For example, wildfire detected an unusual behavior of application then it send something on the wildfire cloud. If the client have a subscription for 30 to 60 minutes update. How long can wildfire send a patch for that application on the end-user? or i mean how long does wildfire cloud can evaluate the application as malware or threat?
In that case, the moment palo alto detect some unusual behavior or suspicious file it sends data to the wildfire cloud. Then client will just wait for 30 to 60 minutes for palo alto to deliver the updates and new signatures. It doesn't matter how difficult for that signatures to be created. Is that correct?
The PA unit doesnt do any analyse on its own.
You setup firewall rules on which traffic (files) to be sent to wildfire for analyze (allow-and-forward).
If you have a WF-500 appliance the files never leave your datacenter (compared to the cloudbased Wildfire where the files are sent into some Amazon EC2 cloud setup) unless when malware is detected then the malware file is being forwarded to PaloAlto so a signature will be created.
Once the files has been sent the first check (unfortunately) is if the binrary is signed by a trusted CA or not - if its signed it wont be checked (I hope this will change in future looking at cases such as stuxnet and flame who used real CA certs from Realtek (among others) to sign their malware) samt goes if the file has already been investigated previously.
Once its being checked and if identified as malware the signature for this file will be available within one hour for those with a wildfire-subscription - the rest will have to wait for the weekly updated of the threat db to get the same signature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!