Differences Between Endpoint Security Manager and Traps Management Service
The following table compares capabilities between the Traps Endpoint Security Manager (ESM) 4.1 and Traps management service.
|Feature||Endpoint Security Manager||Traps management service|
Visibility into all file executions—including when Office files open and DLLs load into sensitive processes—and the file’s associated WildFire Report.
Administrative control to override verdicts for files that ran previously. Set verdicts from Benign to Malware and Malware to Benign.
Import never seen hashes and set verdicts for them.
Display quarantined files that are eligible to be restored to their original location on the endpoint.
Security events search criteria
Security Events—Endpoint, user name, and process.
SecuritySecurity Events—Enhanced options to filter security events.
SIEM, Syslog, Panorama, Email
Log forwarding to a Syslog receiver or email server is available with the Log Forwarding app.
Exception creation and policy configuration
You can create almost any policy rule that Palo Alto Networks Research teams (often at the instruction of Support) can create.
You can also whitelist very specific flows including whitelisting specific DLLs for EPMs, and allowing specific child processes.
Palo Alto Networks can also create granular policy changes, using either support exceptions or content updates. You can also edit profiles, create exceptions from security events, and disable specific capabilities, such as for a specific module or process.
Exceptions for Active Directory (AD) objects
Assign rules to any AD object.
Assign rules to any AD object.
Change mode per process
Report or block an event based on the process.
Report or block an event based on the category and not the process.
View protected processes
Visibility from the ESM Console (PoliciesExploitProcess Management).
Visibility from Traps management service (select or search for Protected Processes in the relevant exploit protection capability from SecurityProfiles<platform>CreateExploit Profile).
View policy from the Traps console
The Traps console displays the policy rules and exceptions that apply on the agent.
SettingsConditions—Conditions based on file properties and registry values.
EndpointsEndpoint Groups—Create dynamic groups based on conditions such as host name, domain, workgroup, IP addressing, endpoint type (for example, VDI), endpoint operating system, and agent version. Does not support conditions based on registry values.
Agent and ESM settings
Granular control over settings such as the Heartbeat Interval (the frequency at which the Traps agent attempts to check in), the Reporting Interval (the frequency at which the Traps agent sends report notifications, including changes in service, crash events, and new processes), and the Heartbeat Grace Period (the allowable time period for a Traps agent that has not responded, after which the status changes to disconnected).
Fixed settings but reduced heartbeat interval (5 minutes) and reporting interval (1 hour).
Choice of manual or automated content update installation.
Automated content updates delivered directly to your Traps management service tenant by Palo Alto Networks.
|Endpoint and Tenant Management|
Role-based access control
Granular access control for different areas and flows in the ESM Console.
Predefined roles to allow access to Traps management service features.
Automatic and manual license revocation.
Automatic license revocation and manual endpoint removal capability.
Custom notification message
Customizable notification messages.
Features Introduced in 2018
Introducing new features in the Traps management service by month during 2018. ...
Create a Policy Exception
Create a Policy Exception In some cases, you may need to override the applied security policy to change whether Traps allows a process or file ...
Traps Evaluation and Protection Flow
Traps Evaluation and Protection Flow Traps utilizes advanced multi-method protection and prevention techniques to protect your endpoints from both known and unknown malware and software ...
Changes to Default Behavior
Review the changes to default behavior in ESM and Traps 4.2 releases. ...
Traps 4.0 Administrator's Guide
Traps Administrator's Guide 4.0 paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support About the Documentation • ...
Traps™ Endpoint Security Manager Release Notes
Traps 3.4 Endpoint Security Manager Release Notes ...