send.\nGenerate file hash and query the cloud for the file hash\n If we saw the file already, don’t send, just get result\nOtherwise, send up file (user configurable file size range limit)\n\nSample run in virtual machine for a period of time for analysis\nBehavior of sample analyzed.\n If malicious, a signature is automatically generated and appears in the next AV release.\nReports for all sample uploads are made available via the web portal and also via automated and configurable email reports\n
  4. \n