The Palo Alto Networks® next-generation firewall protects and defends your network from commodity threats and advanced persistent threats (APTs). The multi-pronged detection mechanisms of the firewall include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.
Commodity threats are exploits that are less sophisticated and more easily detected and prevented using a combination of antivirus, anti-spyware, and vulnerability protection features along with URL filtering and Application identification capabilities on the firewall.
Advanced threats are perpetuated by organized cyber adversaries who use sophisticated attack vectors to target your network, most commonly for intellectual property theft and financial data theft. These threats are more evasive and require intelligent monitoring mechanisms for detailed host and network forensics on malware. The Palo Alto Networks next-generation firewall together with WildFire™ and Panorama™ provide a comprehensive solution that intercepts and breaks the attack chain and provides visibility to prevent security infringement on your network infrastructure—both mobile and virtualized.
After you implement your threat prevention configurations, Export Configuration Table Data to create a PDF or CSV report of your configurations to use for internal review or for auditing.
- Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions
- Set Up Antivirus, Anti-Spyware, and Vulnerability Protection
- DNS Security
- Use DNS Queries to Identify Infected Hosts on the Network
- Set Up Data Filtering
- Set Up File Blocking
- Prevent Brute Force Attacks
- Customize the Action and Trigger Conditions for a Brute Force Signature
- Enable Evasion Signatures
- Prevent Credential Phishing
- Monitor Blocked IP Addresses
- Threat Signature Categories
- Create Threat Exceptions
- Custom Signatures
- Learn More About and Assess Threats
- Share Threat Intelligence with Palo Alto Networks
- Threat Prevention Resources
Threat Signature Categories
Threat Signature Categories There are three types of Palo Alto Networks threat signatures, each designed to detect different types of threats as the firewall scans ...
What Is a Best Practice Internet Gateway Security Policy?
What Is a Best Practice Internet Gateway Security Policy? A best practice internet gateway security policy has two main security goals: Minimize the chance of ...
About DNS Security
Learn how the Palo Alto Networks DNS Security service can help protect your network from advanced DNS-based threats. ...
Enable DNS Security to access the full database of Palo Alto Networks signatures, including those generated using advanced machine learning and predictive analytics. ...
App-ID Overview App-ID, a patented traffic classification system only available in Palo Alto Networks firewalls, determines what an application is irrespective of port, protocol, encryption ...
Best Practices for Completing the Firewall Deployment
Best Practices for Completing the Firewall Deployment Now that you have integrated the firewall into your network and enabled the basic security features, you can ...
DNS Security DNS Security is an on-demand cloud subscription service designed to protect your organization from advanced threats using DNS. By applying advanced machine learning ...
Threat Prevention Resources
Threat Prevention Resources For more information on Threat Prevention, refer to the following sources: Creating Custom Threat Signatures Threat Prevention Deployment Understanding DoS Protection To ...
Threat Details Monitor > Logs > Threat ACC > Threat Activity Objects > Security Profiles > Anti-Spyware/Vulnerability Protection Use the Threat Details dialog to learn ...