Palo Alto Networks Traps Room for Improvement

Luke Teeters
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
With cloud integration, there were several improvements made: * Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis. With the cloud implementation, we now have connectivity to the server at any moment, as long as we have an internet connection. * A new user interface, which is a lot easier to use. Making it similar to managing a firewall. * Additional OS support. View full review »
Amjad Khan
Information Technology Manager at a hospitality company with 10,001+ employees
There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application. View full review »
Netw9886
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly. View full review »
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere. With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines. View full review »
Rob Haller
Security Engineer at US Acute Care Solutions
Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. View full review »
ManagerO5d72
Manager of InfoSec at Joann Fabrics
The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming. View full review »
Saidatta HIndlekar
Manager Information Technology at Avendus Capital Pvt. Ltd
Managing the product should be easier. View full review »
Raul Rivera
Manager, Communications and Security at GFR Media
I haven't seen any area that needs improvement but I've only been using it for 5 months but have not found any deficiencies. I would like to see more automation and self-healing for incidents that can be easily classified as malware. View full review »
Manuel Keller
Managing Consultant at a tech services company with 51-200 employees
Performance at the endpoint is much better than with the old AV. No signature updates needed. Stops the attack before it is executed. View full review »

Sign Up with Email