Announcing the New Traps v3.4: Protect Yourself From Antivirus

Michael Moshiri


Traditional antivirus (AV) is not the solution to endpoint security – it is the problem. AV is no longer effective at stopping today’s cyberthreats and to prevent security breaches in your organization, you must protect yourself not only from known and unknown cyberthreats but also from the failures of any traditional AV solutions deployed in your environment. Today, we’re announcing enhancements to Traps advanced endpoint protection that empower you to replace your AV with real breach prevention.

In this post, I’ll go over some of the enhancements we’ve made to Traps. For a deeper dive, I encourage you to learn more about Traps, its new and updated capabilities, and how it replaces traditional antivirus with true prevention, by downloading the “Protect Yourself From Antivirus” white paper, or by joining our webinar to see Traps in action.

Traps replaces traditional antivirus with a proprietary combination of purpose-built malware and exploit prevention methods that protect users and endpoints from both known and unknown threats. With Traps, you prevent security breaches, in contrast to detecting and responding to incidents after critical assets have already been compromised.

The updated release of Traps eliminates the need for traditional AV by enabling you to:

  • Prevent cyber breaches by pre-emptively blocking known and unknown malware, exploits and zero-day threats.
  • Protect and enable your users to conduct their daily activities and use web-based technologies without concern for known or unknown cyberthreats.
  • Automate breach prevention by virtue of the autonomous reprogramming of Traps using threat intelligence gained from Palo Alto Networks WildFire threat intelligence service.

New and Improved Multi-Method Malware Prevention

Traps prevents malicious executables by maximizing coverage against malware while simultaneously reducing the attack surface and increasing the accuracy of malware detection. This approach combines several layers of protection that instantaneously prevent known and unknown malware from infecting your systems, whether they are online or offline, on-premise or off, connected to your organization’s network or not (Figure 1). Those layers include:

  1. Static Analysis via Machine Learning [new]: Obtain an instantaneous verdict on any unknown executable file before it is allowed to run, without reliance on signatures, scanning or behavioral analysis.
  2. WildFire Inspection and Analysis [improved]: Rapidly detect unknown malware and automatically reprogram Traps to prevent known malware by leveraging the power of Palo Alto Networks WildFire cloud-based malware analysis environment.
  3. Trusted Publisher Execution Restrictions [new]: Identify executable files that are among the “unknown good” because they are published and digitally signed by trusted publishers.
  4. Policy-Based Execution Restrictions [improved]: Define policies to restrict specific execution scenarios, thereby reducing the attack surface of any environment.
  5. Admin Override Policies [improved]: Define policies, based on the hash of an executable file, to control what is allowed to run in your environment and what is not.

Traps also quarantines malicious executables to prevent infected files from spreading to or infecting other users.

The combination of the above methods and capabilities not only prevents both known and unknown malware from compromising your systems but also enables you to fully customize the scope of prevention to meet your organization’s needs.

starlight figure1

Improved Multi-Method Exploit Prevention

Traps uses an entirely new approach to prevent exploits. Instead of focusing on the millions of individual attacks, or their underlying software vulnerabilities, Traps focuses on the core exploitation techniques used by all exploit-based attacks. By identifying and pre-emptively blocking any exploitation technique the moment it is attempted, Traps prevents exploits from compromising your applications, including those developed in-house and those that no longer receive security support.

Traps implements a multi-method approach to exploit prevention, combining several layers of protection to block exploitation techniques (Figure 2):

  1. Memory Corruption/Manipulation Prevention [improved]: Identify and prevent the exploitation techniques that manipulate your application’s memory space before they can successfully subvert the application.
  2. Logic Flaw Prevention [improved]: Recognize and block the exploitation techniques that manipulate the operating system’s normal processes used to support and execute your applications.
  3. Malicious Code Execution Prevention [improved]: Identify and prevent the exploitation techniques that allow the attacker’s malicious code to execute, before they compromise your applications.

Traps protects applications and systems, whether or not they receive security patches, and regardless of network connectivity or physical location.

starlight figure2

Automated Prevention via the Next-Generation Security Platform

Traps is the only endpoint protection offering that automatically converts the threat intelligence gained from a global community of over 10,000 WildFire subscribers and multiple threat intelligence sources into malware prevention.

When WildFire identifies an executable file as malicious, regardless of where that threat intelligence is gained, Traps automatically reprograms itself to prevent the execution of that file from that moment on. This process all but eliminates the opportunity for an attacker to use unknown and advanced malware to infect your systems because an attacker can use each piece of malware once, at most, anywhere in the world, and only has seconds to carry out an attack before WildFire renders it entirely ineffective.

As part of Palo Alto Networks Next-Generation Security Platform, Traps enables you and your organization to continuously apply the growing threat intelligence gained from thousands of enterprise customers, across both the network and endpoints, to your own environment.

securityplatform

Protect Yourself From Antivirus

2 Reader Comments

  1. Good Afternoon

    Looks like apart from the technical details implemented in 3.4, there is a clear message “you can replace your av software with traps now”. My understanding was that previous versions were rather considered to work together with av and not to replace it.

    Is above claim legitimate and what are the features and functionalities added which simply enable traps to replace legacy av software? (in contrary to the earlier versions)

    Kind regards,
    Tomasz Tajchman

  2. I think this mostly due to the new Local Analysis Module and the added Quarantine functionality in 3.4.
    Even when an Traps Endpoint is offline, Local Analysis will still deliver an instant verdict to prevent malware from being executed. This was not the case with Traps < 3.4

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS