The Advanced WildFire cloud operates a series of inline cloud ML-based detection engines to analyze PE (portable executable) samples traversing through your network to detect and prevent unknown malware in real-time. This allows the Advanced WildFire cloud service to detect never-before seen malware (that does not have an existing WildFire signature or is detectable through the local Advanced WildFire inline cloud ML detectors) and block it from infecting the client. This includes scenarios where certain types of malware that have been previously unseen in the wild, and are not intercepted by Advanced WildFire Inline ML, can proceed unhindered because the file was not seen recently enough for its signature to be present on the firewall due to signature age-out or signature database capacity limits. Newly defined malicious files will be blocked in subsequent encounters by the firewall as the signature has become part of the current set, however, that occurs after a malicious file is analyzed by the WildFire cloud.

The Advanced WildFire Inline Cloud can hold files from downloading (and potentially spreading within your network) while analyzing these suspicious files for malware in the cloud, in a real-time exchange. As with other malicious content that is analyzed by WildFire, any threat detected by Advanced WildFire Inline Cloud generates a threat signature that is disseminated by Palo Alto Networks to customers through a signature update package to provide a future defense for all Palo Alto Networks customers.

Advanced WildFire Inline Cloud operates using a lightweight forwarding mechanism on the firewall to minimize any local performance impact; and to keep up with the latest changes in the threat landscape, cloud inline ML detection models are added and updated seamlessly in the cloud, without requiring content updates or feature release support.

Advanced WildFire Inline Cloud Analysis is enabled and configured through the WildFire Analysis profile and requires PAN-OS 11.1 or later with an active Advanced WildFire license.