When most people think of endpoint protection, they think of antivirus software. But targeted attacks can use a new threat that is able to evade detection or some embedded malicious content in an iFrame could bypass antivirus software.
Palo Alto Networks acquired Cyvera and branded this product as ‘Traps’. You may have seen similar products on the market, like Microsoft EMET. However, Traps integrates into WildFire, Palo Alto Network’s sandboxing technology. Plus it’s a mature product, as you’ll see below.
Traditional antivirus-based protection is based on signatures – it requires prior knowledge of the threat in order to be effective. According to Palo Alto Networks, over 20,000 new forms of malware are created per day. Antivirus-based solutions have to build signatures against all of those new forms, then distribute those signatures out to all the endpoints. This takes time and has a negative impact on the effectiveness of many antivirus solutions.
Traps is very effective against zero-day based attacks. The attacker would run into one of the exploit prevention modules within Traps, the process gets terminated, the user is alerted that an attack was prevented, and the administrator receives an alert. Traps collects forensics and provide it to the administrator.