The company calls the technology WildFire, and it will be distributed as a free upgrade for Palo Alto’s firewall products. It is aimed at halting targeted attacks, where the malware is not widely distributed and designed to evade front-line detection methods.
Palo Alto’s firewalls run suspicious-looking files in a virtualized sandbox and examine how the files behave. If a piece of malware does suspicious actions such as altering registry settings, injecting itself into processes or other bad behaviors, it will be blocked.
But if a piece of malware does escape that examination, eventually it will start sending traffic out of the computer, and that is what WildFire is designed to detect even if it is encrypted, said Wade Williamson, a senior security analyst for Palo Alto Networks.
“The big issue is to make sure that you only let that infecting file by once,” Williamson said.
Palo Alto Networks firewalls were detecting strange outbound traffic before, “but we didn’t have a good answer for what caused that to start happening,” Williamson said.
In beta tests, WildFire picked up malware that hadn’t been entered yet into VirusTotal, which allows people to see if malicious software is detected by a range of security vendors, Williamson said.
WildFire is part of Pan OS 4.1, the latest operating system upgrade for the company’s firewalls.