Traps Endpoint Protection Highlights

Here are a few things that set Palo Alto Networks Advanced Endpoint Protection apart from the rest. To see more, please request a demo.

Traps represents a complete paradigm shift from identification to pure prevention.

On average it takes an organization 225 days to detect a targeted attack. And 84% of organization’s discovered the attack through a 3rd party.

There are thousands of new vulnerabilities and exploits discovered every year. However, there are only 2 to 4 new exploit techniques developed every year. Traps focuses on these exploit techniques to stop and prevent the attacks.

There are millions of new malware discovered every year, However, there are only 10’s-100’s of new sub-techniques developed every year. Traps focuses on these sub-technique to stop and prevent the attacks.

Patch management alone does not provide adequate protection because vulnerabilities exist long before patches are released and there is inevitable delay in installing newly released patches. Furthermore, legacy software such as Windows XP that is no longer supported by the vendor can never be patched and will remain publicly vulnerable.

Traps provides comprehensive exploit and malware prevention that although capable of identifying threats, it is not designed to identify; instead, it prevents an attack before the malware can be successful. Traps doesn’t need prior knowledge of an attack in order to prevent it.

Exploit prevention - Typical attacks use memory-corruption techniques such as buffer overflows and heap corruption to trigger bug in software or exploit a vulnerability in a process.Traps prevents these exploit attempts by employing roadblocks or traps at each stage of the exploitation attempt. This same protection applies to non-executable files such as PDF’s, this is accomplished as the Traps agent injects drivers into the software that opens a file before the processes are loaded into memory.

Malware Prevention Engine - Traps uses a combination of policy-based restrictions and malware prevention modules to limit the surface area of an attack and control the source of file installation such as from external media. Traps can also limit or block child processes, Java processes initiated in web browsers, creation of remote threads and processes, and the execution of unsigned processes.

Forensics & Wildfire - Traps performs collection of forensic data from security events and integrates with Wildfire, allowing Traps to create a file hash from the executable file and check it against a local cache of hash values. If the file hash is unknown in the local cache, Traps forwards the hash value to the Endpoint Security Manager which checks its local database. If the file hash is unknown in the local database, the Endpoint Security Manager forwards the hash value to WildFire which responds with the results of the hash lookup, either malicious, benign, or unknown.

By focusing on the exploit techniques and not the attack itself, Traps can prevent the attack without prior knowledge of the vulnerability,regardless of patches in place, and without signatures or software updates.

The Traps agent installer is a ~9 MB MSI package that can be deployed using your software deployment tool of choice. Subsequent updates to the agent can be deployed via the ESM.