Network traffic profiles detect malicious traffic patterns
that might otherwise be misclassified as benign, such as communications
with legitimate sites used as part of a command and control mechanism.
The WildFire cloud dynamic analysis environment now has a network
traffic profile detection module that performs deep inspection of PCAPs
produced during sample analysis. Network traffic profiles are created
through PCAP analysis by looking for 10 or more networking session
attributes, which in turn is used by the WildFire cloud to detect
known and variants of known malware using a one-to-many profile
match. No configuration changes or PAN-OS updates are required to enable
network traffic profiling. All changes and updates have been made
in the WildFire Cloud.
When the analysis environment identifies a malicious traffic
pattern, a new behavior is shown under the
of the WildFire analysis report with the description
or more malicious network patterns were triggered