Palo Alto Networks, a next-generation security company, has announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps advanced endpoint protection offering.
These updates strengthen its malware and exploit prevention capabilities and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.
That is a big claim to make – is traditional AV dead?
Most organisations use traditional, software-based, blacklist definition, AV security products on their endpoints. Regardless, cyber breaches continue to increase in frequency, variety and sophistication. AV cannot keep pace and invariably fail to prevent these attacks on endpoints.
Traps combine the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.
Rob Westervelt, research manager, Security Products, IDC, said “The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on signatures to keep pace. Traps takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyber-threats and reducing the resources required by IT teams to track and install security patches."
It is a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches.
Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.
The new functionality includes static analysis via machine learning and trusted publisher capabilities to allow Traps to detect and immediately prevent malware that has never been seen.
The latest version of Traps, version 3.4, will be available by the end of August and includes the following updates:
- Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
- Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
- Quarantining of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
- Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.
A number of enterprise security vendors now offer machine learning, cloud-based solutions that identify known good behaviour and departures from that. Good security is not just end-point based by layers that holistically work together to cover the gaps.
For the consumer, traditional AV is really all you can get – the more sophisticated, cloud-based tools have not made it to the consumer level yet.