Three Tiers: Basic → WildFire → Advanced WildFire
Basic WildFire (Free — built into NGFW)
The basic WildFire service is included as part of the Palo Alto Networks NGFW and does not require any subscription. With the basic service, the firewall can forward portable executable (PE) files for analysis, and can retrieve WildFire signatures only with antivirus and/or Threat Prevention updates, which are made available every 24–48 hours.
WildFire Subscription
The WildFire subscription provides protection from malware by forwarding samples to the Advanced WildFire cloud, where a series of analysis environments detect and prevent unknown malware threats. It includes access to regular Advanced WildFire signature updates, advanced file type forwarding, and the ability to upload files using the WildFire API. It also supports forwarding files to a local WildFire appliance for on-prem environments.
Key upgrade over Basic:
- Signature updates every 5 minutes (vs. 24–48 hrs)
- Broader file type forwarding (not just PE files)
- WildFire API access
Advanced WildFire Subscription (PAN-OS 10.0+)
The Advanced WildFire subscription includes all features of the standard WildFire subscription, and improves upon it by providing sample analysis through an advanced cloud-based detector. The advanced detection system analyzes samples using intelligent real-time runtime memory analysis, runtime DLL emulation, automated unpacking, family classification, stealth observation, and other techniques to target highly-evasive malware.
Additional capabilities over standard WildFire:
- Inline Cloud Analysis — real-time cloud-based ML engines detect and block never-before-seen malware inline, without waiting for a full sandbox verdict. Requires an active Advanced WildFire license.
- Custom hardened hypervisor — remains invisible to malware, capturing malicious behavior even during in-memory execution, with automated unpacking and dependency emulation to unravel hidden malware behaviors.
- Signatures distributed to customers in a ~5-minute window for newly detected threats, eliminating "patient zero" scenarios — 60× faster than competitors.
- Uses 25+ patented detection techniques — static, dynamic, and intelligent runtime memory assessments — versus traditional sandboxing approaches.
Summary Comparison
| Feature | Basic (Free) | WildFire | Advanced WildFire |
|---|---|---|---|
| PE file forwarding | ✅ | ✅ | ✅ |
| Advanced file types (Office, PDF, APK, etc.) | ❌ | ✅ | ✅ |
| Signature update speed | 24–48 hrs | 5 min | Real-time / 5 min |
| WildFire API access | ❌ | ✅ | ✅ |
| On-prem appliance support | ❌ | ✅ | ✅ |
| Inline ML (block before verdict) | ❌ | ❌ | ✅ |
| Runtime memory analysis | ❌ | ❌ | ✅ |
| Evasion-resistant sandbox (25+ techniques) | ❌ | ❌ | ✅ |
| DLL emulation / automated unpacking | ❌ | ❌ | ✅ |
| Stealth observation mode | ❌ | ❌ | ✅ |
| PAN-OS requirement | Any | Any | 10.0+ |
Bottom line: The standard WildFire subscription gets you fast signature updates and broad file type coverage. Advanced WildFire adds a fundamentally different analysis engine — one purpose-built to catch evasive, zero-day threats that are designed to defeat traditional sandboxes. For organizations dealing with sophisticated threats, Advanced WildFire is the meaningful upgrade.
Comments
Post a Comment