Threat Prevention
—The base Threat Prevention subscription
is based on signatures generated from malicious traffic data collected
from various Palo Alto Networks services. These signatures are used
by the firewall to enforce security policies based on specific threats,
which include: command-and-control (C2), various types of known
malware, and vulnerability exploits; and combined with App-ID and
User-ID identification technologies on the firewall, you can cross-reference
context data to produce fine grained policies. As a part of your
threat mitigation policies, you can also identify and block known
or risky file types and IP addresses, of which several premade categories
are available, including lists specifying bulletproof service providers
and known malicious IPs. In cases where specialized tools and software
are used, you can create your own vulnerability signatures to customize
your intrusion prevention capabilities to your network’s unique
requirements.