Advanced Threat Prevention License Options

• Threat Prevention—This foundational subscription uses a signature-based engine to provide essential Intrusion Prevention System (IPS) functions:
  The standard Threat Prevention license is EOS (end-of-sale) and no longer available for new customers; however, all features found in the Threat Prevention license is included with Advanced Threat Prevention.
  • Vulnerability Protection: Blocks known exploits targeting software vulnerabilities (e.g., buffer overflows, code execution) across various protocols.
  • Antivirus & Anti-Spyware: Identifies and stops malware delivery and prevents compromised hosts from communicating with known malicious destinations.
  • Command-and-Control (C2) Detection: Prevents established malware from receiving instructions by blocking traffic to known C2 IP addresses and domains.
  • External Dynamic Lists (EDLs): Allows the firewall to automatically import and enforce IP, Domain, and URL blocklists from Palo Alto Networks or third-party threat intelligence feeds.
• Advanced Threat Prevention—Building on the standard Threat Prevention features, this license incorporates cloud-based machine learning (ML) and deep learning to provide real-time, inline protection against unknown and highly evasive threats. Key features include:

  • Inline Deep Learning: Unlike traditional sandboxing that detects a threat after it has entered the network, Advanced Threat Prevention uses inline ML models to analyze traffic in real-time, blocking zero-day exploits before the first packet can pass.
  • Enhanced C2 Prevention: Advanced Threat Prevention identifies and stops highly evasive, C2 traffic—such as those using DNS tunneling or custom-built protocols—by analyzing traffic patterns rather than relying on static signatures.
  • Zero-Day Injection Attack Protection: Specifically targets sophisticated SQL injection and Command Injection attacks that use obfuscation to bypass standard signature filters.