Palo Alto Networks WildFire
•
2 j'aime•2,188 vues
Brief presentation of Palo Alto Networks WildFire malware protection solution.
Recommandé
Recommandé
Contenu connexe
Plus de Altaware, Inc.
Plus de Altaware, Inc. (20)
Dernier
Dernier (20)
Palo Alto Networks WildFire
- 1. Palo Alto Networks - WildFire • Werner Schmidt, CISSP - Email: wschmidt@altaware.com - Phone: 866-833-4070 - Web: www.altaware.com 1
- 2. Introducing WildFire • Identifies unknown malware by direct observation in a virtual sandbox environment - Looks for more than 70 malicious behaviors • Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates • Provides forensics and insight into malware behavior - Actions on the target machine 2
- 3. WildFire Architecture Compare to Known Files Sandbox Environment Signature Generator Admin Web Portal • New Signatures • Unknown • Firewall Delivered to ALL Files From Submits File Firewalls. Portal Untrusted to WildFire provides malware Zones Cloud forensics 3
- 4. An Integrated Approach to Threat Prevention App-ID™ Signatures Sources Behaviors • All traffic, all ports, •Block threats on all • Malware hosting •WildFire malware all the time ports URLs analysis • Application •93.4% block rate of • Recently registered •Download patterns signatures known exploits domains •Unknown traffic • Heuristics •5M+ malware • SSL decryption of •Malware behaviors samples high-risk sites • Decryption • Reduce the attack • Prevents known • Block known surface threats sources of threats • Pinpoints live infections and • Remove the ability • 90% of threats • Be wary of unknown threats to hide through 2015 unclassified and (Gartner) new domains 4
Notes de l'éditeur
- \n
- Consists of two main components: virtual machine-based sandbox environment and an automatic malware signature generator\nCloud-based file analysis\n Virtual machines up in the cloud, no added burden on the customer\n Analyzes behavior looking for over 70 signals\n Registry mods, browser safety mods, file creation in windows system folders, injecting code into processes, deleting itself\n Automated report generation accessible via automated email reports and web portal\nAutomated malware signature generation\n Signatures generated automatically\n All signatures automatically and continually regression tested against a database of known clean files\n
- Step through the process\n\nSetup and Sending of the File\nAdmin sets up policy to forward samples from internet to the cloud\nWhen firewall encounters binary to forward, checks signer.\n If signed by trusted source, don’t send.\nGenerate file hash and query the cloud for the file hash\n If we saw the file already, don’t send, just get result\nOtherwise, send up file (user configurable file size range limit)\n\nSample run in virtual machine for a period of time for analysis\nBehavior of sample analyzed.\n If malicious, a signature is automatically generated and appears in the next AV release.\nReports for all sample uploads are made available via the web portal and also via automated and configurable email reports\n
- \n