Prevent Known Threats Across All Traffic
Threats do not discriminate between application delivery vectors, requiring an approach that has full visibility into all application traffic, including SSL encrypted content, with full user context. Threat Prevention leverages the visibility of our next-generation firewall to inspect all traffic, automatically preventing known threats, regardless of port, protocol or SSL encryption.
Protection Across the Full Attack Lifecycle
In order for adversaries to be successful, they must move through multiple stages of the attack lifecycle, representing opportunities to stop them at each step. Threat Prevention automatically blocks multiple phases of the attack, including exploitation of known vulnerabilities, known malware and command-and-control activity. If zero-day malware or exploits are used, other elements of the Palo Alto Networks Next-Generation Security Platform can keep your organization safe.
Security AND Performance
Threat Prevention leverages our unique single-pass scanning architecture, so traffic is only scanned once, even with all subscription services enabled, including Threat Prevention, WildFire and URL Filtering. The single-pass architecture allows full threat detection and enforcement of prevention controls, without sacrificing performance.
Adversaries have become highly targeted, leveraging sophisticated playbooks to breach an organization, move laterally, and extract valuable data, all while remaining invisible to traditional defenses. Threat Prevention automatically stops vulnerability exploits with IPS capabilities, offers in-line malware protection, and blocks outbound command-and control-traffic. When combined with WildFire and URL Filtering, organizations are protected at every stage of the attack lifecycle, including both known and zero-day threats.
Your dedicated Palo Alto Networks experts
Infradata is an award-winning Palo Alto Networks Partner with advanced specialties, and the distinction of multiple certified engineers on staff. Our engineers are recognized by Palo Alto Networks as technical experts and advocates of Palo Alto solutions. That means you can count on Infradata for the technical know-how and hands-on experience to accurately assess your business requirements, and design, implement, and manage a Palo Alto Networks-based solution to suit your needs.
Palo Alto Networks
For more information about Palo Alto Networks, please contact our sales department.
Vulnerability-based protections detect and block exploits and evasive techniques on both the network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation. Our IPS protections include both anomaly detection and signature matching, using stateful pattern matching to understand packet arrival order and sequence.
Our signature creation team reverse-engineers exploits to understand the underlying vulnerabilities on which our protections are based, ensuring that individual signatures are high fidelity and can protect you against multiple exploit attempts. Palo Alto Networks also offers Traps advanced endpoint protection to block zero-day exploits on the endpoint.
Additionally, the Palo Alto Networks threat research team, Unit 42, applies human intelligence to identify critical zero-day vulnerabilities in Microsoft, Adobe, Apple, Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government and service provider networks.
Threat Prevention enforces in-line malware protection, preventing malware delivery and installation through our proprietary payload-based signature, which are updated through daily content updates, which also leverages the WildFire service for zero-day malware discovery.
Payload-based signatures do not rely on easily changed attributes, instead detecting patterns in the body of the file that can be used to identify future variations of the malware, even if the content has been slightly modified. This allows us to immediately identify and block polymorphic malware that otherwise would be treated as a new, unknown file.
Organizations can further enhance their security posture by deploying the WildFire threat detection and prevention service, which enables prevention of zero-day malware in 300 seconds from first discovery anywhere in the world.
Threat Prevention stops command-and-control (C2) activity from being used to exfiltrate data, deliver secondary malware payloads, or provide additional instructions for future stages of the attack. The service employs a revolutionary approach to shutting down this critical channel, generating automated C2 signatures that go beyond basic domain and URL matching to produce research-grade protections at machine speed and scale.
Threat Prevention also provides sinkhole capabilities for requests to malicious DNS entries, allowing outbound requests to malicious domains or IP addresses to be redirected to your own internal IP address, preventing command-and-control activity and providing you with a report of compromised machines.