Palo Alto Networks says its operating system can now find the source of dangerous outgoing traffic. It also released a firewall for branch offices
The company calls the technology WildFire, and it will be distributed as a free upgrade for Palo Alto’s firewall products. It is aimed at halting targeted attacks, where the malware is not widely distributed and designed to evade front-line detection methods.
Palo Alto’s firewalls run suspicious-looking files in a virtualized sandbox and examine how the files behave. If a piece of malware does suspicious actions such as altering registry settings, injecting itself into processes or other bad behaviors, it will be blocked.
But if a piece of malware does escape that examination, eventually it will start sending traffic out of the computer, and that is what WildFire is designed to detect even if it is encrypted, said Wade Williamson, a senior security analyst for Palo Alto Networks.
“The big issue is to make sure that you only let that infecting file by once,” Williamson said.
Palo Alto Networks firewalls were detecting strange outbound traffic before, “but we didn’t have a good answer for what caused that to start happening,” Williamson said.
In beta tests, WildFire picked up malware that hadn’t been entered yet into VirusTotal, which allows people to see if malicious software is detected by a range of security vendors, Williamson said.
WildFire is part of Pan OS 4.1, the latest operating system upgrade for the company’s firewalls.
IDC Analyst Connection – Unified Threat Management: Benefits of an Integrated Approach to Network Security
This IDC Analyst Connection looks at the the benefits of using a UTM platform integrated with network connectivity and how it will save the enterprise money, reduce the number of vendors' products needed to be purchased, improve the communications between devices, offer the opportunity for organizations to deploy more sophisticated capabilities, and vastly improve security.