Firewall upgrade can ID bad outbound traffic

LONDON  — Palo Alto Networks is upgrading its firewall products with a capability to precisely identify outbound traffic generated by malware, a technique that the company said will help if the malware is undetected at first and starts running on a computer.

The company calls the technology WildFire, and it will be distributed as a free upgrade for Palo Alto’s firewall products. It is aimed at halting targeted attacks, where the malware is not widely distributed and designed to evade front-line detection methods.

Palo Alto’s firewalls run suspicious-looking files in a virtualized sandbox and examine how the files behave. If a piece of malware does suspicious actions such as altering registry settings, injecting itself into processes or other bad behaviors, it will be blocked.

But if a piece of malware does escape that examination, eventually it will start sending traffic out of the computer, and that is what WildFire is designed to detect even if it is encrypted, said Wade Williamson, a senior security analyst for Palo Alto Networks.

WildFire examines the traffic, and if it is bad, will generate a signature to identify the traffic flow and stop it in the future. It may mean a machine may get infected one time with the malware, but the computer can be then be isolated and reimaged, Williamson said.

“The big issue is to make sure that you only let that infecting file by once,” Williamson said.

Palo Alto Networks firewalls were detecting strange outbound traffic before, “but we didn’t have a good answer for what caused that to start happening,” Williamson said.

In beta tests, WildFire picked up malware that hadn’t been entered yet into VirusTotal, which allows people to see if malicious software is detected by a range of security vendors, Williamson said.

WildFire is part of Pan OS 4.1, the latest operating system upgrade for the company’s firewalls.

 
The company also released on Monday the PA-200, a physically smaller firewall targeted at high speed Internet gateway deployments in branch offices. It offers 100 Mbps firewall throughput,  50 Mbps threat prevention throughput and can handle up to 64,000 sessions. It can be configured to run up to 25 IPSec virtual private network tunnels for 25 users at a time.
 
Finally, on Monday the company also extended its access and application control software, GlobalProtect, for Apple’s OSX and iOS operating systems.
 
 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now