Palo Alto Networks Traps

The threat landscape has quickly evolved to a level of sophistication that it can bypass traditional endpoint protection. Traps combines powerful endpoint protection technology with critical endpoint detection and response (EDR) capabilities into a single agent, enabling your security teams to automatically protect, detect and respond to known, unknown and sophisticated attacks, using machine learning and AI techniques from data collected on the endpoint, network and cloud. Unique in the breadth and depth of its endpoint protections, Traps:

• Stops malware, exploits and ransomware by observing attack techniques and behaviors.
• Uses machine learning and AI to automatically detect and respond to sophisticated attacks.
• Includes WildFire malware prevention service to improve accuracy and coverage.
• Harnesses Cortex XDR detection and response to speed, alert triage and incident response by providing a complete picture of each threat and its root cause, automatically.
• Coordinates enforcement with network and cloud security to prevent successful attacks.
• Provides a single lightweight agent for protection and response.
• Protects endpoints while online and offline, on a network and off.

Stops malware and ransomware Traps prevents the launching of malicious executable files, DLLs and Office files with multiple methods of prevention, reducing the attack surface and increasing the accuracy of malware prevention. Provides behavior-based protection Sophisticated attacks that utilize multiple legitimate applications and processes are more common, can be hard to detect, and require visibility to correlate malicious behavior. Traps detects and stops attacks by monitoring for malicious behaviors across a sequence of events and terminates the attack when detected. Blocks exploits and fileless attacks Rather than focusing on individual attacks, Traps blocks the exploit techniques the attacks use. By doing so at each step in an exploit attempt, Traps breaks the attack lifecycle and renders threats ineffective. Coordinates enforcement with network and cloud Tight integration between network, endpoint and cloud enables a continually improving security posture and provides layered prevention from zero-day attacks. Whenever a firewall sees a new piece of malware or an endpoint sees a new threat, protections are made available in minutes to all other next-gen firewalls and endpoints running Traps with no effort on the admin’s part, whether it happens at 1 a.m. or 3 p.m. Detect and respond to sophisticated attacks Traps uses the Cortex Data Lake to store all event and incident data captured, allowing seamless integration with Cortex XDR for investigation and incident response. Cortex XDR, a cloud-based detection and response app that empowers SecOps to stop sophisticated attacks and adapt defenses in real time. By combining rich network, endpoint, and cloud data with analytics, Cortex XDR allows you to:

• Automatically determine the root cause to accelerate triage and incident response.
• Reduce the time and experience required from triage to threat hunting.
• Respond to threats quicker and adapt defenses from knowledge gained, making the next response even faster.