Security subscriptions allow you to safely enable applications, users, and content by selectively adding fully integrated protection from both known and unknown threats, classification and filtering of URLs, and the ability to build logical policies based on the specific security posture of a user's device. Most importantly, these subscriptions are seamlessly integrated, sharing the context generated by App-ID and allowing you to generate policies that protect your network while also enabling your business.
The Threat Prevention subscription adds integrated protection from a variety of network-borne threats including exploits, malware, dangerous files, and content. This powerful subscription includes NSS recommended IPS functionality, stream-based blocking of millions of known malware samples, protection from spyware, command-and-control traffic, and a variety of hacking tools.
Palo Alto Networks threat prevention engine represents an industry first by detecting and blocking both malware and application vulnerability exploits in a single pass. Traditional threat prevention technologies require two, sometimes three scanning engines which adds significant latency and dramatically slows throughput performance. Unlike these solutions Palo Alto Networks leverages a uniform signature format for all threats and malware and ensures fast processing by performing all analysis in a single integrated scan. The uniform signature format eliminates many redundant processes common to multiple scanning engine solutions (TCP reassembly, policy lookup, inspection, etc.) and in so doing, improves performance. Stream-based scanning means that the scanning process begins as soon as the first packets of the file are received, thereby eliminating the latency issues.
The Threat Prevention subscription even goes beyond simply blocking malicious content to include the control of specific file types by policy, as well as inspecting traffic for specific content to prevent data loss. As a result, this critical subscription not only provides you with critical protection from threats, but also gives you important additional policy controls that keep your network secure.
URL filtering is enabled through an annual subscription that provides you with a URL filtering database that controls web activity based on users through URL category level controls, or through customizable white- and black-lists. The URL filtering subscription is not bound by any user limitations, which provides you with greater flexibility in terms of growth and more predictable operational expenses. The URL filtering subscription includes continual updates to the URL filtering database, as well as problem resolution.
GlobalProtect delivers consistent security to users in all locations. It may be deployed in many different scenarios for extending the protection of your next-generation firewall to endpoints both within and outside of the organization. With a GlobalProtect gateway subscription, you can apply the state of the endpoint device as part of the context for security policy using the Host Information Profile (HIP). In addition, users with mobile devices can use GlobalProtect apps for iOS and Android to connect to the next-generation firewall.
The GlobalProtect Portal license extends the range of coverage by enabling you to deploy GlobalProtect gateways in a greater number of configurations. For example, with a Portal license, you can deploy multiple external gateways in order to support users in different geographies. In addition, with the Portal license, gateways may also be deployed internally to protect local and wireless networks.
The WildFire subscription provides integrated protection from advanced malware and threats. WildFire adds the increasingly important ability to proactively identify and block unknown threats such as custom or polymorphic malware, which are commonly used in modern cyberattacks.
The subscription provides you with following advanced capabilities:
- WildFire signature feed – receive new malware protections every 30 minutes covering newly discovered malware identified by WildFire.
- Integrated WildFire logs – logs automatically delivered to the firewall including analysis verdicts for all analyzed files and malware.
- WildFire API – Enables you to programmatically submit files to WildFire, as well as take advantage of WildFire integration with Bit9 and Mandiant solutions.