Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Palo Alto says its new endpoint protection tool can stop the bad stuff in its tracks

John Dix | Nov. 13, 2014
“Traps” focuses on how exploits work, not their signature.

In fact, I was talking to an oil and gas company and, while the prevention characteristics of this are very enticing, this guy was excited about the fact we support XP because he had tens of thousands of systems that were still running Windows XP and Microsoft isn't patching XP anymore. So he was looking at this as a way to extend the lifespan of his Windows XP systems, which is a nice aftereffect. We're seeing Windows in ATMs, point-of-sale systems, etc.

So that's the exploit side, what about malware-based attacks?
Right. On the malware side it works similar, only we've added a couple of other steps. When it comes to malware-based attacks the process is slightly different. Malware of course doesn't require a vulnerability exploit in order to run on an endpoint. Often it's our employees who initiate this process by opening a malicious file attachment in email, clicking on a link that takes that person to a malicious URL or domain, downloading a malicious file from a USB stick, etc.

Traps malware prevention is accomplished in three steps. First, Traps allows admins to create a series of policies on the endpoint that significantly limits the risk of employees inadvertently downloading malware. These are simple policies like do not allow a user to execute a .exe file sent over email, or from a removable storage device. By establishing the correct policies up front an organizations can reduce the options available for an attacker to get malware to an endpoint.

Second, Traps integrates with WildFire to provide an immediate vehicle to verify whether a file is known to be malicious. Every day WildFire inspects millions of files for new forms of malware. This intelligence is made available to Traps so it can verify whether a particular executable is malicious before allowing it to run on an endpoint. And finally, Traps utilizes malware prevention modules on the endpoint to ensure that the malware never executes.

Are competitors doing anything similar?
The only other company who's kind of taken this approach is Microsoft themselves. There's a project that Microsoft had been playing with called EMET and they're the only ones really today that are focused on a technique-based approach. Microsoft has chosen not to productize EMET, but it's kind of a skunksworks project, if you will. So really only us and Microsoft are the two that are looking at this from a techniques basis. And the EMET project only supports seven exploit techniques today.

What percentage of the problem do you think this addresses? After all, there's environments other than Windows and there's the whole mobility threat. How do you add that up?
Today Traps is focused on Windows-based support which constitutes the majority of endpoints. We plan to expand support in the future based on customer needs.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.