PaloAlto Networks Endpoint Protection & Response

Image result for paloaltonetworks logo

Leverage Behavior-Based Protection Sophisticated attacks that use multiple legitimate applications and processes for malicious operations have become more common, are hard to detect, and require visibility to correlate malicious behavior. For behavior-based protection to be effective, including identification of malicious activity occurring within legitimate processes, it’s critical to understand everything happening on the endpoint. Traps enacts behavior-based protection in a few different ways:

• Behavioral Threat Protection detects and stops attack activity by monitoring for malicious sequences of events across processes and terminating attacks when detected.

• Granular Child Process Protection prevents script-based and fileless attacks used to deliver malware by blocking known processes from launching child processes commonly used to bypass traditional security.

• Behavior-Based Ransomware Protection safeguards you against encryption-based behavior associated with ransomware by analyzing and stopping ransomware activity before any data loss occurs.

As Traps sees all system activity happening in real time, that activity can be recorded and sent to Cortex Data Lake for rapid detection and investigation.

 

Respond to Sophisticated Attacks with Cortex XDR

Traps uses Cortex Data Lake to store all event and incident data captured, allowing a clean handoff to Cortex XDR for further investigation and incident response. Cortex XDR™ cloud-based detection and response is an app that empowers SecOps to stop sophisticated attacks and adapt defenses in real time. By combining rich network, endpoint, and cloud data with analytics, Cortex XDR detects highly evasive attacks. Cortex XDR speeds alert triage and incident response by providing a complete picture of each threat and its root cause automatically, reducing the time and experience required at every stage of security operations, from triage to threat hunting. For response, tight integration with enforcement points empowers SecOps to respond to threats quickly and apply the knowledge gained to adapt defenses and prevent future threats, making the next response even faster.

Following an investigation, when remediation on the endpoint is needed, administrators have the option to:

• Terminate processes to stop any running malware from continuing to perform malicious activity on the endpoint.

• Isolate endpoints by halting all network access on compromised endpoints except for traffic to Traps management service, preventing them from communicating with and potentially infecting other endpoints.

• Quarantine malicious files and remove them from their working directories if Traps has not already quarantined the files.

• Block additional executions of a given file by blacklisting it in the policy.