TRAPS

Advanced Endpoint Protection

Palo Alto Networks Traps advanced endpoint protection replaces legacy
antivirus with multi-method prevention built into a single, lightweight agent that
secures endpoints from known and unknown malware and exploits. On its own, or
as part of the Palo Alto Networks Next-Generation Security Platform, Traps stops
targeted, sophisticated threats like ransomware without reliance on signatures.

Despite continuous investments in legacy antivirus solutions Traps examines hundreds of the files characteristics in
and next-gen AV products, organizations continue to suffer a fraction of a second, without reliance on signatures,
security breaches and successful ransomware attacks with scanning or behavioral analysis.
increasing frequency. The security industry as a whole, and
3. WildFire inspection and analysis: In addition to local
legacy antivirus solutions in particular, have struggled and
analysis, Traps uses WildFire for deep inspection of
more often failed to prevent successful security breaches
unknown files beyond just machine learning. Should
originating from endpoints.
a new threat be detected, prevention controls are
Attempts at improving the effectiveness and efficiency of shared across the Palo Alto Networks Next-Generation
antivirus solutions, as well as the security industrys collec- Security Platform, including all Traps customers, in
tive focus on detection and response, have only resulted as few as five minutes, without human intervention.
in incremental improvements in endpoint protection while WildFire combines the benefits of four independent
exposing additional flaws that limit their effectiveness in techniques for high-fidelity and evasion-resistant
preventing security breaches. discovery, including dynamic analysis, static analysis,
machine learning and bare metal analysis.
Traps secures endpoints with its unique multi-method
prevention, blocking security breaches and successful 4. Granular child process protection: Traps delivers
ransomware attacks that leverage malware and exploits, fine-grained control over the launching of legitimate
known or unknown, before they can compromise macOS or processes, such as script engines and command shells,
Windows endpoints, such as laptops, desktops and servers. that can be used for malicious purposes. This technique
is commonly used by ransomware and other advanced
Multi-Method Malware Prevention threats to bypass traditional security protections.
Traps prevents the launching of malicious executables, DLLs
5. Behavior-based ransomware protection: In addition
and Office files with a unique, multi-method prevention
to existing multi-method preventions including exploit
approach that reduces the attack surface and increases the
prevention, local analysis and WildFire, Traps moni-
accuracy of malware prevention. This approach combines
tors the system for ransomware behavior and, upon
several methods to prevent known and unknown malware
detection, immediately blocks the attack and prevents
from infecting endpoints:
encryption of customer data.
1. WildFire threat intelligence: Traps prevents known
In addition, Traps enables organizations to whitelist and
malware using intelligence from Palo Alto Networks
blacklist applications, define policies to restrict execution of
WildFire cloud-based threat analysis service. WildFire
applications, and quarantine malware to prevent its unin-
is the worlds largest distributed sensor system focused
tended dissemination.
on identifying and preventing unknown threats and
converting to known threats, with more than 17,000
enterprise, government and service provider customers Multi-Method Exploit Prevention
contributing to the collective immunity of all other users Each exploit must use a series of exploitation techniques to
across endpoints, networks and cloud applications. successfully manipulate an application. Instead of focusing
on the millions of individual attacks, Traps focuses on key
2. Local analysis via machine learning: This method exploit techniques typically used by all exploit-based attacks.
delivers an instantaneous verdict for any unknown By preventing one, Traps breaks the attack lifecycle and
executable, DLL or Office file before it is allowed to run. renders the threat ineffective.

Palo Alto Networks | Traps | Datasheet 1

Traps delivers exploit prevention using multiple methods: security logs in the same context as their firewall logs. This
facilitates correlation of discrete activities observed on the
1. Pre-exploit protection: Traps prevents vulnerability-
network and endpoints for a unified picture of security events
profiling techniques exploit kits use before they launch
across the environment, and thus detection of threats that may
exploitation attacks. By blocking these techniques, Traps
have otherwise evaded detection.
prevents attackers from targeting vulnerable endpoints
and applications, in effect preventing the attacks before Award-Winning, Industry-Recognized and C
ompliance-Ready
they begin.
Traps has won multiple awards and received industry recogni-
2. Technique-based exploit prevention: Traps prevents tion, with recent accolades including:
both known and zero-day exploits by blocking the
100 percent detection of real-world attacks - Traps
exploitation techniques attackers use to manipulate
detected 100 percent of real-world attacks and received a
applications. Although there are thousands of exploits,
maximum performance rating in a commissioned evaluation
they all rely on a small set of exploitation techniques
by AV-Test Q3, 2017
that change infrequently. Traps blocks these techniques,
thereby preventing exploitation attempts before they can Visionary Gartner named Traps a Visionary in its
compromise endpoints. 2017 Magic Quadrant for Endpoint Protection Platforms.
3. Kernel exploit prevention: Traps prevents exploits that Overall Winner and 2016 Product of the Year Traps
leverage vulnerabilities in the operating system kernel to was granted CRNs coveted Product of the Year award
create processes with escalated (system-level) privileges. among all endpoint security offerings evaluated for the
Traps also prevents injection techniques used to load and competition.
run malicious code from the kernel, such as those used
Approved Business Product AV-Comparatives, the
in WannaCry and NotPetya attacks. These enable Traps
independent organization that tests and assesses antivirus
to block advanced attacks that target or stem from the
software, presented Traps with its award in its first-ever
operating system itself.
Comparison of Next-Generation Security Products.
True Prevention for Mac Strong Performer Forrester Research named Traps
Traps secures macOS systems and replaces legacy AV with a (v3.3) a Strong Performer in its report, The Forrester
multi-method prevention approach that secures endpoints Wave: Endpoint Security Suites, Q4 2016.
against known and unknown malware and exploits before Traps has also been validated to help our customers meet their
they can compromise a system. This is in contrast to existing compliance needs as they replace their antivirus. Coalfire,
signature-based AV and next-gen security solutions for a global leader in cyber risk management and compliance
macOS that cannot prevent security breaches by blocking both services, conducted an independent evaluation of Traps with
malware and exploits, leaving the endpoint exposed to attacks. respect to the requirements of the Payment Card Industry Data
Security Standard (PCI DSS) and the Health Insurance Portabil-
Next-Generation Security Platform ity and Accountability Act (HIPAA) Security Rule, as well as the
As an integral component of the Next-Generation Security requirements of the Breach Notification Rule as formalized by
Platform, Traps shares and receives threat intelligence from the Health Information Technology for Economic and Clinical
WildFire. Each component of the platform (such as next-gen- Health (HITECH) Act of 2009 and the Omnibus Rule of 2013.
eration firewalls and Traps) that is deployed among the global
In its reports, Coalfire states that any organization currently
community of Palo Alto Networks customers continuously
using legacy AV to comply with PCI DSS or HIPAA/HITECH
shares threat intelligence with WildFire. Traps customers receive
requirements can confidently replace that solution with Traps
access to this threat intelligence as well as the complete set of
and remain compliant.
WildFire malware analysis capabilities.
The automatic reprogramming and conversion of this threat System Requirements and Operating Systems Support
intelligence into prevention all but eliminates opportunities for Traps supports endpoints (desktops, servers, industrial control
attackers to use unknown and advanced malware to infect a systems, virtual desktop infrastructure components, virtual ma-
system. An attacker can use a given piece of malware at most chines and embedded systems) across Windows and macOS/
once in an environment where Traps is deployed, and only Mac OS X operating systems. For a complete list of system
has seconds to carry out an attack before WildFire renders it requirements and supported operating systems, please visit the
entirely ineffective. Traps Compatibility Matrix webpage.
Traps also shares logs with Panorama network security man-
agement, enabling security operations teams to view endpoint

3000 Tannery Way 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark
Santa Clara, CA 95054 of Palo Alto Networks. A list of our trademarks can be found at https://www.
Main: +1.408.753.4000 paloaltonetworks.com/company/trademarks.html. All other marks mentioned
Sales: +1.866.320.4788 herein may be trademarks of their respective companies.
Support: +1.866.898.9087 traps-ds-091217

www.paloaltonetworks.com