Palo Alto Networks now operates a series of
ML-based detection engines in the Advanced Threat Prevention cloud
to analyze traffic for advanced C2 (command-and-control) and spyware
threats in real-time to protect users against zero-day threats.
By operating cloud-based detection engines, you can access a wide array
of detection mechanisms that are updated and deployed automatically
without requiring the user to download update packages or operate
process intensive, firewall-based analyzers which can sap resources.
The cloud-based detection engine logic is continuously monitored
and updated using C2 traffic datasets from WildFire, with additional
support through manual updates by Palo Alto Networks threat researchers,
who provide human intervention for highly accurized detection enhancements.
Inline cloud analysis supports five analysis engines for C2-based
threats over HTTP, HTTP2, SSL, unknown-UDP, and unknown-TCP. Additional
analysis models are delivered through content updates, however,
enhancements to existing models are performed as a cloud-side update,
requiring no firewall update. Inline cloud analysis is enabled and
configured using the anti-spyware profile and requires an active
Advanced Threat Prevention license.
For additional information about configuring inline Cloud
Analysis, including adding exceptions, verifying connectivity to
the service, and monitoring details, refer to Configure Inline Cloud Analysis.