German WildFire Cloud

More and more sophisticated cyberattacks are circumventing traditional security measures using stealthy and persistent methods, rendering your traditional antivirus, intrusion prevention and purpose-built sandbox appliance systems unable to provide a high level of protection. To face these new challenges, the WildFire technology developed by Palo Alto Networks serves as an additional protective measure to defend against advanced, persistent threat types (APTs).

Identification of Unknown Threats

The German WildFire Cloud from DTS identifies unknown malware, zero-day attacks and APTs by executing these threats in a scalable, cloud-based sandbox environment.Benefit from the improved protection of a cloud-based analysis platform thanks to access to the German WildFire Cloud. If unknown or new PDF, RTF, Office documents and PE files containing EXEs, DLLs, fonts and other file types are discovered in traffic classified natively by your firewall, these are transferred to the WildFire systems at DTS. These detect suspicious behavior and malicious cyberattacks in the shortest possible time using dynamic and static analysis methods.

Automatic Protection Thanks to Global Distribution

Although identification of a threat represents the first step, the real value of WildFire lies in protecting each individual user and network. When an unknown threat is identified, WildFire generates automatic protection to prevent the threat and its possible spread. The protection generated is then distributed to all WildFire users worldwide through an update in a maximum of 15 minutes. This rapid distribution of protection allows the rapid spread of malware and other future variations to be detected or blocked for all users without any additional activity or analysis. Known threats are also proactively blocked using Threat Prevention, which serves as the first established defense measure against known malware, exploits and malicious URLs.In conjunction with protection against malicious files or exploits, we offer in-depth analysis of malicious outgoing communications, disruptive command-and-control activities with anti-C2 signatures and DNS-based callback signatures. This is because this information also flows into the Palo Alto Networks databases, where newly discovered malicious URLs are automatically blocked. This correlation of data and in-line protection measures represent the key to identifying and preventing intrusion attempts or future attacks on your network. Only these combined measures can be used to detect and prevent both known and unknown threats be at an early stage.

The Approach with WildFire:

 

  1. Reduction of the attack surface thanks to active security controls.
  2. Blocking of known threats via the permanent monitoring of traffic, ports and protocols.
  3. Fast detection of unknown threats by running and monitoring the real behavior of incoming, unknown content in the German WildFire Cloud.
  4. Automatically development of new protections and their subsequent integration into the defenses of all WildFire users, turning unknown threats into known threats and hence stopping threats for everyone.

The Strength of the WildFire Cloud in Terms of German Conformity

The solution takes the form a cloud-based architecture which we operate in our data centers on your behalf. You can use the German WildFire Cloud through your existing Palo Alto Networks firewalls without incurring any additional hardware costs and by doing so get access to dynamically scaled malware analyzes and the automatic distribution of protective measures. WildFire intentionally replicates precise hardware
configurations in order to realistically analyze and run suspicious samples.
The redundant structure of the environment at our two German data centers allows us to guarantee you a security solution that complies with German regulations and conforms with the Federal Data Protection Act. All suspicious files are transferred securely and in encrypted form between your firewall and a DTS data center. Following the analysis, benign files are destroyed, while harmful files are archived or stored securely for further analysis. In this way, we guarantee the privacy of your data.
DTS is the only German company to offer the German WildFire Cloud, a virtual malware analysis environment that complies with German legislation. It can be used jointly across all firewalls instead of using separate hardware at each entry, exit and network presence point. This approach guarantees you the maximum benefit from sharing information on threats coupled with minimum hardware requirements.

Reporting and Correlation

WildFire also supplies you with built-in logs, analytics and insights into WildFire events on the Palo Alto Networks or Panorama administration interface. This allows security experts to immediately investigate and correlate the events observed in the network. It also allows you to quickly locate the data you need to perform early investigations and respond to incidents, and then translate this into action such as log requests or custom signatures. This information provides important data about malicious behavior, such as domains probed, files created and registry entries affected.

To support your security and detect infected hosts, WildFire also offers:

  • In-depth analysis of every malicious file sent to WildFire, including client and network-based activities
  • Session data associated with the malicious malware, including source, destination, application, User-ID™, URL address, etc.
  • Access, for example, to original malware samples for reconstruction or replication and to all PCAPs from the dynamic analysis sessions
  • Analysis uncovers many threat indicators that can be used to target the entire APT kill chain

Contact

Alexander Wyrwol
Head of Sales - Cyber Security

+49 5221 1013-741

alexander.wyrwol (at) dts.de

Markus Kohlmeier
Head of Cyber Security Services

+49 5221 1013-722

markus.kohlmeier (at) dts.de