Palo Alto Traps volatility in endpoint protection

Vendor switch suggests future for the security channel less reliant on antivirus. By Larry Walsh

Palo Alto ventures away from its sweet spot in enterprise security with the launch of Traps, a complementary technology that safeguards endpoints from malware. The new product shows how endpoint security is shifting from traditional antivirus technologies.

The news came with an announcement that US comedian and late-night talk show host Jimmy Kimmel is the most dangerous celebrity on the internet. Forget the lures that promise nude photos of Jennifer Lawrence and Emma Watson. According to Intel Security, searching Kimmel will mostly likely produce results with malware.

Despite three decades of antivirus technology development, the venerable endpoint protection applications offered by companies such as Symantec, Intel Security (McAfee), Sophos, Kaspersky Lab and others are increasingly ineffective against sophisticated malware, pinpoint attacks and advanced persistent threats.

Palo Alto Networks, which made a name for itself by revolutionising perimeter security, has taken a step away from network-level security with Traps - the name of its new endpoint security technology.

Traps uses technology acquired from Cyvera, combining security intelligence and automated responses to address numerous malware threats without reliance on signatures and heuristics.

Details on precisely how Traps identifies and blocks malware attacks and safeguards vulnerabilities - including zero-day attacks - are scarce in Palo Alto's announcement.

The security vendor says its technology blocks 23 sets of malware techniques on PCs and mobile devices, and is integrated with its WildFire threat analysis service.

Given Palo Alto's core, next-generation firewall technology's ability to analyse activity rather than just protocols, Traps is most likely addressing malware threats from a behaviour and application perspective.

Traps is available as a subscription service sold through Palo Alto's channel partners. Additionally, Traps is being resold by VMware, and is being integrated into the NSX networking virtualization/SDN platform.

The question is whether Traps is a trap for traditional antivirus vendors.

After getting off to a slow start, Palo Alto disrupted the entire security hardware market with its next-gen firewall technology, which protects businesses by analysing applications traversing the perimeter rather than just looking at which ports and protocols applications are using.

Palo Alto's success in the firewall space forced companies such as Fortinet, Dell SonicWall, Cisco, Intel Security, and Check Point Software Technologies to rethink their firewall strategies.

Traps appears as an interesting alternative or complement to antivirus technology, as it reportedly automates the process of threat identification and response to endpoint level. If effective, Traps promises to eliminate the gap between the identification of new malware and the release of signatures and removal tools.

Palo Alto's Traps comes at a time when the antivirus market is in decline.

Earlier this year, Symantec conceded that the age of antivirus software is over and blamed much of its performance struggles on declines in endpoint antivirus sales. Other security software vendors refuse to pull the plug on antivirus, but have been steadily shifting their strategy and portfolios away from a high dependence on antivirus sales.

While antivirus remains an important product category at companies such as Intel Security, Kaspersky Lab, and Sophos, it's increasingly a secondary technology compared to encryption, unified threat management, intrusion detection and data loss prevention.

Disruptions of the conventional antivirus market aren't coming just from Palo Alto.

FireEye, headed by former McAfee CEO Dave DeWalt, has captured much attention with its alternative technology to antivirus. Many of the traditional security software companies view FireEye as a threat to their core business. Last year's addition of Mandiant threat intelligence to the FireEye portfolio made the company's offerings even more potent.

Traps isn't Palo Alto's first venture into endpoint protection. Its GlobalProtect safeguards endpoints from security threats by pointing devices disconnected from corporate networks to the nearest Palo Alto next-gen firewall for traffic inspection.

The release of Traps comes as Palo Alto Networks received unexpectedly less than stellar performance reviews from NSS Labs - an information security research company. The company's flagship product failed several key tests of how easily hackers can evade security protections.