Create the Data Center Best Practice WildFire Analysis Profile
Protect your data center from unknown threats by sending
them to WildFire for analysis.
The other security profiles detect and block known threats. WildFire protects the data center from
Configure the firewall to forward all unknown files to WildFire for analysis using
the predefined default profile. Unknown threats can hide in many
different file types and successful attacks may not be detected
until long after they have done damage. For example, WildFire can
identify malware loaded onto a staging server before the attacker
can do damage and find vulnerability scanners and lateral movement
assistance tools before attackers achieve their goals. WildFire
could have prevented a number of large-scale enterprise breaches
over the past several years. Any security policy rule that controls
traffic that has, will have, or could have file transfer activity should
include an enabled WildFire Analysis profile.
Attach the default WildFire Analysis profile to all security
policy rules that allow traffic because WildFire provides the best
defense against unknown threats and advanced persistent threats
(APTs). For example:
Traffic from users to the data center—WildFire identifies
unknown malware hosted in the data center such as Confluence or
Intra data center traffic—WildFire identifies unknown malware
spreading among the data center servers, which can prevent the exfiltration
of data by discovering the malware before it can do damage.
Traffic from the data center to the internet—This traffic downloads
executables for software and operating system updates, so it’s critical
to run WildFire on all applications to identify malicious behaviors.
Set up alerts for malware through email,
SNMP, or a syslog server so that the firewall immediately notifies
you when it encounters a potential issue. The faster you isolate
a compromised host, the lower the chance that the previously unknown
malware has spread to other data center devices, and the easier
it is to remediate the issue.
If necessary, you can restrict the applications and file types
sent for analysis based on the traffic’s direction.