With the current media focus on CryptoLocker and GOZeus malware it would be worth considering how Palo Alto Networks Firewall can stop the likes of these from taking hold in the first place.
Below is a link about how Palo Alto Networks can stop CryptoLocker:
http://researchcenter.paloaltonetworks.com/2013/11/palo-alto-networks-can-stop-cryptolocker
Palo Alto Networks Firewalls address all areas of what is generally referred to as the kill chain. The kill chain being the opportunity to spot and stop the attacks before they reach their end goal.
As seen from the article above the kill chain ‘opportunities to spot and stop’ are as follows:
Phase 1 – Recon/bait End-User
Phases 2 & 3 – Exploit and Download Backdoor
Phase 4 – Establish Command and Control
That’s four phases to deal with the problem before it becomes a problem.
Palo Alto Networks firewall has visibility and control through WildFire, their anti-virus, anti-spyware and URL filtering ‘pan-db’. These elements are all used all of the time to provide you with the ability to disrupt an imminent attack.
All of the above elements are Palo Alto Network’s own engines and signatures so if something is found by WildFire for example, the URLs found within the malware ‘potentially found by another Palo Alto Networks customer’s WildFire submission already’ can then be placed into Palo Alto Networks own URL filter’s malware category for immediate use by all subscribers.
The result being that ‘for one’ the URL filter you are using will benefit from something that may have only just been found elsewhere moments ago by another automated mechanism. This means that your firewall will already know about something no human even knows is going to deliver malware or allow it to phone home.
In summary Palo Alto Networks firewalls have unparalleled visibility of applications and threats, there are many components that make up the firewall all working together in real time to alert and disrupt imminent attacks.
By Robert Needs
Senior Engineer at Net-Ctrl