Advanced endpoint protection.
Advanced endpoint protection.
Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place. We have not had any malware successfully execute on an endpoint since deploying Traps.
Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.
The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install.
There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product.
Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.
Mostly positive. We've had some episodes early on where upgrades caused some issues with the backend database, but that seems to have cleared up. This issue would not impact the Traps 5.0 users as it is SaaS based.
This software exists on every workstation and server in our company with ~10,000 people using the solution. For on-prem, we run 3 nodes and it handles the load just fine. We could always add more nodes if necessary. For the SaaS solution, that is all on Palo Alto's side.
Setup was pretty straight forward. The product is very granular and customers can turn on features as they are ready/comfortable in order to keep the deployment simple. For organizations with a good understanding of their infrastructure, deployment should be pretty simple.
We deployed Traps ourselves. We went big bang and deployed all features at once. We had a strong understanding of our systems and were able to provide whitelisting settings up front that made sense. There was a bit of post-deployment work to resolve things that were missed, but all things considered the deployment strategy went smoothly and was the right call.
For an endpoint security service, that is hard to state. We have not seen a malware infection since deployment.
I feel it is fairly priced.
I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.