Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Palo Alto says its new endpoint protection tool can stop the bad stuff in its tracks

John Dix | Nov. 13, 2014
“Traps” focuses on how exploits work, not their signature.

Similarly, technologies like discreet intrusion prevention or intrusion detection systems require prior knowledge to protect against vulnerabilities. So if it's an unknown zero-day based vulnerability, IPS or IDS isn't as effective. It can only block what it knows.

So when we were looking at making an investment we spent a lot of time in our due diligence looking at the approaches that others use. There are a lot of companies jockeying for the space, knowing the traditional approaches are ineffective.

And we saw two common approaches we didn't like as far as the new technology goes. The first was container-based tools that are basically designed to wrap a protective barrier around processes so if the process turns out to be malicious in nature the container detects it and shuts it down. But a lot of attackers have figured out how to disable those containers, and they impose a significant amount of resource overhead. So from an efficacy and operational perspective it wasn't a very viable option.

Then the other approach that concerned us was tools focused on post-attack detection or remediation. You would deploy those to try and identify and isolate systems that were affected and then begin the cleanup process. If people are investing in that as their answer to highly targeted attacks, then they're effectively waving a white flag, saying I can't prevent these attacks so I might as well invest money in trying to at least detect them quickly.

We vehemently disagree with that premise. We do think that attacks, no matter how sophisticated, can be prevented. There is no silver bullet in this battle but network security will absolutely continue to play a big role in preventing attacks. But there are some holes that you have to shore up and that's why we brought Traps to market.

Traps is a technology that, thus far, with the trials that we've done with different customers, has proven to be 100% effective against even the most highly targeted, zero-day based attacks.

How does it work?
What we liked about the technology is it's not focused on the individual threat. Traps really doesn't care whether it's known or unknown malware. Traps doesn't really care about the vulnerability itself. What Traps focuses on is the underlying techniques that an attacker must execute in order to exploit a vulnerability on an endpoint.

Let's say an attacker found some sort of weakness in a piece of software and intended to use that to exploit the system. The attacker would have to go through a series of well-defined steps to make that happen. It may be three steps, it may be five steps. It depends on the nature of the exploit, but they would have to go through a sequence of steps. With Traps, what we've done is built a series blocks against each and every one of those available techniques so the second an attacker tries to employ one they run into a block and their attack is thwarted and the process is shut down. Today there are around two dozen techniques at an attackers disposal.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.