Integration of firewall and the cloud
WildFire makes use of a customer's on-premises firewalls in conjunction with Palo Alto Networks cloud-based analysis engine to ensure in-line performance, while using the cloud to deliver the fastest protections for all enterprise locations.
Click on image to enlarge
Controls applications used for botnet propagation and command and control
Organizations can use the application control enabled by App-ID to deploy firewall policies that control those applications that may be used by botnets as propagation channels or for command and control. Examples include:
- Block P2P and IM applications such as MSN which have been known to propagate botnets.
- Block known botnet command and control applications (e.g., IRC)
* Control, inspect and monitor those applications that are emerging as command and control channels (Twitter, Gmail, Google Docs).
Prevents the propagation of known botnets
The threat prevention engine can identify and block a wide range of known botnets, such as Dark Energy and Rustock while scheduled threat signature updates ensure that newly discovered botnets are also identified and blocked.
Quickly determine which machines may be bot infected
The behavioral botnet report analyzes a range of datapoints including unknown applications, IRC traffic, malware sites, dynamic DNS, and newly created domains and the results are displayed as a list of potentially infected hosts that can be investigated as members of a botnet.