ANSecurity deploys Palo Alto TRAPS advanced endpoint security at major financial services customer
TRAPS intercepts all known exploits and virtually eliminates false positives
UK, 29th September 2016 – ANSecurity, a specialist in advanced network and data security, has successfully deployed the Palo Alto Networks TRAPS advanced endpoint solution to help a major financial services organisation strengthen its security controls.
The financial organisation regularly processes a lot of active content from third-party organisations and its workforce had struggled to differentiate between legitimate or malicious attachments within emails. The organisations had previously used a “traditional” Anti Malware product, in conjunction with Anti-Virus software but found that attacks were still breaching this line of defence.
TRAPS is a technology from Palo Alto that focuses on intercepting the 30 or so underlying techniques that are commonly used across millions of malware examples instead of trying to detect malware signatures that can only be created after an incident. The technology has proven itself as a way of stopping new threats based on understanding these common steps that malware must perform to achieve a successful attack, and Palo Alto claims that these core techniques grow by only a few each year. As a result, Traps offers a way of blocking both common and previously unseen attacks.
“The initial deployment was very fast and we set up TRAPS in its learning mode allowing it identify a number of false positives,” explains Laurence Wright, Network Security Specialist for ANSecurity, “In this mode it starts to identify third party and bespoke in-house developed apps and the regular update processes. Once these were ‘dialled out’ of the detection process, the solution went into production and regular updates from PAN to the client and server software have added features and functionality to ease management, speed up debug and forensic examination of potentially malicious samples and events.”
ANSecurity then deployed malware behaviour controls using execution restrictions on unknown software and child process restrictions to allow more visibility over activity at the endpoint. “Some user re-education was required, especially for power-user and developer machines,” explains Wright, “For example, allowing for the delay in execution of newly downloaded EXE files whilst Wildfire analysis takes place and not running them from folders that could be identified as malicious activity.”
As a result, the likelihood of a successful core attack technique at the endpoint during the exploitation phase is reduced, even before the malware has a chance to run. As a result of TRAPS, malware related security incidents have reduced to almost zero as well as minimising the time consuming process of dealing with false positives.
“There is no magic bullet that will fix everything but as attacks become more sophisticated, TRAPS is a useful and pretty unique security approach that is able to detect the most dangerous type threats” says Wright, “Although it could be considered as a next generation concept, we have also seen particular interest and success helping customers to protect legacy systems running XP and Windows server 2003 that cannot be patched but are considered critical in areas like SCADA and ICS. We continually recommend migration but this is not always possible straight away and TRAPS has also proven very effective in this role.”
ANSecurity is running a seminar and hands-on demonstration in collaboration with Palo Alto Networks in London on the 20th October. The session allows participants to take on the role of an attacker and use evasive malware and exploits in an attempt to compromise an endpoint protected by TRAPS. For more information, please visit http://www.ansecurity.com/sharing-knowledge/pan-utd
ANSecurity is a specialist in securing networks and protecting data that helps some of the largest organisations in the UK and global brands to reduce risk and simplify operational management. In fact, the 10 largest ANSecurity clients have aggregate annual turnover in excess of £780 billion, employ over 779,000 staff and include top three players in the fields of financial services, retail and logistics. Public sector customers include local and central government, schools and colleges, police forces and the NHS.
ANSecurity is made up of subject matter experts that are focused on solutions and not just specific brands. This independence is maintained by ongoing certification and accreditation with over 32 leaders in secure information technologies including market stalwarts and innovative start-ups.
But our ethos recognises that technology by itself is not enough to create world class security processes that reduce risk. As such we offer consulting services to help our customers architect mature security methodologies and educational services to help them develop the skills needed to strengthen security from within.
As we celebrate our 13th year of double digit growth, ANSecurity will continue to build both point and end-to-end solutions that protect our customers’ networks and businesses while continually expanding our knowledge to meet the evolving IT security challenge. To learn more, visit www.ANSecurity.com
The Message Machine (PR for ANSecurity)
Tel: 07887 682943