Security Market Segment LS
Monday, 15 August 2016 14:21

Palo Alto says ditch the antivirus approach


Traditional antivirus (AV) endpoint products give the enterprise a false sense of security; while they may satisfy regulatory and corporate governance requirements, they do not protect against today's advanced cyber-threats.

Palo Alto Networks, a next-generation security company, has announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps advanced endpoint protection offering.

These updates strengthen its malware and exploit prevention capabilities and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.

That is a big claim to make – is traditional AV dead?

Most organisations use traditional, software-based, blacklist definition, AV security products on their endpoints. Regardless, cyber breaches continue to increase in frequency, variety and sophistication. AV cannot keep pace and invariably fail to prevent these attacks on endpoints.

Traps combine the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.

Rob Westervelt, research manager, Security Products, IDC, said “The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on signatures to keep pace. Traps takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyber-threats and reducing the resources required by IT teams to track and install security patches."

It is a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches.

Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.

The new functionality includes static analysis via machine learning and trusted publisher capabilities to allow Traps to detect and immediately prevent malware that has never been seen.

The latest version of Traps, version 3.4, will be available by the end of August and includes the following updates:

  • Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
  • Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
  • Quarantining of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
  • Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.


A number of enterprise security vendors now offer machine learning, cloud-based solutions that identify known good behaviour and departures from that. Good security is not just end-point based by layers that holistically work together to cover the gaps.

For the consumer, traditional AV is really all you can get – the more sophisticated, cloud-based tools have not made it to the consumer level yet.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments