//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Announcing Traps v3.3: Advanced Endpoint Protection, Evolved


PANW-New-Logo-3

I am very proud to announce the availability of Traps v3.3, the latest release of our revolutionary advanced endpoint protection product. Traps v3.3 brings a wealth of new features, enhancements, and functionalities, including a major overhaul of the user interface to promote more efficient, streamlined management and scalability.

What Is Traps?

An integral component of the Palo Alto Networks security platform, Traps protects endpoints, including servers, desktops, laptops, and tablets from malware and exploits. Most importantly, Traps succeeds where other endpoint security products fail by preventing the most advanced exploit-based threats, without prior knowledge of the exploit or vulnerability.

The ability to prevent exploits is critical and has not been addressed by existing endpoint security solutions. It has become abundantly clear that the antivirus products we’ve all relied upon for years are no longer up to the challenge of preventing today’s threats. With Traps, we are redefining endpoint security by providing a capability that prevents endpoints from being compromised.

What’s New in Traps v3.3?

I’ll highlight some of the new features and enhancements here, but be sure to check out therelease notes.

User Interface Enhancements

Numerous UI enhancements throughout the Endpoint Security Manager (ESM) console have been made to optimize the effectiveness and efficiency of Traps configuration and monitoring.

Enhanced VDI Support

Traps has already proven to be great for organizations using virtualized desktop infrastructure (VDI) due to its small footprint and ability to prevent advanced threats, without relying on resource-intensive file system scanning or signature database updates. In Traps v3.3, organizations can now create policies specific to their VDI environments by applying the new VDI condition to any rule.

The ESM console now supports dedicated licenses for VDI environments. The ESM issues licenses to active clients in a non-persistent VDI environment and recycles those licenses when a VDI client reboots or times out. This enables organizations to license their VDI environments by concurrent instances.

Traps now supports the following VDI environments: Citrix XenApp, Citrix XenDesktop, and VMware Horizon in both persistent and non-persistent modes.

Enhanced Execution Restrictions

Execution restrictions can now be further refined to include a block period that prevents the running of unsigned processes for a certain number of minutes after they are first written to disk. Because many attacks involve writing a malicious executable file to the disk and running it immediately, using a block period with this additional granularity can be highly effective in reducing the probability of malicious file execution.

Enhanced Policy Conditions

To increase the manageability of larger and more complex deployments, we have introduced more granularity within policy conditions, determining which rules apply (or don’t apply) to endpoints in your organization. Using new comparison options, you can create conditions based on registry keys and key data. You can also use regular expressions (regex) to match a specific version or range of versions for an executable file.

Role-Based Access Control

Another feature to increase the supportability and manageability of the ESM console, Role-Based Access Control (RBAC) allows organizations to assign preconfigured or custom roles and privileges to user accounts in order to enforce the separation of information and duties.

Enhanced SIEM Support and Email Alerts

Enhanced SIEM support enables granular log and event reporting and real-time security analysis. Organizations can use the syslog format (CEF, LEEF, or syslog) and filter the types of logs and events that the ESM Server sends to an SIEM device.

The addition of email alerting allows organizations to customize the types of logs and events that the ESM server sends to an email address.

Agent Query

You can use Agent Query to search endpoints for a system file, folder, or registry key. The query runs in real time as a one-time action rule and enables you to search for multiple parameters from a central location.

Extended OS Support

Traps is now supported on client systems running Windows 10 (32- and 64-bit).

[Palo Alto Networks Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 113,163 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,953 other followers

Twitter Updates

Archives

November 2015
M T W T F S S
« Oct   Dec »
 1
2345678
9101112131415
16171819202122
23242526272829
30  
%d bloggers like this: