November 14, 2012, 1:19 PM — LAS VEGAS -- Palo Alto Networks wants its next-generation firewall to be the center of enterprise security, giving it a malware-detection and analysis capability called WildFire that's intended to inspect all traffic passing through the firewall to detect targeted attacks within 30 minutes.
"The firewall is the most pervasive network security device you have," said Lee Klarich, vice president of product management at Palo Alto Networks, in his presentation on the array of new Palo Alto next-generation products released this week, including its first virtualized next-generation firewall. But here at Palo Alto's first customer conference, called Ignite, the company made it clear it also wants to be a significant player in malware detection, too, with its WildFire cloud-based service intended to identify targeted zero-day malware-based attacks at Palo Alto customers.
WildFire was introduced as a free service for customers with Palo Alto NGFWs to monitor for what could be zero-day malware attacks. WildFire is now ready to not just monitor for detection but also ready to block malware, too. It's now being offered under a subscription-based service, Klarich said.
"It has to be preventative. If all we're do is tell you something bad happened, you have to close it down, you'll stop using it," he said.
The WildFire malware-detection component resides in the NGFW to look at all the traffic passing through and make a copy of executables to send to a cloud-based service that within a few minutes will analyze it and, if it's deemed malicious, save it and notify the security manager.
But WildFire isn't necessarily going to catch things on the first try.
"At first the file goes through," said Wade Williamson, senior security analyst at Palo Alto. The idea is to determine as quickly as possible a targeted attack and generate a custom signature to prevent specific malware zero days in the future. However, since targeted attacks today often are made with rapid malware changes made by attackers, it's a question if WildFire can keep up with a bombardment, or if security manages will always be looking in the rear-view mirror.