* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Security Platform](https://www2.paloaltonetworks.com/blog/category/security-platform/)
* If You're Trying To Find ...

# If You're Trying To Find a Needle In A Haystack, Use A Metal Detector!

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F07%2Fif-youre-trying-to-find-a-needle-in-a-haystack-use-a-metal-detector%2F)  
[](https://twitter.com/share?text=If+You%E2%80%99re+Trying+To+Find+a+Needle+In+A+Haystack%2C+Use+A+Metal+Detector%21&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F07%2Fif-youre-trying-to-find-a-needle-in-a-haystack-use-a-metal-detector%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2015%2F07%2Fif-youre-trying-to-find-a-needle-in-a-haystack-use-a-metal-detector%2F&title=If+You%E2%80%99re+Trying+To+Find+a+Needle+In+A+Haystack%2C+Use+A+Metal+Detector%21&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2015/07/if-youre-trying-to-find-a-needle-in-a-haystack-use-a-metal-detector/&ts=markdown)  
\[\](mailto:?subject=If You’re Trying To Find a Needle In A Haystack, Use A Metal Detector!)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Jul 08, 2015  
3 minutes  
[Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Automated Correlation Engine](https://www.paloaltonetworks.com/blog/tag/automated-correlation-engine/?ts=markdown)  
[correlation objects](https://www.paloaltonetworks.com/blog/tag/correlation-objects/?ts=markdown)  
[globalprotect](https://www.paloaltonetworks.com/blog/tag/globalprotect/?ts=markdown)  
[PA-3000](https://www.paloaltonetworks.com/blog/tag/pa-3000/?ts=markdown)  
[PA-5000](https://www.paloaltonetworks.com/blog/tag/pa-5000/?ts=markdown)  
[PA-7050](https://www.paloaltonetworks.com/blog/tag/pa-7050/?ts=markdown)  
[PAN-OS 7.0](https://www.paloaltonetworks.com/blog/tag/pan-os-7-0/?ts=markdown)  
[Panorama](https://www.paloaltonetworks.com/blog/tag/panorama/?ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown)

I don't usually blog about specific product features, but I'm so excited about our new correlation objects, released in our [7.0 update to PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os), that I really can't help myself. It's been a month now since we released 7.0, and I'm still particularly jazzed about this new feature!

Correlation objects, available in our [PA-5000](https://www.paloaltonetworks.com/products/platforms/firewalls/pa-5000/overview.html) Series, [PA-3000](https://www.paloaltonetworks.com/products/platforms/firewalls/pa-3000/overview.html) Series, the [PA-7050](https://www.paloaltonetworks.com/products/platforms/firewalls/pa-7050/overview.html), and [Panorama](https://www.paloaltonetworks.com/network-security/panorama), accurately identify infected devices based on patterns of network behavior that are correlated to characteristics of specific threats. So, for example, if a device is infected, the correlation engine can identify a pattern of a behavior: a host having visited a malware URL, then a vulnerability being exploited, and then abnormal DNS requests generated from said host.

Maybe a user took a corporate laptop home and inadvertently picked up some known malware (looks like [GlobalProtect](https://www.paloaltonetworks.com/products/globalprotect) wasn't activated!). When this user reconnects to the network, the correlation object correlates suspicious activities stemming from that device, which may not be of any concern individually, but taken together, alert the security team that this laptop needs to be remediated.

Meanwhile, the infection is stopped from spreading because [Threat Prevention](https://www.paloaltonetworks.com/cyberpedia) IPS, AV, and anti-spyware protections have blocked the malware from moving laterally inside the network and ended its outbound command and control beacons.

What's really cool about this, though, is how it works with [WildFire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire) to dynamically correlate network activities based on zero-day malware.

Take the same concept of looking for patterns of abnormal behavior that point to infection, and from there, factor in zero-day malware that WildFire discovers. As soon as WildFire analyzes new file behavior, which only takes a few minutes for completely unknown files, a report on the file's malicious behavior is sent back to the security platform. Our correlation engine consumes that report and looks for patterns of behavior specific to the newly discovered malicious file across the device from which it originated and other devices in the network, both going forward (analyzing in real time) and looking back through logs from 96 hours before the file was forwarded to WildFire.

At Palo Alto Networks, we believe that prevention isn't futile -- in fact, it's central to stopping breaches. However, quick mitigation is also important to limit the damage and learn from threats that get past your defenses. With the right ecosystem of detection, intelligence, and prevention, infection doesn't have to turn into a catastrophe.

There are currently five correlation objects available: three static objects that were created from Unit 42 research and two that are dynamically fed information from WildFire submissions. These five correlation objects are just the beginning. Our threat research teams, including [Unit 42](https://www.paloaltonetworks.com/blog/unit42/), will eventually be able to create new correlation objects based on their ongoing research into new attack campaigns and deliver them to deployed platforms through weekly content updates.

To learn more about the automated correlation engine and correlation objects, please visit [https://www.paloaltonetworks.com/network-security/next-generation-firewall](https://www.paloaltonetworks.com/network-security/next-generation-firewall).

*** ** * ** ***

## Related Blogs

### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Customer Spotlight: Domain Group Keeps the Presses Rolling With Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2017/09/customer-spotlight-domain-group-keeps-presses-rolling-palo-alto-networks/)

### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### SEGA Europe: You Cannot Protect What You Cannot See](https://www2.paloaltonetworks.com/blog/2019/07/sega-europe/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Welcoming the APAC WildFire Cloud](https://www2.paloaltonetworks.com/blog/2017/09/welcoming-apac-wildfire-cloud/)

### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Real Estate](https://www.paloaltonetworks.com/blog/category/real-estate/?ts=markdown), [Retail](https://www.paloaltonetworks.com/blog/category/retail/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Customer Spotlight: Delta Holding Prevents Ransomware by Upgrading Security Posture](https://www2.paloaltonetworks.com/blog/2016/10/customer-spotlight-delta-holding-prevents-ransomware-upgrading-security-posture/)  
[#### Always Innovating: Cloud Native Security for Azure, AWS \& GCP](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-september-2023/)  
[#### Always Innovating: Advanced Threat Prevention and Software Firewalls](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-august-2023/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language