Advanced Threat Prevention
Focus
Focus
Advanced Threat Prevention Powered by Precision AI™

Advanced Threat Prevention

Table of Contents

Advanced Threat Prevention

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • NGFW (Managed by PAN-OS or Panorama)
  • VM-Series
  • CN-Series
  • Advanced Threat Prevention (for enhanced feature support) or Threat Prevention License
The Palo Alto Networks® next-generation firewall threat intrusion prevention subscriptions protect and defend your network from commodity threats and advanced persistent threats (APTs) using multi-pronged detection mechanisms to combat the entire gamut of the threat landscape. Palo Alto Networks threat prevention solution is comprised of the following subscriptions:
  • Advanced Threat Prevention—The Advanced Threat Prevention cloud service uses inline deep learning and machine learning models for real-time detection of evasive and never before seen, unknown C2 threats and zero day vulnerability exploits. As an ultra low-latency native cloud service, this extensible and infinitely scalable solution is always kept up to date with model training improvements. It also supports Local Deep Learning, which complements the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention by providing a mechanism to perform fast, local deep learning-based analysis of zero-day and other evasive threats. The Advanced Threat Prevention license includes all of the benefits included with Threat Prevention.
  • Threat Prevention—The base Threat Prevention subscription is based on signatures generated from malicious traffic data collected from various Palo Alto Networks services. These signatures are used by the firewall to enforce security policies based on specific threats, which include: command-and-control (C2), various types of known malware, and vulnerability exploits; and combined with App-ID and User-ID identification technologies on the firewall, you can cross-reference context data to produce fine grained policies. As a part of your threat mitigation policies, you can also identify and block known or risky file types and IP addresses, of which several premade categories are available, including lists specifying bulletproof service providers and known malicious IPs. In cases where specialized tools and software are used, you can create your own vulnerability signatures to customize your intrusion prevention capabilities to your network’s unique requirements.
To maximize your threat prevention, Palo Alto Network also recommends the following subscription services in addition to Advanced | Threat Prevention:
  • DNS Security—The DNS Security cloud service designed to protect your organization from advanced DNS-based threats. By applying advanced machine learning and predictive analytics to a diverse range of threat intelligence sources, DNS Security generates an enhanced DNS signature set and provides real-time analysis of DNS requests to defend your network against newly generated malicious domains. DNS Security can detect various C2 threats, including DNS tunneling, DNS rebinding attacks, domains created using auto-generation, malware hosts, and many more. DNS Security requires and works with your Advanced Threat Prevention or Threat Prevention subscription for complete DNS threat coverage.
Palo Alto Networks intrusion prevention subscriptions work together to provide a comprehensive solution that intercepts and breaks the chain at various stages of the attack process and provides visibility to prevent security infringement on your network infrastructure.