Palo Alto Networks has announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps advanced endpoint protection offering. These updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.
Many organisations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Traditional antivirus products struggle to keep pace and invariably fail to prevent these attacks on endpoints.
An alternative to legacy antivirus point products, Traps uniquely combines the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.
As a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches, Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire™ cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.
The new functionality announced today, which includes static analysis via machine learning and trusted publisher capabilities will allow Traps to detect and immediately prevent malware that has never been seen.
- “The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace. The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”
– Rob Westervelt, research manager, Security Products, IDC
- “Antivirus point products give organisations a false sense of security, because while they technically make users compliant with regulatory and corporate governance requirements, they do not protect against today’s advanced cyberthreats. To do that, organisations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
The latest version of Traps, version 3.4, will be available by the end of August on the Palo Alto Networks Support Portal and will include the following updates:
- Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
- Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
- Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
- Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.