PALO ALTO TRAPS
Advanced Endpoint Protection

Palo Alto Traps - Advanced Endpoint Protection

Palo Alto Networks Traps™ advanced endpoint protection stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyberattacks. As a lightweight agent, Traps minimizes endpoint infections by blocking malware, exploits and ransomware. It can be used for Windows®, macOS®, Android® and Linux operating systems, and can be managed on-premises or from the cloud.

Multiple methods of malware prevention

Traps prevents the execution of malicious files with an approach tailored to combat both traditional and modern attacks. Additionally, administrators can utilize periodic scanning to identify dormant threats, comply with regulatory requirements and accelerate incident response with endpoint context.

Palo Alto Traps - Prevention Methods
Palo Alto Traps - Endpoint Prevention

Threat intelligence

Traps leverages the intelligence obtained from tens of thousands of subscribers to the WildFire malware prevention service to continuously aggregate threat data and maintain the collective immunity of all users across endpoints, networks and cloud applications. Traps queries WildFire, and WildFire returns a near-instantaneous verdict on whether the file is malicious or benign. If the file is unknown, Traps proceeds with additional prevention techniques to determine whether it is a threat that should be terminated.

Local analysis via machine learning

If a file remains unknown after the initial hash lookup and has not been identified by administrators, Traps uses local analysis via machine learning on the endpoint – trained by the rich threat intelligence of WildFire – to determine whether the file can run, even before receiving a verdict from the deeper WildFire inspection.reat that should be terminated.

Dynamic analysis

In addition to local analysis, Traps sends unknown files to WildFire for discovery and deeper analysis to rapidly detect potentially unknown malware. WildFire uses independent techniques for high-fidelity and evasion-resistant discovery. These are:

Static analysis via machine learning – a more powerful version of local analysis, based in the cloud, that detects known threats by analyzing the characteristics of samples prior to execution.
Dynamic analysis – a custom-built, evasion-resistant virtual environment in which previously unknown submissions are detonated to determine real-world effects and behavior.
Bare metal analysis – a hardware-based analysis environment specifically designed for advanced threats that exhibit highly evasive characteristics and can detect virtual analysis.

Malicious process prevention

Traps prevents script-based and fileless attacks by default with out-of-the-box, fine-grained controls over the launching of legitimate applications, such as script engines and command shells.

Ransomware protection

In addition to existing multi-method prevention measures, including exploit prevention, local analysis and WildFire, Traps monitors the system for ransomware behavior. Upon detection, it immediately blocks attacks and prevents encryption of customer data.

Multiple methods of exploit prevention

Traps is unique for its ability to prevent exploits through technique identification and a protection focused model. Traps targets the techniques that any exploit-based attack must use to manipulate a software vulnerability.

Palo Alto Traps - Exploit Prevention

By preventing these techniques, Traps is able to protect unpatched systems, unsupported legacy systems, applications IT is unaware of – commonly known as shadow IT – and never-before-seen exploits, also called zero-day exploits.

Traps delivers exploit prevention using multiple methods, including:

  • Pre-exploit protection: Traps prevents the vulnerability-profiling techniques exploit kits use prior to launching attacks. By blocking these techniques, Traps prevents attackers from targeting vulnerable endpoints and applications, effectively preventing the attacks before they begin.
  • Technique-based exploit prevention: Traps prevents known, zero-day and unpatched vulnerabilities by blocking the exploitation techniques attackers use to manipulate applications.
  • Kernel exploit prevention: Traps prevents exploits that leverage vulnerabilities in the operating system kernel to create processes with escalated privileges. Traps also protects against new exploit techniques used to execute malicious payloads, such as those seen in 2017’s WannaCry and NotPetya attacks.

By blocking the techniques, Traps provides customers three important benefits:

  1. Protects unpatchable applications and shadow IT.
  2. Minimizes the risks associated with delayed patching.
  3. Prevents zero-day exploits from succeeding.

Besides malware and exploit prevention, Traps is also capable of:

  • Scanning: Administrators can scan endpoints and attached removable drives for dormant malware, with an option to automatically quarantine it for remediation when found.
  • Admin override policies: Traps enables organizations to define policies based on the hash of an executable file, controlling what is or isn’t allowed to run in their environments.
  • Malware quarantine: Traps is capable of immediately quarantining malicious executable files, DLLs and Office files to prevent propagation or execution attempts of infected files.
  • Grayware classification: Traps enables organizations to identify non-malicious but otherwise undesirable software, such as adware, and prevent it from running in their environments.
  • Execution restrictions: Traps enables organizations to easily define policies to restrict specific execution scenarios to reduce the attack surface of any environment.