I am very proud to announce the availability of Traps v3.3, the latest release of our revolutionary advanced endpoint protection product. Traps v3.3 brings a wealth of new features, enhancements, and functionalities, including a major overhaul of the user interface to promote more efficient, streamlined management and scalability.
What Is Traps?
An integral component of the Palo Alto Networks security platform, Traps protects endpoints, including servers, desktops, laptops, and tablets from malware and exploits. Most importantly, Traps succeeds where other endpoint security products fail by preventing the most advanced exploit-based threats, without prior knowledge of the exploit or vulnerability.
The ability to prevent exploits is critical and has not been addressed by existing endpoint security solutions. It has become abundantly clear that the antivirus products we’ve all relied upon for years are no longer up to the challenge of preventing today’s threats. With Traps, we are redefining endpoint security by providing a capability that prevents endpoints from being compromised.
What’s New in Traps v3.3?
I’ll highlight some of the new features and enhancements here, but be sure to check out therelease notes.
User Interface Enhancements
Numerous UI enhancements throughout the Endpoint Security Manager (ESM) console have been made to optimize the effectiveness and efficiency of Traps configuration and monitoring.
Enhanced VDI Support
Traps has already proven to be great for organizations using virtualized desktop infrastructure (VDI) due to its small footprint and ability to prevent advanced threats, without relying on resource-intensive file system scanning or signature database updates. In Traps v3.3, organizations can now create policies specific to their VDI environments by applying the new VDI condition to any rule.
The ESM console now supports dedicated licenses for VDI environments. The ESM issues licenses to active clients in a non-persistent VDI environment and recycles those licenses when a VDI client reboots or times out. This enables organizations to license their VDI environments by concurrent instances.
Traps now supports the following VDI environments: Citrix XenApp, Citrix XenDesktop, and VMware Horizon in both persistent and non-persistent modes.
Enhanced Execution Restrictions
Execution restrictions can now be further refined to include a block period that prevents the running of unsigned processes for a certain number of minutes after they are first written to disk. Because many attacks involve writing a malicious executable file to the disk and running it immediately, using a block period with this additional granularity can be highly effective in reducing the probability of malicious file execution.
Enhanced Policy Conditions
To increase the manageability of larger and more complex deployments, we have introduced more granularity within policy conditions, determining which rules apply (or don’t apply) to endpoints in your organization. Using new comparison options, you can create conditions based on registry keys and key data. You can also use regular expressions (regex) to match a specific version or range of versions for an executable file.
Role-Based Access Control
Another feature to increase the supportability and manageability of the ESM console, Role-Based Access Control (RBAC) allows organizations to assign preconfigured or custom roles and privileges to user accounts in order to enforce the separation of information and duties.
Enhanced SIEM Support and Email Alerts
Enhanced SIEM support enables granular log and event reporting and real-time security analysis. Organizations can use the syslog format (CEF, LEEF, or syslog) and filter the types of logs and events that the ESM Server sends to an SIEM device.
The addition of email alerting allows organizations to customize the types of logs and events that the ESM server sends to an email address.
You can use Agent Query to search endpoints for a system file, folder, or registry key. The query runs in real time as a one-time action rule and enables you to search for multiple parameters from a central location.
Extended OS Support
Traps is now supported on client systems running Windows 10 (32- and 64-bit).
[Palo Alto Networks Blog]