Traps 6.0 introduces Behavioral Threat Protection that detects and stops attack activity by monitoring for malicious sequences across processes and terminating attacks when detected.
When Palo Alto Networks' Traps detects these malicious events, it will present the timeline of actions taken in the event analysis tab in the Traps management console.
Prevent Security Breaches with Palo Alto Networks Traps
With features such as the Kernel exploit prevention module, Child Process Protection module, and the ransomware protection module, Traps was able to increase its prevention-first position. These features have helped stave off attacks from threats like WannaCry, Petya, NotPetya and many more without the need for signatures or prior knowledge of the threat.
As attacks become more sophisticated and evasive by leveraging OS capabilities and administrative tools, it makes these attacks difficult to detect and identify. The release of Traps 6.0 extends the protection capabilities to protect endpoints across the most complete spectrum of threats.
Rich Data Collection for Cortex XDR™
To accelerate threat investigation and incident response, Traps collects detailed information about all active process, network, file, and registry activity on an endpoint. From the Cortex XDR app, you can view the activity details collected by Traps to understand the event context and gain insight on the event scope.
The activity details include all activities that took place during an attack, the endpoints that were involved and the damage.
Cloud-based theat detection and incident response
Traps uses the Cortex Data Lake storing all event and incident data captured, allowing a clean handoff to Cortex XDR for further investigation and incident response. Cortex XDR cloud-based detection and response is an app that empowers SecOps to stop sophisticated attacks and adapt defenses in real time. By combining rich network, endpoint and cloud data with analytics, Cortex XDR detects highly evasive attacks. Following an investigation, when remediation on the endpoint is needed, administrators have the option to do the following:
- Terminate processes to stop any running malware from continuing to perform malicious activity on the endpoint.
- Isolate endpoints by halting all network access on compromised endpoints except for traffic to Traps management service, which prevents them from communicating with and potentially infecting other endpoints.
- Quarantine malicious files and remove them from their working directories if Traps has not already quarantined the files.
- Block additional executions of a given file by blacklisting it in the policy.
Multi-Method Malware Protection for Linux
Traps now extends Linux exploit and malware protection to processes that run in Linux containers. When you install Traps on a Linux server, Traps automatically protects any new and existing containerized processes regardless of the container solution (e.g., docker). Because the Traps management service issues the license per Linux server, each container does not consume any additional licenses.
Traps can now prevent known and unknown malware from running on Linux servers by leveraging WildFire threat intelligence and local analysis to analyze ELF files. When an ELF file is executed on the host server or within a container on the Traps-protected-host, Traps automatically suspends the execution until a WildFire or local analysis verdict is obtained. When the verdict is malware, Traps prevents the process execution and reports the event to the Traps management service. If the ELF file is unknown to WildFire, Traps can also upload it to WildFire for further analysis. The number of malicious ELF files submitted to WildFire continues to grow as seen by the AutoFocus report below.
Your dedicated Palo Alto Networks experts
Infradata is an award-winning Palo Alto Networks Partner with advanced specialties, and the distinction of multiple certified engineers on staff. Our engineers are recognized by Palo Alto Networks as technical experts and advocates of Palo Alto solutions. That means you can count on Infradata for the technical know-how and hands-on experience to accurately assess your business requirements, and design, implement, and manage a Palo Alto Networks-based solution to suit your needs.
Infradata is an award-winning Palo Alto Networks Partner and reseller. Our seasoned engineers deliver premium support and can execute projects on any scale.