WildFire is a cloud-based
virtual environment that analyzes and executes unknown samples (files
and email links) and determines the samples to be malicious, phishing,
grayware, or benign. With WildFire enabled, a Palo Alto Networks
firewall can forward unknown samples to WildFire for analysis. For
newly-discovered malware, WildFire generates a signature to detect
the malware, which is made available for retrieval in real-time
for all firewalls with an active WildFire subscription. This enables
all Palo Alto next-generation firewalls worldwide to detect and
prevent malware found by a single firewall. Malware signatures often
match multiple variants of the same malware family, and as such,
block new malware variants that the firewall has never seen before.
The Palo Alto Networks threat research team uses the threat intelligence
gathered from malware variants to block malicious IP addresses,
domains, and URLs.
A basic WildFire service is included as
part of the Palo Alto Networks next-generation firewall and does
not require a WildFire subscription. With the basic WildFire service,
you can enable the firewall to forward portable executable (PE)
files. Additionally, if you do not have a WildFire subscription,
but you do have a Threat Prevention subscription, you can receive
signatures for malware WildFire identifies every 24- 48 hours (as
part of the Antivirus updates).
Get the latest WildFire
signatures in real-time.
Prevent malicious PE (portable executables), ELF and MS Office
files, and PowerShell and shell scripts from entering your network
in real-time using
WildFire Inline ML.
Forward advanced file types and email links for analysis.
Use the WildFire API.
Use a WildFire appliance to host a WildFire private cloud
or a WildFire hybrid cloud.
If you have a WildFire
subscription, go ahead and
get started with WildFire to
get the most out of your subscription. Otherwise, take the following
steps to enable basic WildFire forwarding: