Advanced WildFire Inline Cloud Analysis
Inline Cloud Analysis for Advanced WildFire provides real-time advanced malware
protection by leveraging the analysis capabilities of the Advanced WildFire Cloud.
Where Can I Use This? | What Do I Need? |
The Advanced WildFire cloud operates a series of inline cloud ML-based
detection engines to analyze PE (portable executable) samples traversing through your
network to detect and prevent unknown malware in real-time. This allows the Advanced
WildFire cloud service to detect never-before seen malware (that does not have an
existing WildFire signature or is detectable through the local
Advanced WildFire inline cloud ML detectors)
and block it from infecting the client. This includes scenarios where certain types of
malware that have been previously unseen in the wild, and are not intercepted by
Advanced WildFire Inline ML, can proceed unhindered because the file was not seen
recently enough for its signature to be present on the firewall due to signature age-out
or signature database capacity limits. Newly defined malicious files will be blocked in
subsequent encounters by the firewall as the signature has become part of the current
set, however, that occurs after a malicious file is analyzed by the WildFire cloud.
The Advanced WildFire Inline Cloud can hold files from downloading (and
potentially spreading within your network) while analyzing these suspicious files for
malware in the cloud, in a real-time exchange. As with other malicious content that is
analyzed by WildFire, any threat detected by Advanced WildFire Inline Cloud generates a
threat signature that is disseminated by Palo Alto Networks to customers through a
signature update package to provide a future defense for all Palo Alto Networks
customers.
Advanced WildFire Inline Cloud operates using a lightweight forwarding
mechanism on the firewall to minimize any local performance impact; and to keep up with
the latest changes in the threat landscape, cloud inline ML detection models are added
and updated seamlessly in the cloud, without requiring content updates or feature
release support.