Palo Alto Networks Announces New Detection for Encrypted Sliver Command and Control in Advanced Threat Prevention

Cyberattackers aren’t just getting bolder. They’re getting better at staying hidden. Many now use advanced tools to break into an organization’s network, remain undetected and quietly steal data without setting off any alarms. One of the biggest challenges organizations face today is detecting these hidden communications, especially when attackers use strong encryption to blend in with everyday internet traffic.

A growing number of threat actors are turning to an open-source tool called Sliver to silently take control of compromised systems. Once inside, they issue commands, exfiltrate data, or move laterally, often without being noticed. What makes this more challenging to detect is their use of the latest and most secure version of the Transport Layer Security protocol, TLSv1.3, which conceals malicious activity by encrypting more of the communication than ever before. While this encryption is great for protecting user privacy, it limits visibility for traditional security tools, leaving many organizations unaware of active threats within their networks.

That’s why we’re announcing a powerful new detection capability in our Precision AI^Ⓡ-powered Advanced Threat Prevention (ATP), called Encrypted Sliver Command and Control (C2) Detection. This patent-pending technology is specifically designed to identify and stop these hard-to-spot attacks, even when they’re hidden behind TLSv1.3 encryption, via a deep learning model that analyzes subtle behavioral signals to recognize Sliver activity without requiring traffic decryption. And because it runs seamlessly in the background, there’s no extra setup or disruption required.

Encrypted Sliver C2 Detection with Advanced Threat Prevention

With Encrypted Sliver C2 Detection, organizations get better security without the added complexity. Advanced Threat Prevention takes another significant step forward in helping organizations stop today’s most advanced threats, even when attackers attempt to hide behind modern encryption.

This new detection closes a critical security gap by identifying threats that were previously invisible, giving security teams a significant advantage. Precision AI, our deep learning model for detecting Encrypted Sliver C2, is trained to spot subtle patterns of malicious behavior with high accuracy, reducing false alarms and allowing your team to focus on what truly matters. And because it’s delivered through the cloud, there’s no need for complex configuration or decryption. It operates quietly in the background, enabling smooth operations while providing strong, consistent protection.

The unmatched scale and effectiveness of Advanced Threat Prevention support all of this. Every day, Advanced Threat Prevention analyzes over 673 million new sessions, prevents more than 512,000 newly identified malicious sessions, and blocks over 28.2 billion threats inline. That’s the power of machine learning and cloud intelligence working together to help keep your organization secure, no matter how advanced or hidden the threat.

Next-Level Detection for Today’s Most Advanced Threats

Today’s attackers don’t play by yesterday’s rules. They’re stealthy and increasingly use encryption to avoid detection. That’s why we’ve designed our latest security innovation to meet today’s threats head-on, with smarter protection that works in real time.

With Encrypted Sliver C2 Detection, organizations gain a strategic edge against the most evasive threats:

• Inline Prevention of Encrypted, Unknown C2: Leverages advanced deep learning models to identify anomalous patterns indicative of malicious C2 traffic, regardless of encryption. Prevention occurs inline and in real time.
• Neutralizes Sliver C2 Communications: Specifically designed to identify and prevent the unique communication fingerprints associated with the Sliver red team tool, preventing their ability to establish persistent control and exfiltrate data.
• Enhanced Threat Prevention: Goes beyond simple detection by actively preventing the establishment of these encrypted C2 channels, effectively severing the adversary’s connection to compromised systems.
• Patent-Pending Innovation: Our proprietary and patent-pending technology, powered by Precision AI, provides a unique and highly effective approach to a critical cybersecurity challenge.
• Seamless Integration: Fully integrated into the existing Advanced Threat Prevention suite, it provides a unified and comprehensive defense against sophisticated attacks.

This game-changing capability puts your organization ahead of attackers, with powerful innovations designed to see what others miss.

Start Defending Against Invisible Threats Today

Enable Encrypted Sliver C2 Detection in Advanced Threat Prevention to expose threats that hide in encrypted traffic and stop attackers before they can do damage. With Precision AI working behind the scenes, you gain real-time protection without added disruption. Stay ahead of today’s most evasive threats and close critical gaps in your security posture.

To get started, contact a Palo Alto Networks representative.