Product Description
Overview:
Modern cyberattacks and APTs rely on stealth, persistence, and the skilled avoidance of traditional security throughout the lifecycle of the attack. Palo Alto offers an end-to-end approach to these threats that leverages the unique visibility of our next-generation firewall, combined with a cloud-based malware analysis environment in which new and unknown malware can run and conclusively be identified.
By default, you can leverage Palo Alto WildFire infrastructure hosted in the public cloud, enabling any Palo Alto firewall to add the ability to detect and block unknown malware. However, if you prefer not to use public cloud services, the WF-500 provides the ability to deploy WildFire as a private cloud on your own network.
Multiple firewalls can leverage a single WF-500 appliance for analyzing unknown malware. This allows you to deploy one large virtual environment for the analysis of malware that is shared across all firewalls, as opposed to deploying single-use hardware at every ingress/egress point and network point of presence.
Palo Alto prepares cyber-security teams for this challenge by offering a new approach based on simple but powerful concepts:
- All network traffic must be fully inspected.
- Any unknowns must be actively and conclusively investigated at scale.
- Threats need to be blocked, not just detected.
These core principles are the foundation of Palo Alto WildFire solution, in which full visibility, scalable analysis, and automated protection all work together to secure the network and its data. Only the next-generation firewall provides full-stack analysis and enforcement of all network traffic regardless of evasion and encryption, ensuring that hidden or anomalous threats are exposed. WildFire then proactively runs any unknown files in a safe, scalable sandbox environment where malware is conclusively identified and new protections are automatically developed. The result is a completely unique, closed loop approach to controlling cyberthreats based on next-generation visibility, cloud-based malware sandboxing, and reliable in-line blocking of threats.
WildFire Overview
At its core, WildFire detects and blocks targeted, polymorphic, or otherwise unknown malware. To do so, WildFire marries the unique visibility and control of the nextgeneration firewall with a cloud-based environment where malware is safely analyzed at scale. By proactively executing unknown files in a virtual environment, WildFire uncovers malware based on its real behavior, ensuring malware is detected even if it gets past traditional signatures.
This style of sandbox analysis is computationally intense by nature, and as a result, WildFire is designed on a cloud-based architecture that ensures seamless scalability. The WildFire public cloud enables any Palo Alto customer to perform true malware sandboxing of unknown files without the need for any additional hardware. However, a hardware-enabled private cloud option is available to extend the WildFire architecture to customers who cannot use public cloud resources due to regulatory or privacy requirements.
When a threat is detected, WildFire automatically feeds information and protections back to WildFire subscribers. Within in minutes, subscribers receive firewall logs with a verdict of the analysis including event context. More importantly, WildFire generates true malware protections for the newly discovered malware, and shares those protections with all WildFire subscribers world-wide within 30 to 60 minutes of the initial detection. These protections not only stop rapidly spreading malware, but also track unique identifiers in the malware body to proactively find and block malware variants. Additionally, WildFire analysis is used to update DNS-based malware signatures, update URL categories on the fly and to generate new command-and-control signatures, all of which can be used to identify and disrupt the all-important malware command-and-control traffic.
Features:
WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends the threat prevention capabilities of the next-generation firewall to tackle some of the most challenging threats in the world today, and does so with full visibility and enforcement at up to 10Gbps.
- Proactively executes suspicious files in a safe environment to identify malware based on more than 100 malicious behaviors.
- Combines the visibility of the next-generation firewall with cloud-based analysis to ensure accurate, safe and scalable malware analysis.
- True in-line blocking of malware infecting files and command-and=control traffic at the firewall.
Technical Specifications:
Model | WF-500 |
---|---|
Hardware Specifications | |
Processor | Dual 6-Core Intel Processor with Hyper-Threading |
Memory | 128 GB RAM |
System Disk | 120GB SSD |
Storage | 2TB RAID1: 4 x 1TB RAID Certified HDD for 2 TB of RAID Storage |
I/O | 4x10/100/1000, DB9 Console serial port, USB |
Rack Mountable | 2U |
Power Supply | Dual 920W power supplies in hot swap, redundant configuration |
Maximum Power Consumption | 510 Watts |
Maximum BTU/HR | 1740 |
Input Voltage | 100-240VAC |
Maximum Current Consumption | 11 Amps @ 100VAC |
Safety | UL/CSA, CB |
EMI | FCC Class A, VCCI Class A, CE Class A |
Environment | |
Operating temperature | 32° to 95° F, 0° to 35° C |
Non-operating temperature | -4° to 158° F, -20° to 70° C |