Previously we looked at the way in which Traps detects and prevents exploits and other malicious activity. Continuing on from that, we then took a brief look at the technical architecture behind Traps and the EndPoint Agent itself.

In this final part three of the series, we’re going to look over the Management of Traps with the ESM Console and the platforms that Traps supports.

Managing Traps

Traps is managed via the Endpoint Security Management Console, a web interface which enables you to manage security events, monitor endpoint health and configure policy rules all from the comfort of a web browser. The ESM Console can be installed on the same server as the ESM Server, on a separate server, or on a cloud based server.

The ESM Server functions as the connection server, relaying information between the ESM components, including the Traps agent and WildFire. Each server supports up to 10,000 Traps agents. There is the ability for supporting many more agents via multi-server functionality which is now available. The ESM server retrieves the security policy from the database and distributes it to all Traps agents and each agent will in turn relay the security event information back to the ESM Server.

The ESM Console gives you excellent visibility over your security via Traps. One of the most beneficial features within the ESM Console is the ability to see all the endpoints where a specific malicious executable was run. For example, out of your 1,000 endpoint network you’ll be able to see that the exploited file was run on only 120 of them and you’ll see exactly which endpoints. This allows you to more quickly locate areas of vulnerability and rapidly perform further investigation on the actual targets of the attack rather than every single endpoint in the environment.

System Requirements & Platform Support

Perhaps the most impressive aspect of Traps is the incredibly low footprint in which it operates on an endpoint. Utilising just 0.1% CPU, 50MB RAM and 250MB Disk Space, Traps’ impact on an endpoints performance is minimal, especially when you consider the comprehensive and ever-evolving level of protection you can receive.

Another huge strength with Traps is its ability to confidently protect un-patched systems. Of course we don’t recommend you eschew installing patches and security updates no matter how good Traps can be. Where the ability to protect un-patched system really comes into its own is with out of support, legacy operating systems such as the ubiquitous Windows XP.

A great deal of endpoints within corporate and business environments all over the world are still running some variation of Windows XP. Although the number is declining, there are thousands of in-house applications that simply cannot run on anything else. Most companies aren’t too keen on absorbing the cost of re-developing their custom software to run on a more modern OS, so remaining on XP is the only cost-effective choice.

With support for Operating Systems going as far back as XP SP3 (or later) and Server 2003 (SP2 or later), this is another area where Traps really shines. Migrating to a more secure and modern OS may be the ideal solution, but for many companies this simply can’t be done without great expense and logistical issues due to the custom applications they have come to rely on. Traps provides a cost-effective solution to ensuring that these legacy applications running on out-of-support Operating Systems are not the security issue that they once were.

Full list of Supported Traps Platforms:

Operating Systems

Windows XP (32-bit, SP3 or later)
Windows 7 (32-bit, 64-bit, RTM and SP1; all editions except Home)
Windows 8 (32-bit, 64-bit)
Windows 8.1 (32-bit, 64-bit)
Windows Server 2003 (32-bit, SP2 or later)
Windows Server 2003 R2 (32-bit, SP2 or later)
Windows Server 2008 (32-bit, 64-bit)
Windows Server 2012 (all editions)
Windows Server 2012 R2 (all editions)
Windows Vista (32-bit, 64-bit, and SP2)

Virtual Environments

VDIs: For licensing considerations, contact Support or your Sales Engineer.
Citrix
VM
ESX
VirtualBox/Parallels

Physical Platforms

SCADA
Windows Tablets

This ability to offer comprehensive and evolving protection to un-patched systems isn’t just beneficial for legacy operating systems. There are many occasions where a new exploit has been found, new malware is all over the internet ready to take advantage of it and system admins are stuck waiting for a patch or hot-fix to deal with it. With Traps this isn’t such a large issue as Traps is always evolving via the Threat Intelligence Cloud. Traps can have you covered against an exploit long before you see a fully QA’d and tested patch distributed by the manufacturer.

Conclusion

Whilst Traps is certainly at its best when included as part of a comprehensive Next Generation Security Platform solution, it can certainly stand on its own as a formidable endpoint security solution. Allied with WildFire and the Threat Intelligence Cloud, Traps can deliver superior endpoint protection for the entire environment, including the older hardware and software, with a minimal impact on performance.

I don’t know about you, but when I think of traditional endpoint security and antivirus software I think of tedious updates, prolonged scans and worst of all, a huge impact on performance. Traps avoids these frustrating things without compromising on security. Traps allows the user to get on with their daily tasks, free from the shackles of signature updates, scheduled scans and a bogged down device. It will probably take time for people to get used to the idea of moving away from traditional AV Software and the world of scheduled/manual system scans. However, I think when people actually see Traps in action – especially within the Next Generation Security Platform solution – the benefits quickly become apparent.

That concludes our initial look at Traps by Palo Alto Networks. We hope you enjoyed this series of articles introducing what really is an excellent Endpoint Security Solution.

We’ll revisit Traps in the near future or when a major new release arrives.

If you missed the previous parts you can find them here:

Part One of Traps by Palo Alto Networks – Revolutionising Endpoint Security

Part Two of Traps by Palo Alto Networks – Revolutionising Endpoint Security

If this article has sparked your interest on Traps and you’d like to give it a try, please get in touch with us to arrange an interactive demonstration where you can get hands-on with Traps and the rest of the Palo Alto Networks range.

Tesrex also offers a range of Assessment Services where we will give you an in-depth analysis and report on your Network Environment, your Security or your Unified Collaboration eligibility/solution. Contact us to arrange a consultation and to find out more about how our Assessments can help you understand where you are and how to get to where you want to be.