PLUGGED IN
Issue 7: August 2016
Vendor Partner Spotlight

Palo Alto Networks Announces New Enhancements to Traps

Palo Alto Networks Traps offers organizations multi-method prevention, combining purpose-built malware and prevention methods to protect users and endpoints from unknown threats.

Key Features of Traps Advanced Endpoint Protection:

  • Prevents cyber breaches by preemptively blocking known and unknown malware, exploits and zero-day threats.
  • Protects and enables users to conduct their daily activities and use web-based technologies without concern for known or unknown cyber threats.
  • Automates prevention by autonomously reprogramming itself using threat intelligence gained from WildFire.

Traps Multi-Method Malware Prevention:

Traps prevents malicious executables with a unique, multi-method prevention approach that maximizes the coverage against malware while simultaneously reducing the attack surface and increasing the accuracy of malware detection.

This approach combines several prevention methods to instantaneously prevent known and unknown malware from infecting a system.

  1. Static Analysis via Machine Learning: This method delivers an instantaneous verdict for any unknown executable file before it is allowed to run. Traps examines hundreds of the file's characteristics in a fraction of a second, without reliance on signatures, scanning or behavioral analysis.
  2. WildFire Inspection and Analysis: This method leverages the power of Palo Alto Networks WildFire™ cloud-based malware analysis environment to rapidly detect unknown malware and automatically reprogram Traps to prevent known malware. WildFire eliminates the threat of the unknown by transforming it into known in about 300 seconds.
  3. Trusted Publisher Execution Restrictions: This method allows organizations to identify executable files that are among the "unknown good" because they are published and digitally signed by trusted publishers-entities that Palo Alto Networks recognizes as reputable software publishers.
  4. Policy-Based Execution Restrictions: Organizations can easily define policies to restrict specific execution scenarios, thereby reducing the attack surface of any environment. For example, Traps can prevent the execution of files from the Outlook® "temp" directory or prevent the execution of a particular file type directly from a USB drive.
  5. Admin Override Policies: This method allows organizations to define policies, based on the hash of an executable file, to control what is allowed to run in any environment and what is not. This fine-grained whitelisting (or blacklisting) capability controls the execution of any file, based on user-defined conditions that tie into any object that can be defined with Microsoft® Active Directory®.

Traps Multi-Method Exploit Prevention

Traps uses an entirely new and unique approach for prevention as it focuses on the core exploitation techniques used by all exploit-based attacks. Each exploit must use a series of these exploitation techniques to successfully subvert an application. Traps renders these techniques ineffective by blocking them the moment they are attempted. As a result, organizations can run any application, including those developed in-house and those that no longer receive security support, without imminent threat to their environment. In addition, Traps implements a multi-method approach to exploit prevention, combining several layers of protection to block exploitation techniques.

  1. Memory Corruption Prevention: Traps prevents the exploitation techniques that manipulate the operating system's normal memory management mechanisms for the application that opens the weaponized data file containing the exploit.
  2. Logic Flaw Prevention: Traps recognizes and blocks the exploitation techniques that allow an exploit to manipulate the operating system's normal application process and execution mechanisms.
  3. Malicious Code Execution Prevention: In most cases, the end goal of exploitation is to execute the attacker's commands that are embedded in the exploit file. This prevention method recognizes the exploitation techniques that allow the attacker's malicious code to execute and blocks them before they succeed.

Next-Generation Security Platform

Traps automatically converts threat intelligence gained from a global community of WildFire subscribers and multiple threat intelligence sources into malware prevention.

When WildFire identifies an executable file as malicious Traps automatically reprograms itself to prevent the execution of that file.

The automatic reprogramming and conversion of threat intelligence eliminates the opportunity for an attacker to use unknown and advanced malware to infect a system.

This is effective since attackers can use each piece of malware once and within seconds before WildFire renders it entirely ineffective.

The native integration of Traps with the Palo Alto Networks Next-Generation Security Platform enables organizations to continuously share the growing threat intelligence gained across both network and endpoints to coordinate prevention and response.

For more information please contact:

Mike Lappin
Vice President of Strategic Partnerships
631.414.4816  
Mike.Lappin@marcumtechnology.com
View Profile