Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.
The new features are built into the latest version of Palo Alto’s firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company’s WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).
WildFire is Palo Alto’s on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto’s firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.
New to the service are Advanced WildFire features designed to better detect highly evasive zero-day malware attacks.
With Advanced WildFire, Palo Alto added intelligent run-time memory analysis combined with stealthy observation techniques that will let the system detect and protect resources quickly, said Anand Oswal, senior vice president, network security, at Palo Alto.
“Stopping the zero-day threats – that is the singular focus of this release,” Oswal said. “The new release stops 26% more zero-day malware than traditional sandboxes and detects 60% more injection attacks and keeps enterprises one step ahead of some very sophisticated threats.”
Oswal cited GuLoader, which is an advanced trojan downloader that uses shellcode to evade antivirus-analysis techniques, as an example of today’s sophisticated threats
PAN-11 Nova also builds on the previous version of