NextGig Systems, Inc. - Network Connectivity & Test Solutions

Palo Alto Networks' Next-Generation Firewalls - Antivirus

Network-based Malware Protection

The broadening use of social media, messaging and other, non-work related applications introduces a variety of vectors that can be used to propagate viruses, spyware, worms and other types of malware. Palo Alto Networks next-generation firewalls allow organizations to first block unwanted applications with App-ID and then scan the allowed applications for malware.

Questions? Call  1-805-277-2400

Broad-based protection against a range of malware.

The antivirus engine detects and blocks viruses, spyware phone home, spyware download, known Bots, as well as worms and Trojans. Additional features, over and above the protection against a wide range of threats, include:

Inline, stream-based protection against malware embedded within compressed files and web content.

Protection against HTML and malicious Javascript.

Leverages SSL decryption within App-ID to block viruses embedded in SSL traffic.


Stream-based scanning dramatically reduces latency.

The antivirus engine uses stream-based scanning to begin inspecting traffic as soon as the first packets of the file are received, eliminating the performance and latency issues associated with the traditional proxy- or file-based approach. As with IPS, a uniform signature format is use for virus scanning, thereby eliminating redundant processes common to multiple scanning engine solutions (TCP reassembly, policy lookup, inspection, etc.), while the single pass software means that the traffic is touched only once, no matter how many policy elements are in use.

Continual malware research and updates.

Signatures for all types of malware are generated directly from millions of live virus samples delivered to Palo Alto Networks by leading third-party research organizations around the world. The Palo Alto Networks threat team analyzes the samples and quickly eliminates duplicates and redundancies. New signatures for new malware variants are then generated (using our uniform signature format) and delivered to customers through scheduled daily or emergency updates.

Protect the network from threats propagated by drive-by downloads.

Unsuspecting users can inadvertently download malware without knowing, merely by visiting their favorite web page and clicking on an image. Known as drive-by downloads, this increasingly popular malware delivery mechanism can be controlled by Palo Alto Networks next-generation firewalls by identifying malware downloads and presenting users with a warning to ensure that the download action is desired.

For more information, pricing, demonstration or evaluation on Palo Alto Networks Products please contact us here.