Advanced Threat Prevention Powered by Precision AI®
Advanced Threat Prevention Powered by Precision AI defends your network against both commodity threats—which are pervasive but not sophisticated—and targeted, advanced threats perpetuated by organized cyber adversaries. Advanced Threat Prevention includes comprehensive exploit, malware, and command-and-control protection, and Palo Alto Networks frequently publishes updates that equip the firewall with the very latest threat intelligence. You can use the Threat Vault to research the latest threats that Palo Alto Networks next-generation firewalls can detect and prevent.
What's New
 |
August 1 2025: Palo Alto Networks threat intelligence and research platform, Threat Vault, now provides support for CVE coverage searches for existing as well as upcoming Vulnerability Protection signatures. Previously, this was exclusively available as a Threat Vault API request. | |||
 |
July 30 2025: Palo Alto Networks Advanced Threat Prevention Inline Cloud Analysis now supports detection of unknown C2 threats developed using the open source Sliver C2 framework and transmitted over the TLSv1.3 protocol. By leveraging a specialized pre-filtering used to identify suspicious TLS handshake characteristics associated with Sliver C2, suspected Sliver traffic is forwarded to the Advanced Threat Prevention cloud for in-depth analysis using a sequence-based neural network detection model. This deep learning model examines patterns across multiple TLS records within a session, enabling high-confidence detection of characteristic Sliver C2 communication patterns even when content is encrypted. | |||
|
April 30 2025: Palo Alto Networks now provides access to a new service region for the Advanced Threat Prevention service, located in Tel Aviv, Israel (FQDN: il.hawkeye.services-edge.paloaltonetworks.com). Typically, the default global service domain automatically connects you to the nearest service provider. However, if you want to override the automatically selected server due to your organization's data residency and performance requirements., you can manually specify the cloud content FQDN. | |||
|
February 25 2025: Palo Alto Networks now offers access to Exfiltration Shield, which provides protection against DNS relaying attacks, also known as Data Exfiltration via HTTP request headers, by applying machine learning through the Inline Cloud Analysis mechanism of Advanced Threat Prevention. DNS relaying attacks exploit legitimate web services by placing DNS tunneling domains in SNI or HTTP headers like Host and X-Forwarded-For. When vulnerable web services receive these requests, they extract the tunneling domains and send them to attacker-operated DNS resolvers, effectively relaying tunneling traffic to attackers' command and control servers. | |||
|
Advanced Threat Prevention Reports now provide added vulnerability context by associating detected exploits and mapping them to a CVE if one is available. | |||
|
Advanced Threat Prevention now supports LDL (Local Deep Learning) for supported firewalls operating PAN-OS 11.2 and later. Local Deep Learning complements the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention by providing a mechanism to perform fast, local deep learning-based analysis of zero-day and other evasive threats. | |||
|
Inline Cloud Analysis now supports detection of command injection and SQL injection vulnerabilities in real-time to protect users against zero-day threats. | |||
 |
Palo Alto Networks now offers Advanced Threat Prevention, a new security service that applies predictive analytics to disrupt attacks that use DNS for command-and-control (C2) or data theft. | |||
|
Firewalls equipped with Threat Prevention can now detect domain fronting, a TLS evasion technique that can circumvent URL filtering database solutions and facilitate data exfiltration. | |||
|
Is your organization mission-critical, security-first, or a mix of both? Our best practices will guide you on how to best deploy threat updates, depending on your risk tolerance and application availability needs. |
Important Resources
Translated Documents
-
日本語 (Japanese)
-
中文 (Chinese Simplified)
-
繁體中文 (Chinese Traditional)
-
Español (Spanish)
-
Français (French)