Traps: Protecting Resource Sensitive Environments

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Virtual endpoints and servers, whether in a VDI environment or cloud workload, encounter the same cybersecurity challenges as their physical counterparts. This has led to a slew of new operational and technical challenges for the professionals tasked with securing them.

Frequent antivirus (AV) signature updates, application patches, and operating system updates, which are required to secure endpoints against known vulnerabilities, are particularly challenging in virtual environments where a “golden image” is used to provision virtual endpoints. Many of the traditional physical endpoint products can create unforeseen operational and technical complications when applied to virtual environments. Furthermore, even a purpose-built virtual security product often leaves gaps in the overall security architecture if it is not part of a cohesive security infrastructure.

A new approach is needed to protect virtual and cloud environments from the ground up; one that offers continuous protection without the need for signatures, patches, or updates; one that integrates seamlessly into any “virtual” environment; and one that is part of an end-to-end security platform that encompasses physical, virtual, and cloud computing environments.


No Patching or Signature Updates Required

In order to secure VDI and cloud workloads against known vulnerabilities, traditional security procedures require the application of the most recent antivirus signatures, application patches, and operating system updates after the initial “boot-up” from a golden image. This requirement presents several technical and operational challenges.

For instance, the required AV updates, application patches, and system updates create increased network traffic that strains available bandwidth and system resources. Where immediate updates are not performed, administrators incur the operational burden of scheduling updates during off-peak hours, which is challenging in organizations with 24/7 uptime requirements. These endpoints and workloads remain vulnerable from the initial boot up from a golden image until all necessary security updates have been completed.

Palo Alto Networks Traps does not use signatures, nor does it rely on or require patching or updates to protect endpoints and servers. Traps protects both physical and virtual systems. It prevents known and unknown exploits, as well as malicious executables that target operating system and application vulnerabilities – without the need for signatures or signature updates. Endpoints and servers, whether physical, virtual, or in the cloud, are protected from the moment they become available. Urgent patches to the golden image or to live running systems are now relics of the past.

Traditional security products are ill-suited for deployment in VDI and cloud environments and can require organizations to overcome unforeseen technical and operational challenges. Traps presents a new approach for protecting virtual environments that eliminates many of these challenges:

  • Traps does not use signatures, nor does it rely on or require patching or updates to prevent exploits and malware on virtual (and physical) endpoints and servers.
  • Traps protects VDI endpoints and servers from the moment they are initialized.
  • License elasticity and scalability are built into the Traps architecture.
  • Traps does not perform any system scans and, therefore, has no impact on shared storage or end-user productivity.
  • Traps advanced endpoint protection is fully integrated into the Palo Alto Networks Security Operating Platform, which also includes WildFire malware prevention service and the Next-Generation Firewall.


Optimized for Virtual and Cloud Environments

Deploying security products that are built for physical endpoints to virtual environments requires organizations to overcome additional logistical and architectural challenges. For instance, organizations must develop a mechanism to track and apply software and system licenses as virtual instances are spun up or down.

Security products must work reliably at scale to accommodate thousands of simultaneous virtual sessions. In VDI environments where storage is commonly shared among virtual sessions, organizations must mitigate the impact of system scans that are generally at the core of “detective” security offerings.

Traps is designed to work seamlessly in these environments. License elasticity and the ability to scale horizontally to tens of thousands of endpoints are built into the Traps architecture. Traps does not perform any system scans and, therefore, has no impact on shared storage or end-user productivity.


A Security Platform That Extends Beyond the Endpoint

A security product that is built solely to protect virtual endpoints often lacks the broader contextual intelligence that is a core component of an effective enterprise security architecture. Integrated threat intelligence that includes tactics, techniques, and procedures (TTP) which new and previously encountered cyberattacks have utilized is critical in successfully defending enterprise systems and networks.

Traps is an integral part of the Palo Alto Networks Security Operating Platform that prevents cyberattacks, automatically and in real time, regardless of the physical or virtual nature of the endpoints and the systems deployed in an organization. WildFire is an integral part of Traps for increased contextual visibility into and protection against correlated threat actors and campaigns, no matter where in the organization they may occur.

Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.



The post Traps: Protecting Resource Sensitive Environments appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?