Professional Documents
Culture Documents
Content-ID
Applications Exploits & Malware Dangerous URLs Unknown & Targeted Threats
• All traffic, all ports, all the time • Block threats on all ports • Malware hosting URLs • WildFire detection of unknown
• Application signatures • NSS Labs Recommended IPS • Newly registered domains and targeted malware
• Heuristics • Millions of malware samples • SSL decryption of high-risk sites • Unknown traffic analysis
• Decryption • Anomalous network behaviors
• Reduce the attack surface • Prevents known threats • Block known sources of threats • Pinpoints live infections and
• Remove the ability to hide • Exploits, malware, • Be wary of unclassified and targeted attacks
C&C traffic new domains
> > > > > > > > > > > > > > > > > > > > > > > > > > > Decreasing Risk > > > > > > > > > > > > > > > > > > > > > > > > > > >
PAGE 2
PA L O A LT O N E T W O R K S : C o n t e n t - I D Te c h n o l o g y B r i e f
Policy E
ngine Single P
App-ID as
User-ID Softwares
Conten
t-ID
Network
ing
Manag Conten
ement t
Securi
ty
Contr
ol Pla
ne Networ
king Palo Alto Networks single pass
Data P
lane parallel processing architecture
accelerates content inspection
performance while minimizing latency.
PAGE 3
PA L O A LT O N E T W O R K S : C o n t e n t - I D Te c h n o l o g y B r i e f
Output
Stream-based scanning
Stream-based scanning helps
Latency
Latency minimize latency and maximize
Time Time throughput performance.
Stream-based Virus Scanning • WildFire Virtualized Sandbox - When the Palo Alto Networks
Prevention of known viruses and malware is performed through firewall encounters an unknown file (initially portable
the use of stream-based scanning, a technique that begins scanning executable files, and expanding to other file types in the future),
as soon as the first packets of the file are received as opposed the file can be submitted to the hosted WildFire virtualized
to waiting until the entire file is loaded into memory to begin sandbox. Submissions can be made manually or automatically
scanning. This means that performance and latency issues are based on policy. The sandbox provides virtual targets for the
minimized by receiving, scanning, and sending traffic to its suspected malware where Palo Alto Networks can directly
intended destination immediately without having to first buffer observe more than 70 malicious behaviors that can reveal the
and then scan the file. presence of malware.
Palo Alto Networks maintains an independent database of • Automated Signature Generator – When a sample is identified
millions of malware samples, with more than 50,000 samples as malware, the sample is then passed on to the signature
analyzed daily. Signatures for all types of malware are generated generator, which automatically writes a signature for the
directly from millions of live virus samples collected by Palo sample and tests it for accuracy. Signatures are then delivered
Alto Networks from several sources including a worldwide to all Palo Alto Networks customers as part of the malware
network of honeypots deployed around the world, from the signature updates.
WildFire malware analysis engine and from other leading
third-party research organizations around the world. The Palo • Deep Visibility and Analysis – In addition to providing
Alto Networks threat team analyzes the samples and quickly protection from modern malware, users can see a wealth of
eliminates duplicates and redundancies. New signatures for new information about the detected malware in reports available
malware variants are then generated (using our uniform signature on the WildFire Portal. This includes the ability to see all
format) and delivered to customers through scheduled daily or behaviors of the malware, the user that was targeted, the
emergency updates. application that delivered the malware, and all URLs
involved in delivery or phone-home of the malware.
PAGE 4
PA L O A LT O N E T W O R K S : C o n t e n t - I D Te c h n o l o g y B r i e f
Policy-based Management
Content-ID is enabled on a per rule basis using individual or
group profiles to facilitate policy-based control over content
traversing the network.
PAGE 5
PA L O A LT O N E T W O R K S : C o n t e n t - I D Te c h n o l o g y B r i e f
3300 Olcott Street Copyright ©2011, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks,
Santa Clara, CA 95054 the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of
Palo Alto Networks, Inc. All specifications are subject to change without notice.
Main: +1.408.573.4000
Palo Alto Networks assumes no responsibility for any inaccuracies in this document
Sales: +1.866.320.4788
or for any obligation to update information in this document. Palo Alto Networks
Support: +1.866.898.9087 reserves the right to change, modify, transfer, or otherwise revise this publication
www.paloaltonetworks.com without notice. PAN_TB_ContentID_102411