Announcing Traps v3.3: Advanced Endpoint Protection, Evolved

I am very proud to announce the availability of Traps v3.3, the latest release of our revolutionary advanced endpoint protection product. Traps v3.3 brings a wealth of new features, enhancements, and functionalities, including a major overhaul of the user interface to promote more efficient, streamlined management and scalability.

What Is Traps?

An integral component of the Palo Alto Networks security platform, Traps protects endpoints, including servers, desktops, laptops, and tablets from malware and exploits. Most importantly, Traps succeeds where other endpoint security products fail by preventing the most advanced exploit-based threats, without prior knowledge of the exploit or vulnerability.

The ability to prevent exploits is critical and has not been addressed by existing endpoint security solutions. It has become abundantly clear that the antivirus products we’ve all relied upon for years are no longer up to the challenge of preventing today’s threats. With Traps, we are redefining endpoint security by providing a capability that prevents endpoints from being compromised.

What’s New in Traps v3.3?

I’ll highlight some of the new features and enhancements here, but be sure to check out therelease notes.

User Interface Enhancements

Numerous UI enhancements throughout the Endpoint Security Manager (ESM) console have been made to optimize the effectiveness and efficiency of Traps configuration and monitoring.

Enhanced VDI Support

Traps has already proven to be great for organizations using virtualized desktop infrastructure (VDI) due to its small footprint and ability to prevent advanced threats, without relying on resource-intensive file system scanning or signature database updates. In Traps v3.3, organizations can now create policies specific to their VDI environments by applying the new VDI condition to any rule.

The ESM console now supports dedicated licenses for VDI environments. The ESM issues licenses to active clients in a non-persistent VDI environment and recycles those licenses when a VDI client reboots or times out. This enables organizations to license their VDI environments by concurrent instances.

Traps now supports the following VDI environments: Citrix XenApp, Citrix XenDesktop, and VMware Horizon in both persistent and non-persistent modes.

Enhanced Execution Restrictions

Execution restrictions can now be further refined to include a block period that prevents the running of unsigned processes for a certain number of minutes after they are first written to disk. Because many attacks involve writing a malicious executable file to the disk and running it immediately, using a block period with this additional granularity can be highly effective in reducing the probability of malicious file execution.

Enhanced Policy Conditions

To increase the manageability of larger and more complex deployments, we have introduced more granularity within policy conditions, determining which rules apply (or don’t apply) to endpoints in your organization. Using new comparison options, you can create conditions based on registry keys and key data. You can also use regular expressions (regex) to match a specific version or range of versions for an executable file.

Role-Based Access Control

Another feature to increase the supportability and manageability of the ESM console, Role-Based Access Control (RBAC) allows organizations to assign preconfigured or custom roles and privileges to user accounts in order to enforce the separation of information and duties.

Enhanced SIEM Support and Email Alerts

Enhanced SIEM support enables granular log and event reporting and real-time security analysis. Organizations can use the syslog format (CEF, LEEF, or syslog) and filter the types of logs and events that the ESM Server sends to an SIEM device.

The addition of email alerting allows organizations to customize the types of logs and events that the ESM server sends to an email address.

Agent Query

You can use Agent Query to search endpoints for a system file, folder, or registry key. The query runs in real time as a one-time action rule and enables you to search for multiple parameters from a central location.

Extended OS Support

Traps is now supported on client systems running Windows 10 (32- and 64-bit).

[Palo Alto Networks Blog]

Enterprise Data Breaches on the Rise Despite Infosec Policies

The results of the 2014 Protiviti IT Security and Privacy Survey reports that:

•  77% of organizations have a password policy or standard.
•  67% of organizations have a data production and privacy policy.
•  67% of organizations have an information security policy.
•  59% of organizations have a workstation/laptop security policy.
•  59% of organizations have a user (privileged) access policy.

Based on these statistics, the enterprise organization has plenty of IT and information security policies in place, and yet, data breaches are on the rise, doubling from December of 2014 to August of 2015. Given these statistics, it seems unlikely that enterprise security policies are, in fact, keeping enterprise organizations safe.

Human users are touted as the weakest link in an information security system. Historically, IT has taken a top down approach that forced users to work within the confines of a system that didn’t take user productivity into consideration. IT and security professionals focused on creating limits to protect the network from the user, throwing up barriers in the name of network security. This impacted user productivity but was accepted as collateral damage in the fight to keep the enterprise network safe. Users were left to choose between upholding security protocols and personal productivity.

Given the choice between job security and network security, most users will choose productivity and hope for the best when it comes to protecting the network. Christian Anschuetz on the Wall Street Journal blog, CIO Journal, agrees. “Forced to choose between disruptive, apparently irrational, and easily circumvented security directives and getting their job done, employees invariably choose to be productive,” states Anschuetz.

Changing priorities
While maintaining enterprise security will always be the number one priority of information security professionals everywhere, the modern information security professional recognizes that times are changing. Network security at the expense of user productivity is counterproductive. When threatened with limitations to productivity, users have proven that they will find ways around IT and information security initiatives through shadow IT.

Progressive, security-focused organizations must consider their users when they create security policies. Backing into security policies and initiatives based on user needs allows enterprise organizations to simultaneously meet security and user-productivity demands. Rather than forcing users to work outside of their usual workflows, modern information security secures the enterprise where and how its users prefer to work, eliminating unsanctioned workarounds and shadow IT solutions. The result is greater enterprise security and happier end users.

By Rachel Holdgrafer, Content Business Strategist, Code42

[Cloud Security Alliance Blog]

Learn All About CryptoWall 3 and the Cyber Threat Alliance

Recent research from the Cyber Threat Alliance yielded a breakthrough in analyzing CryptoWall, a worldwide cybersecurity threat that has caused an estimated $325 million in damages worldwide. Join us for a new webinar to learn more about the motivations and tactics of malicious actors behind CryptoWall, and also understand why the Cyber Threat Alliance is leading the way when it comes to peer information sharing and actionable threat intelligence.

Join us on Tuesday, December 1 for “Lucrative Ransomware Attacks: Analysis of the Cryptowall Version 3 Threat.” The research team behind the Cyber Threat Alliance report will walk through:

  • The full anatomy of the CryptoWall 3 attack lifecycle, propagation vectors, malware analysis, and campaign infrastructure.
  • Global impact of this lucrative and broad-reaching crimeware campaign.
  • Recommended protections and mitigation actions, including all Indicators of Compromise (IOCs)

The Cyber Threat Alliance was co-founded by Fortinet, Intel Security, Palo Alto Networks and Symantec to share threat intelligence on advanced cyber attacks and to enhance protections from these damaging attacks. Read more about the mission of the CTA and why this is so important to the Palo Alto Networks community in Rick Howard’s recent blog post.

[Palo Alto Networks Blog]

Global Privacy Study: How Does Your Organization Compare?

Major privacy breaches of customer data records are becoming common news headlines, shattering the trust of customers who expected the affected enterprises to protect their personal information. Almost 75 percent of the respondents to ISACA’s 2015 Privacy Survey indicate that their enterprises’ use of privacy policies, procedures, standards and other management approaches is mandatory, while 19 percent indicate that their use is “recommended.” This finding is a reflection of good practice because written policies and procedures should be at the heart of every enterprise, regardless of size.

However, less than one-third of the surveyed privacy professionals are very confident in their enterprise’s ability to ensure the privacy of its sensitive data. This is confirmed by the fact that more than half of surveyed privacy professionals believe that consumers should not be confident that enterprises are protecting their personal information.

Slightly more than 90 percent of the respondents to the survey report that the privacy function has a significant or moderate level of interaction with information security. This may explain why the CISO/CSO is a consistent selection as the role with primary accountability for privacy across all enterprise sizes. Unfortunately, nearly 8 percent report that no one is assigned to privacy accountability.

More than half of the respondents identify a lack of training or poor training as the most common type of privacy-related failure. This put an emphasis on the fact that privacy governance/management depends on regular, consistent monitoring of the program effectiveness, coupled with a commitment to making changes when weaknesses are spotted.

Any enterprise program as complex as privacy—requiring the coordinated efforts of many departments and individuals—requires a formal system of governance and management. Having the appropriate leadership and staff structures is an integral part of privacy governance and management. Increased (and increasingly diverse) regulation adds to the complexity, making an effective system of governance and management that involves frameworks, standards, policies and metrics a requirement. Operating in multiple jurisdictions adds a layer of complexity to privacy programs because it requires knowledge of and compliance with a wide variety of differing global regulations.

All of this is why ISACA is developing privacy principles for enterprises to use to develop a privacy program that is adaptable, flexible and applicable to the global population, with plans to publish the principles in the near future. These principles will use the COBITframework to provide structure and an implementation road map to guide practitioners through privacy management activities.

Yves Le Roux, CISM, CISSP
Chair, ISACA’s Privacy Task Force
CA Technologies

[ISACA Now Blog]

English
Exit mobile version