The Advanced WildFire
Analysis
Environment identifies previously unknown malware and generates
signatures that Palo Alto Networks NGFWs can use to then detect
and block the malware. When a Palo Alto Networks firewall detects
an unknown sample (a file or a link included in an email), the firewall
can automatically forward the sample for Advanced WildFire analysis.
Based on the properties, behaviors, and activities the sample displays
when analyzed and executed in the sandbox, Advanced WildFire determines
the sample to be benign, grayware, phishing, or malicious, and then
generates signatures to recognize the newly-discovered malware,
and makes the latest signatures globally available for retrieval
in real-time. All Palo Alto Networks firewalls can then compare
incoming samples against these signatures to automatically block
the malware first detected by a single firewall.