I'm interested in 6.0 mainly for the Wildfire improvements as it can now process PDF and Office documents.
I've read the PDF on how Palo Alto handle file security, I guess I'm interested in peoples "comfort levels" at submitting documents which are potentially confidential in nature to something like WildFire.
At some point it's basically a judgement call - love to know which way you've called it and why :smileyhappy:
The PAN firewall will not send the actual file to the Wildfire cloud, instead , it will calculate the MD5 hash of the file and send to wildfire to analysis. Hence, there is no risk factor from "confidentiality" point of view.
For more detail info, please refer WildFire Administrator's Guide 6.0 (English) ---- Page No-6 (How Does WildFire Work?)
Whenever a file is transferred over a session that matches the security rule, the firewall
performs a file hash check with WildFire to see if the file has been previously analyzed. If the file is new, it is
forwarded for analyses, even if it is contained within a ZIP file or over compressed HTTP
From the WF Admin Guide. The file will be transferred to the WF Cloud if it has not seen before by WF.
The hash is used to determine whether or not the entire file needs to be sent for analysis. If the WildFire cloud already has a copy of the file - other firewalls don't need to send additional copies, consuming bandwidth and processing power. However, if the WildFire cloud has not yet seen the file, then your firewall (if configured) will forward the entire file to the cloud for full analysis/detonation.
For customers concerned with security/privacy, here are some of the options:
- Read Palo Alto Networks privacy and security statement concerning file retention & security measures taken in the WildFire Cloud
- Limit the files to be analyzed, ie: internally generated PDF files going out to the Internet do not get analyzed, but any file coming from the Internet into the environment are sent to WildFire.
- Use the WF-500 as a "private WildFire cloud" If you have a WF-500, all of the analysis occurs in your own environment. Further, you have the option of sharing nothing with Palo Alto Networks, or only the files with a "malicious" verdict.
I'm working in the National Cancer Institute, and we must, by law, prevent the transfer any file with "protected health information" in it.
Since we can't know beforehand which file might possibly contain protected health information, we have to prohibit the transfer of any file to the WildFire cloud.
Being subject to restrictions in both PCI and PHI handling, we also are looking to test deploy of the internal WF-500.
Basic Wildfire shipping of executable is no issue. But the document formats pose too much of a compliance risk to automatically ship off-site.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!