Palo Alto Networks says its operating system can now find the source of dangerous outgoing traffic. It also released a firewall for branch offices

Firewall upgrade can ID bad outbound traffic
LONDON  — Palo Alto Networks is upgrading its firewall products with a capability to precisely identify outbound traffic generated by malware, a technique that the company said will help if the malware is undetected at first and starts running on a computer.

The company calls the technology WildFire, and it will be distributed as a free upgrade for Palo Alto’s firewall products. It is aimed at halting targeted attacks, where the malware is not widely distributed and designed to evade front-line detection methods.

Palo Alto’s firewalls run suspicious-looking files in a virtualized sandbox and examine how the files behave. If a piece of malware does suspicious actions such as altering registry settings, injecting itself into processes or other bad behaviors, it will be blocked.

But if a piece of malware does escape that examination, eventually it will start sending traffic out of the computer, and that is what WildFire is designed to detect even if it is encrypted, said Wade Williamson, a senior security analyst for Palo Alto Networks.

WildFire examines the traffic, and if it is bad, will generate a signature to identify the traffic flow and stop it in the future. It may mean a machine may get infected one time with the malware, but the computer can be then be isolated and reimaged, Williamson said.

“The big issue is to make sure that you only let that infecting file by once,” Williamson said.

Palo Alto Networks firewalls were detecting strange outbound traffic before, “but we didn’t have a good answer for what caused that to start happening,” Williamson said.

In beta tests, WildFire picked up malware that hadn’t been entered yet into VirusTotal, which allows people to see if malicious software is detected by a range of security vendors, Williamson said.

WildFire is part of Pan OS 4.1, the latest operating system upgrade for the company’s firewalls.

 
The company also released on Monday the PA-200, a physically smaller firewall targeted at high speed Internet gateway deployments in branch offices. It offers 100 Mbps firewall throughput,  50 Mbps threat prevention throughput and can handle up to 64,000 sessions. It can be configured to run up to 25 IPSec virtual private network tunnels for 25 users at a time.
 
Finally, on Monday the company also extended its access and application control software, GlobalProtect, for Apple’s OSX and iOS operating systems.
 
 
Related Download
IDC Analyst Connection - Unified Threat Management: Benefits of an Integrated Approach to Network Security Sponsor: Fortinet
IDC Analyst Connection – Unified Threat Management: Benefits of an Integrated Approach to Network Security
This IDC Analyst Connection looks at the the benefits of using a UTM platform integrated with network connectivity and how it will save the enterprise money, reduce the number of vendors' products needed to be purchased, improve the communications between devices, offer the opportunity for organizations to deploy more sophisticated capabilities, and vastly improve security.
Register Now
Share on LinkedIn Share with Google+ Comment on this article