Palo Alto Networks

Palo Alto Networks Endpoint Security

Palo Alto Networks’ Endpoint Security solutions prevent security breaches, protects your users, and secures your endpoints.
Endpoint protection is the crucial process of ensuring the individual access points to a corporate network are secured; meaning all internet enabled devices such as laptops, tablets, and smartphones. The traditional endpoint protection perimeter continues to expand as organizations adopt more bring-your-own-device practices—increasing the number of vulnerable entry points.
Traditional endpoint solutions are simply not versatile enough to keep up with today’s threat landscape.

Legacy Antivirus issues

Despite attempts to pivot from outdated security methodologies, traditional antivirus (AV) continues to fail to prevent security breaches on endpoints, as evidenced by the rise in security breaches worldwide. Moreover, AV requires layers of products, saddling organizations with hidden costs that are often intangible, difficult to quantify or go unquestioned. Organizations should replace traditional AV with more advanced technologies that provide superior endpoint protection while complementing and easily integrating with a security platform for enhanced security.

The Costs of Legacy Antivirus

The effectiveness of signature-based file scanning has diminished as operating systems, networks and applications have evolved. Today, there are simply too many variations of new and unknown threats for a signature-based approach to identify and block them in a timely fashion. However, AV vendors still rely on traditional techniques and have only made incremental improvements in their malware coverage, while requiring multiple additional products to try to keep up. The additional products demand more maintenance, upkeep costs and burdens on staff. As a result, the costs of operating an AV system are growing.

Modern Endpoint Protection

Evolved endpoint protection methods eliminate the need for traditional AV:

  • Recognizes that prevention is the only effective, scalable and sustainable way to reduce the frequency and impact of cyber breaches.
  • Prevents known and unknown malware and zero-day exploits from subverting legitimate applications.
  • Automatically and natively integrates with a security platform and leverages global threat intelligence.
  • Blocks exploits and malware, regardless of a system’s online status, network connectivity or physical location.
  • Is transparent to users and makes minimal demands on memory, bandwidth and CPU resources.

Traps Multi-Method Exploit Prevention

Palo Alto Networks Traps™ advanced endpoint protection provides a multi-method approach to exploit prevention that combines several layers of protection to block exploit techniques and increase malware detection accuracy – without relying on virus signatures or resource-taxing scanning. Traps submits unknown files to Palo Alto Networks WildFire® threat analysis service, which continually analyzes global threat intelligence to identify and automatically prevent malware previously seen elsewhere.


To prevent security breaches, a shift must occur from detecting and responding to incidents after the fact to preventing security breaches from occurring in the first place. Endpoints must be protected from known, unknown and zero-day threats delivered through malware and exploits whether a machine is online or offline, on-premise or off, connected to the organization’s network or not.

An advanced endpoint security product must enable end users to conduct daily business and use mobile- and cloud-based technologies without fear of unknown cyberthreats. Users should be able to focus on their responsibilities rather than worry about security patches and updates. They must be confident that they are protected from inadvertently running malware or exploits that may compromise their systems.

Threat intelligence gained elsewhere through encounters with new and unique attacks, such as third-party intelligence service providers and public threat intelligence-sharing constructs, must enable endpoint agents to instantly prevent known malware, identify and block unknown malware, and stop both from infecting endpoints.

Applications are at the core of any organization’s ability to function effectively. Unfortunately, security flaws or bugs in applications give threat actors a large attack surface that traditional antivirus fails to protect. An organization’s security infrastructure should be able to provide full protection against exploits for all applications, including third-party and proprietary applications.

Security products should not burden such resources as RAM, CPU or disk storage. Prevention of security breaches must never jeopardize user productivity. Endpoint protection, and for that matter any security, must be lightweight enough not to require significant system resources, or it will invariably degrade user experience and productivity.

Organizations may not always deploy available system updates and security patches immediately, either because doing so would interfere with, diminish or eliminate critical operational capabilities, or because patches may not be available for legacy systems and software that have reached their end-of-life. A complete endpoint security solution must support unpatchable systems by preventing the exploitation of software vulnerabilities, known or unknown, and regardless of the availability or application of security patches.

Any security solution intended to replace antivirus should be scalable, flexible and manageable enough for deployment in an enterprise environment. Endpoint security solutions should support and integrate with the way an enterprise deploys its computing resources, scale to as many endpoints as needed, and support deployments that cover geographically dispersed environments. They must also be flexible in their ability to provide ample protection while still supporting business needs and not overly restricting the business. This flexibility is critical as the needs of one part of the organization may be entirely different from those of another. Additionally, the solution must be able to be easily managed by the same group that manages security in other parts of the organization. It must be designed with enterprise management in mind, without adding operational burden.

Regulatory compliance often requires organizations that fall within a given jurisdiction to implement antivirus to secure their endpoints. In order to proactively protect endpoints while meeting compliance requirements, endpoint security vendors that replace existing antivirus solutions should be able to provide third-party validation to help customers achieve or maintain compliance.

Any security product intended to replace legacy antivirus should ideally have had its effectiveness claims reviewed and validated by an independent third-party. The availability of independent reviews offers an essential check beyond what an organization looking for an antivirus replacement is capable of conducting.

Any organization looking to move away from traditional antivirus should ensure the replacement is recognized as a key player in the endpoint security space by a respected analyst or research firm. This will ensure the solution and its vendor meet a standard set of viability requirements as an endpoint security provider.

With today’s widespread use of unknown malware and vulnerability exploits in targeted attacks, it is more essential than ever that endpoints are proactively protected. Palo Alto Networks® Traps™ advanced endpoint protection replaces legacy antivirus with multi-method prevention, blocking known and unknown threats before they can compromise an endpoint. As part of Palo Alto Networks Next-Generation Security Platform, Traps integrates with WildFire® cloud-based threat analysis service to convert threat intelligence from the global community into malware prevention, automatically blocking threats on the endpoint regardless of where they originated.