The Advanced WildFire
Analysis
Environment identifies previously unknown malware and generates
signatures that Palo Alto Networks NGFWs can use to then detect
and block the malware. When a Palo Alto Networks firewall detects
an unknown sample, the
firewall automatically
forwards all
supported file
types from any application to the WildFire public-cloud service
for Advanced WildFire analysis. Based on the properties, behaviors,
and activities the sample displays when analyzed and executed in
the sandbox, Advanced WildFire determines the sample to be benign,
grayware, phishing, or malicious, and then generates signatures
to recognize the newly-discovered malware, and makes the latest
signatures globally available for retrieval in real-time. All Palo
Alto Networks firewalls can then compare incoming samples against
these signatures to automatically block the malware first detected
by a single firewall.