Traps: Protecting Resource Sensitive Environments

Dec 18, 2018
5 minutes

This post is also available in: 简体中文 (Chinese (Simplified)) 繁體中文 (Chinese (Traditional)) 日本語 (Japanese) 한국어 (Korean)

Virtual endpoints and servers, whether in a VDI environment or cloud workload, encounter the same cybersecurity challenges as their physical counterparts. This has led to a slew of new operational and technical challenges for the professionals tasked with securing them.

Frequent antivirus (AV) signature updates, application patches, and operating system updates, which are required to secure endpoints against known vulnerabilities, are particularly challenging in virtual environments where a “golden image” is used to provision virtual endpoints. Many of the traditional physical endpoint products can create unforeseen operational and technical complications when applied to virtual environments. Furthermore, even a purpose-built virtual security product often leaves gaps in the overall security architecture if it is not part of a cohesive security infrastructure.

A new approach is needed to protect virtual and cloud environments from the ground up; one that offers continuous protection without the need for signatures, patches, or updates; one that integrates seamlessly into any “virtual” environment; and one that is part of an end-to-end security platform that encompasses physical, virtual, and cloud computing environments.


No Patching or Signature Updates Required

In order to secure VDI and cloud workloads against known vulnerabilities, traditional security procedures require the application of the most recent antivirus signatures, application patches, and operating system updates after the initial “boot-up” from a golden image. This requirement presents several technical and operational challenges.

For instance, the required AV updates, application patches, and system updates create increased network traffic that strains available bandwidth and system resources. Where immediate updates are not performed, administrators incur the operational burden of scheduling updates during off-peak hours, which is challenging in organizations with 24/7 uptime requirements. These endpoints and workloads remain vulnerable from the initial boot up from a golden image until all necessary security updates have been completed.

Palo Alto Networks Traps does not use signatures, nor does it rely on or require patching or updates to protect endpoints and servers. Traps protects both physical and virtual systems. It prevents known and unknown exploits, as well as malicious executables that target operating system and application vulnerabilities – without the need for signatures or signature updates. Endpoints and servers, whether physical, virtual, or in the cloud, are protected from the moment they become available. Urgent patches to the golden image or to live running systems are now relics of the past.

Traditional security products are ill-suited for deployment in VDI and cloud environments and can require organizations to overcome unforeseen technical and operational challenges. Traps presents a new approach for protecting virtual environments that eliminates many of these challenges:

  • Traps does not use signatures, nor does it rely on or require patching or updates to prevent exploits and malware on virtual (and physical) endpoints and servers.
  • Traps protects VDI endpoints and servers from the moment they are initialized.
  • License elasticity and scalability are built into the Traps architecture.
  • Traps does not perform any system scans and, therefore, has no impact on shared storage or end-user productivity.
  • Traps advanced endpoint protection is fully integrated into the Palo Alto Networks Security Operating Platform, which also includes WildFire malware prevention service and the Next-Generation Firewall.


Optimized for Virtual and Cloud Environments

Deploying security products that are built for physical endpoints to virtual environments requires organizations to overcome additional logistical and architectural challenges. For instance, organizations must develop a mechanism to track and apply software and system licenses as virtual instances are spun up or down.

Security products must work reliably at scale to accommodate thousands of simultaneous virtual sessions. In VDI environments where storage is commonly shared among virtual sessions, organizations must mitigate the impact of system scans that are generally at the core of “detective” security offerings.

Traps is designed to work seamlessly in these environments. License elasticity and the ability to scale horizontally to tens of thousands of endpoints are built into the Traps architecture. Traps does not perform any system scans and, therefore, has no impact on shared storage or end-user productivity.


A Security Platform That Extends Beyond the Endpoint

A security product that is built solely to protect virtual endpoints often lacks the broader contextual intelligence that is a core component of an effective enterprise security architecture. Integrated threat intelligence that includes tactics, techniques, and procedures (TTP) which new and previously encountered cyberattacks have utilized is critical in successfully defending enterprise systems and networks.

Traps is an integral part of the Palo Alto Networks Security Operating Platform that prevents cyberattacks, automatically and in real time, regardless of the physical or virtual nature of the endpoints and the systems deployed in an organization. WildFire is an integral part of Traps for increased contextual visibility into and protection against correlated threat actors and campaigns, no matter where in the organization they may occur.

Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.



Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.