Endpoint security is an essential element of any organization’s strategy for detecting and preventing damaging attacks. There has been a lot of discussion in the infosec world about how to use endpoint security tools to provide the best possible protection. At Palo Alto Networks, advanced endpoint protection is a core component of our strategy to provide a true next-generation security platform.
Traps, our endpoint security product, is a cornerstone of the automated breach prevention capabilities in our platform. Most endpoint security products are designed to detect and stop malware based on signatures or other known variables, but Traps instead focuses on preventing malicious programs from executing by detecting and preventing the exploitationtechniques leveraged by the attacker.
This means that Traps can block known and unknown (or “never before seen”) exploits. Tens of millions of individual exploits exist in the wild, but there are only two dozen or so known exploitation techniques. New exploitation techniques can take months, if not years of focused academic effort to develop. By focusing on these core techniques, Traps identifies the attacker’s path for exploitation, even when the exploit itself is not known. Combining Traps with our industry leading Next-Generation Firewall and WildFire’s unparalleled threat intelligence, we provide the most advanced, fully automated exploit and malware prevention capability available today.
Endpoint security technologies can appear similar, and recently there has been confusion around Traps functionality when compared with other exploit prevention software such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). Both appear to share the same end goal of preventing exploits, but Traps prevention capabilities are far superior. Not only is the exploit prevention more effective, but it also applies to any application, whereas EMET addresses only a finite list of applications. We should also keep in mind that not every attack uses an exploit. Traps prevents both exploits and malware, known and unknown.
If you would like to see a side by side comparison of Traps and EMET in action, we’ve put together a short video highlighting our ability to detect and stop exploitation techniques where EMET falls short. Watch below:
For further reading, check out Advanced Endpoint Protection for Dummies, an ebook written specifically to educate newcomers on the core differences between legacy and next-generation endpoint protection. The book clears up common misunderstandings surrounding prevention of malware and exploit techniques.
You can also find additional information on Traps, as well as see a live demo, on our Traps resource page.
[Palo Alto Networks Research Center]