WildFire burning through the wire

Overall Satisfaction with Palo Alto Networks WildFire

WildFire is a good product for sandboxing unknown files. Any exe, pdf, doc, etc file that originates from the interwebs is sent to the WF cloud. Internal info is sent to a WF appliance for internal assessment. Hashes from internal analysis is shared with the cloud but not the file.
  • WF helps identify potentially malicious files across a large range of types and operating system executable files.
  • WF + Traps helps catch things from a client that may traverse encrypted channels or that don't pass through a firewall.
  • WF Appliance helps address compliance concerns allowing sandboxing of files on site.
  • As all sand boxes, WF needs to stay on top of malware sandbox evasion techniques.
  • The initial management and setup of WF could be better.
  • Have had some bugs with WF code.
  • Unknown file analysis helps with identifying malware that may not have a current signature.
  • Additional visibility into files transferred across networks.
  • FireEye
We use both FireEye and WildFire - they are the same and different. No analysis has been done.
With the new integration to Traps and Virtual firewalls, the only place WF does not work is trying to analyze files that don't cross a firewall (1) and where Traps can't be installed (2). Other than that, there is no issue sandboxing everything that has an unknown hash.