Malware is easily one of the biggest problems that anyone could face when it comes to keeping a computer system of most any size up and running. From laptops to servers and most everything in between, malware can bring a system to its knees, and with the system, the impact of malware is impossible to overestimate. Palo Alto (News - Alert) Networks' WF-500 is looking to put a hurt on malware by offering a new out-of-band management capability in terms of security.
The WF-500 got its start back in November 2012, rolling out as a cloud only service known as WildFire, but recently made the jump to on-premises system in the WF-500. As for what it does the WF-500 checks unknown payloads on the network and examines said payloads for potential malicious activity, operating almost like a customs official might, but for a computer rather than a country.
Senior Security Analyst for Palo Alto Networks, Wade Williamson (News - Alert) explained the WF-500 as taking the material that comes in through the firewall and subjecting it to a little sandbox-style analysis, seeing if the packets are planning to exhibit any potentially hazardous behavior. The on-premises version, meanwhile, came to be when Palo Alto Networks noted that some customer networks couldn't take advantage of a cloud-based version of WildFire as data couldn't be sent outside a network.
Since the WF-500 is located outside of standard packet traffic systems, the device can comfortably—and safely—execute unknown packets to see what the effects of the same are. If there's a problem, it can be addressed within the WF-500 as opposed to letting the malware in question do its damage to the main system.
Since the WF-500's processes are done out-of-band, it does mean there's a bit of a delay in terms of providing protection to the larger network, especially when it comes to brand-new threats. Anything that's unique, zero-day matter may slip through while the WF-500 is conducting its analyses. But once the work is done, the information provided by the WF-500 can allow an enterprise to appropriately modify its firewall systems and set up new rules to prevent the offending matter from coming through in the future. Since the WF-500 can activate the malware in question safely, it gets what is described as a “real” signature, which can then be appropriately blocked.
Williamson went on to note that the signatures developed were “better than the average bear,” which makes some sense given that essentially the WF-500 is taking a bullet for the larger system, then removing said bullet and analyzing it so that the main system can't be shot with it later.
Though the WF-500 may not be able to stop everything unpleasant from making it onto the network, it's a safe bet that the WF-500 will stop some things that otherwise would have gotten in, and will likely make firewall systems better and more efficient down the line by teaching said systems what to look for and stop immediately. With malware on the rise throughout the Web, having some kind of malware protection is simply as appropriate response as anyone would take in a hazardous environment. It's the equivalent of snow chains on a mountain road or carrying extra water to go into the desert. Malware protection for a network—or just a PC—is a vital part of everyday operations, and the Palo Alto Networks WF-500 looks to provide just that and in a big way.
Edited by Jamie Epstein