PaloAlto Traps
It replaces traditional antivirus with a multi-method prevention approach that secures
endpoints against known and unknown malware and exploits before they can compromise a
system.
Employs Multi-method Prevention approach
 Malware Prevention
 Exploit Prevention
MALWARE PREVENTION
Wild Fire Threat Intelligence:
a cloud-based malware analysis and threat
intelligence repository which analyses threat
intelligence from Palo Alto customer networks.
This is used to prevent KNOWN (& previously
seen) malware from compromising an endpoint.
Local Analysis:
examines a file structure on the local machine
itself to determine if it is malicious or harmless, by
using Machine Learning technology.
This is used to detect and prevent potentially
UNKNOWN malware.
Wild Fire – Full Analysis:
Unrecognized files or those not known to Wild Fire
EXPLOIT PREVENTION
Pre-Exploitation:
Prevents execution of an exploit. Today’s exploit
kits search for vulnerabilities in the system and
then decide which attack to launch. Such
vulnerabilities are blocked by Traps.
Technique-based exploit prevention:
Blocks known and unknown techniques used by
Hackers including zero-day attacks.
Traps blocks these techniques, thereby preventing
exploitation attempts before they can compromise
endpoints.
Post-Exploitation:
Blocks attacks that escalate system privileges as
Intelligence network are submitted to Wild Fire for well as compromise of Operating system itself.
Full Analysis. This includes Static Analysis and
Dynamic Analysis.
 Static Analysis – examining of file structure
 Dynamic Analysis – the unknown file is
detonated in customized Sandbox while
additionally run the malware in Bare metal
to determine if it is Malicious or benign.
This detects some of the most evasive
types of malware.

Malicious Process Control:

Helps to identify if a typically risky application is
being launched by another application. This gives
fine-grain control over what applications can run
which processes as child processes. e.g.: MS Word
and Internet Explorer can launch additional
processes to run scripts.

All these above capabilities are also used to

prevent Malicious Macros from executing in MS
Word or MS Excel and thereby run child processes.

MALWARE PREVENTION capability uses :-

1. Wild Fire – Threat Intelligence on Cloud : a cloud-based malware analysis and threat
intelligence repository which analyses threat intelligence from Palo Alto customer networks.

This is used to prevent KNOWN (& previously seen) malware from compromising an endpoint.

2. Local Analysis : examines a file structure on the local machine itself to determine if it is
malicious or good, by using Machine Learning technology.

This is used to detect and prevent potentially UNKNOWN malware.

3. Wild Fire – Full Analysis :

Unrecognized files or those not known to Wild Fire Intelligence network are submitted to Wild
Fire for Full Analysis. This includes Static Analysis and Dynamic Analysis.

 Static Analysis – examining of file structure

 Dynamic Analysis – the unknown file is detonated in customized Sandbox while additionally run
the malware in Bare metal to determine if it is Malicious or benign. This detects some of the
most evasive types of malware.

4. Malicious Process Control:

Helps to identify if a typically risky application is being launched by another application. This
gives fine-grain control over what applications can run which processes as child processes.

e.g.: MS Word and Internet Explorer can launch additional processes to run scripts.

All these capabilities are also used to prevent Malicious Macros from executing in MS Word or
MS Excel and thereby run child processes.

EXPLOIT PREVENTION capabilities employ

1. Pre-Exploitation: Prevents execution of an exploit.

Today’s exploit kits search for vulnerabilities in the system and then decide which attack to
launch. Such vulnerabilities are blocked by Traps.

2. Technique-based exploit prevention :

Blocks known and unknown techniques used by Hackers including zero-day attacks.
Traps blocks these techniques, thereby preventing exploitation attempts before they can
compromise endpoints.

3. Post-Exploitation:
Blocks attacks that escalate system privileges as well as compromise of Operating system itself.