Traditional antivirus is not the solution to breach prevention on the endpoint —it’s the problem. If you’re still using antivirus, you’re leaving your organization vulnerable to cyberattacks.
It’s time to replace your traditional antivirus with next-generation endpoint security. But how? This white paper outlines:
Three core reasons for replacing antivirus as soon as possible
Five security capabilities you need in an AV replacement solution to protect your users, systems and endpoints
A multi-method approach to protecting your endpoints from known and unknown threats without antivirus
Palo Alto Networks Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of purpose-built malware and exploit prevention methods that protect users and endpoints from known and unknown threats. Traps prevents security breaches, in contrast to breach detection and incident response after critical assets have already been compromised.
Traps Advanced Endpoint Protection:
Prevents cyber breaches by preemptively blocking known and unknown malware, exploits and zero-day threats.
Protects and enables users to conduct their daily activities and use web-based technologies without concerns for known or unknown cyberthreats.
Automates prevention by autonomously reprogramming itself using threat intelligence gained from WildFire.
Find the Unknown With a Unique Multi-Technique Approach
WildFire goes beyond legacy approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and evasion-resistant discovery, including:
Dynamic analysis: Observes files as they detonate in a custom-build evasion resistant virtual environment, enabling detection of zero-day malware and exploits using hundreds of behavioral characteristics.
Static analysis: Highly effective detection of malware and exploits that attempt to evade dynamic analysis, as well as instantly identifying variants of existing malware.
Machine learning: Extracts thousands of unique features from each file, training a predictive machine learning classifier to identify new malware and exploits not possible with static or dynamic analysis alone.
Bare metal analysis: Evasive threats are automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis techniques.
Together, these four unique techniques allow WildFire to discover and prevent unknown malware and exploits with high efficacy and near-zero false positives.
The Power of the Threat Intelligence Cloud
As part of the Palo Alto Networks Threat Intelligence Cloud, WildFire is the world’s largest distributed sensor system focused on identifying and preventing unknown threats, with more than 14,000 enterprise, government, and service providers contributing to the collective immunity of all other users. When a novel malware or exploit is seen, WildFire automatically creates and shares a new prevention control in about 300 seconds, without human intervention.
WildFire also forms the central prevention orchestration point for the Palo Alto Networks Next-Generation Security Platform, allowing the enforcement of new controls across:
Threat Prevention to block malware, exploits, as well as command-and-control (anti-C2 and DNS-based callback) activity.
URL Filtering with PAN-DB for the prevention of newly discovered malicious URLs.
AutoFocus™ contextual threat intelligence service, enabling the extraction, correlation, and analytics of threat intelligence with high relevance and context.
Traps™ advanced endpoint protection and Aperture™ SaaS security service for real-time verdict determination and threat prevention.
Integration with our technology partners for verdict determination on third-party services with the WildFire API.
Threat Intelligence, Analytics, and Correlation
In combination with WildFire, organizations can use AutoFocus to hone in on the most targeted threats with high relevance and context. AutoFocus provides the ability to hunt across all data extracted from WildFire, as well as correlate indicators of compromise (IoCs) and samples with human intelligence from the Unit 42 threat research team. Together, WildFire and AutoFocus provide a complete picture into unknown threats targeting your organization and industry, and speed your ability to quickly take action on intelligence, without adding specialized security staff.