Advanced Threat Prevention
Where Can I Use
This? | What Do I Need? |
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Strata Cloud Manager) NGFW (Managed by PAN-OS or Panorama) VM-Series CN-Series
| |
The Palo Alto Networks® next-generation firewall threat intrusion
prevention subscriptions protect and defend your network from commodity
threats and advanced persistent threats (APTs) using multi-pronged
detection mechanisms to combat the entire gamut of the threat landscape.
Palo Alto Networks threat prevention solution is comprised of the
following subscriptions:
Advanced Threat Prevention—The Advanced Threat Prevention cloud service uses inline deep
learning and machine learning models for real-time detection of evasive and
never before seen, unknown C2 threats and zero day vulnerability exploits. As an
ultra low-latency native cloud service, this extensible and infinitely scalable
solution is always kept up to date with model training improvements. It also
supports Local Deep Learning, which complements the cloud-based Inline Cloud
Analysis component of Advanced Threat Prevention by providing a mechanism to
perform fast, local deep learning-based analysis of zero-day and other evasive
threats. The Advanced Threat Prevention license includes all of the benefits
included with Threat Prevention.
Threat Prevention—The base Threat Prevention subscription
is based on signatures generated from malicious traffic data collected
from various Palo Alto Networks services. These signatures are used
by the firewall to enforce security policies based on specific threats,
which include: command-and-control (C2), various types of known
malware, and vulnerability exploits; and combined with App-ID and
User-ID identification technologies on the firewall, you can cross-reference
context data to produce fine grained policies. As a part of your
threat mitigation policies, you can also identify and block known
or risky file types and IP addresses, of which several premade categories
are available, including lists specifying bulletproof service providers
and known malicious IPs. In cases where specialized tools and software
are used, you can create your own vulnerability signatures to customize
your intrusion prevention capabilities to your network’s unique
requirements.
To maximize your threat prevention, Palo Alto Network also recommends
the following subscription services in addition to Advanced | Threat
Prevention:
DNS Security—The DNS Security cloud service designed
to protect your organization from advanced DNS-based threats. By
applying advanced machine learning and predictive analytics to a
diverse range of threat intelligence sources, DNS Security generates
an enhanced DNS signature set and provides real-time analysis of
DNS requests to defend your network against newly generated malicious
domains. DNS Security can detect various C2 threats, including DNS
tunneling, DNS rebinding attacks, domains created using auto-generation,
malware hosts, and many more. DNS Security requires and works with
your Advanced Threat Prevention or Threat Prevention subscription
for complete DNS threat coverage.
Palo Alto Networks intrusion prevention subscriptions work together
to provide a comprehensive solution that intercepts and breaks the
chain at various stages of the attack process and provides visibility
to prevent security infringement on your network infrastructure.