Palo Alto PA-415 Advanced WildFire Lizenz für HA-Geräte

Modern malware has shown to be highly evasive, using techniques such as packing, encryption, and fileless or memory-only presence to bypass traditional security defenses. These advanced evasion methods have added complexity in detecting new and sophisticated malware, rendering AV scanning and traditional sandboxing solutions useless.

To mitigate risks associated with attacks using evasive techniques, organizations turn to sandboxing solutions for malware analysis. Unfortunately, traditional sandboxing solutions can suffer from the following pitfalls that render them useless against advanced threats:

• Traditional sandboxing solutions cannot stay hidden from malware. Highly evasive malware checks for instrumentation or “hooks,” which are used by sandboxes to log the activity of a sample when it is under analysis. Since analysis engines reside in the same environment as where the malware would execute, if malware observes the presence of these hooks, it will choose not to execute or, in cases of sophisticated malware, to evade the hooks. This tricks the sandbox into thinking the sample is benign
• Traditional sandboxing solutions may be tricked by latent behavior. Some sandboxes can time out and miss a detection because of “sleeping” malware. Traditional sandboxes cannot simply reduce the timer to a low number because it might break the execution of other software
• Traditional sandboxing solutions cannot detect memory-resident malware. Machine learning models trained on file structure alone are ineffective at detecting samples that employ evasion techniques such as obfuscation, packing, and execution of dynamically injected shellcode in process memory. Additionally, significant storage, compute, and infrastructure are required to look into memory samples, which most vendors do not invest in
• Traditional inline sandboxing solutions affect user productivity. When a vendor chooses to hold files for analysis, they will, in turn, interrupt user workflows and productivity
• Traditional sandboxing solutions are slow to deliver verdicts. Without a connected security ecosystem, signature updates can take anywhere from hours to days to provide updates

Go Beyond Traditional Sandboxing

Palo Alto Networks Advanced WildFire is the industry’s largest cloud-based malware prevention engine that protects organizations from highly evasive threats using patented machine learning detection engines, enabling automated protections across network, cloud, and endpoints. Advanced WildFire analyzes every unknown file for malicious intent and then distributes prevention in record time—60x faster than the nearest competitor—to reduce the risk of patient zero.