Exploit Mitigation

Traps™ advanced endpoint protection focuses on the core techniques leveraged by exploits in advanced cyberattacks. Traps renders these techniques ineffective by breaking the exploit sequence and blocking the technique the moment it is attempted. 

Malicious Executable Prevention

Traps prevents executable malware by preventing core malware techniques. Additionally, policy-based restrictions can be used to reduce the endpoint attack surface, and integration with the WildFire™ threat intelligence cloud offers rapid analysis of executables before they can run.



Lightweight yet Comprehensive

Traps does not perform any system scanning, or rely on signature updates, the way many endpoint solutions do. This approach results in minimal impact to the user experience and system-level resources while protecting all applications, including proprietary and third-party ones. 

Compromise isn’t inevitable, or, at least, it shouldn’t be. Traditional endpoint protection simply cannot keep up with the rapidly evolving threat landscape, leaving organizations vulnerable to advanced attacks. A new approach is needed, one that can rebuild confidence in endpoint security.

This new approach needs to prevent advanced attacks originating from executables, data files or network-based exploits – known and unknown – before any malicious activity could successfully run. We call this “advanced endpoint protection.” By focusing our solution on the attacker’s core techniques and putting up barriers to mitigate them, the attacker’s path for exploitation becomes known, even when the attack isn’t.

Extend Zero Trust to Your Endpoint

With exploit kits readily accessible, even your “good” applications can go “bad.” Therefore, Zero Trust (“never trust, always verify”) should be extended beyond the network. No application or attached device should be trusted – known or unknown. Instead of monitoring for patterns or malicious behaviors, or whitelisting applications, an advanced endpoint protection should persistently enforce the Zero Trust model on your endpoints.

While Traps can harden a system to allow only trusted applications to run, that is just one facet of the approach. Our unique exploit and malware prevention modules ensure those “trusted” applications cannot be exploited. This combination makes for an unparalleled approach to advanced endpoint protection. Read more.

Patch Management – Worry No More

Patch management alone does not provide adequate protection because vulnerabilities exist long before patches are released, and there is an inevitable delay in installing newly released patches. Plus, legacy software that is no longer supported by the vendor can never be patched. With support discontinued for Windows XP and Windows Server 2003, those who are still running this legacy software will remain publicly vulnerable.

Employing Traps as a compensating control allows organizations to meet various requirements, including PCI compliance and the protection of SCADA and VDI environments, by eliminating the possibility of exploiting those unpatched vulnerabilities. Read more.

Do More With Less

Traps requires no definition updates or specialized hardware; protects unpatched systems; is compatible with all physical and virtual Windows platforms, including terminals, VDI, VMs and embedded systems; protects all applications, including proprietary and third-party ones; and, most importantly, doesn’t need prior knowledge of an attack in order to prevent it.

  • Workstation and Server OS Support:
  • Windows XP with SP3
  • Windows Vista
  • Windows 7
  • Windows 8/8.1
  • Windows 10
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012



CBI Health Group

CBI Health chose the Palo Alto Networks Next-Generation Security Platform to protect its data center from ransomware and other threats.

  • 1
  • 264

University of Portsmouth Expands Services to Students and Researchers With Palo Alto Networks Security Platform

Palo Alto Networks® (NYSE: PANW), the leader in next-generation security, today announced that the University of Portsmouth has selected, deployed, and consolidated its security infrastructure on the Palo Alto Networks security platform.

Santa Clara
  • 2
  • 378

Traps for Windows Server 2003

Microsoft has announced Windows Server 2003 End of Support (EOS) on July 14, 2015. Many businesses will be forced by circumstances to leave these systems in service for some time. Retiring a major enterprise component has always been a challenge for IT departments. In addition to various logistical issues, an out-of-support component is vulnerable to attack and may leave the business vulnerable to significant security and compliance risks. By employing Palo Alto Networks® Traps™ Advanced Endpoint Protection as a compensating control, businesses can keep Windows Server 2003 systems compliant and secure, even after EOS.

  • 1
  • 1478

Secure Windows XP with Traps

Windows® XP end-of-life is a critical threat exposure for XP users. Security was one of the major drivers for Microsoft’s decision to end support for this operating system. No doubt, the intention was to urge enterprises to upgrade their systems. In reality, however, Windows XP systems are still deployed in many organizations. This technical brief outlines how Traps secures endpoint systems that run Windows XP, while enabling you to manage your XP upgrade policy at your own pace as you maintain acceptable levels of security and compliance.

  • 0
  • 373

Endpoint Protection in NERC CIP Environments – Compliance and APT Prevention

Compliance and security are both top-of-mind issues for electric utilities. The NERC CIP standards mandate controls that protect against malware, provide device monitoring, and enable the detection and response to cyber incidents. This webinar will explore the application of one advanced solution to meet both compliance requirements and security objectives.

  • 2
  • 400

Traps HIPAA Compliance

Healthcare organizations are increasingly under attack by cybercriminals, putting sensitive patient information, such as medications, diagnoses and Social Security numbers, at risk. The Anthem breach in early 2015 exposed the fact that, despite substantial investments made in securing their networks to be HIPAA compliant, healthcare providers are not fully protected against advanced cyberattacks.

  • 3
  • 1447