Traps Management Service

As new malware variants pop up around the globe and new software bugs and vulnerabilities are discovered, it is challenging to ensure that your endpoints remain secure. With the Traps™ management service, a cloud-based endpoint security service, you save the time and cost of building out your own global endpoint security infrastructure. This simplified deployment, which requires no server licenses, databases, or other infrastructure to get started, enables you to quickly protect your endpoints.
Additionally, you can forward logs generated by the Traps components to the Cortex Data Lake, and view the logs directly from the Traps management service.
tms-deployment.png
With Traps management service, Palo Alto Networks deploys and manages the security infrastructure globally to manage endpoint security policy for both local and remote endpoints and to ensure that the service is secure, resilient, up to date, and available to you when you need it. This allows you to focus less on deploying the infrastructure and more on defining the polices to meet your corporate usage guidelines.
Traps management service is comprised of the following components:
  • Traps Management Service Web Interface
    —A cloud-based security infrastructure service that is designed to minimize the operational challenges associated with protecting your endpoints. From Traps management service, you can manage the endpoint security policy, review security events as they occur, and perform additional analysis of associated logs.
    You can host your Traps management service tenant in either the US Region or EU Region.
  • Traps Agents
    —Each local or remote endpoint is protected by the Traps agent. The Traps agent enforces your security policy on the endpoint and sends a report when it detects a threat. Traps agents support secure communication with Traps management service using Transport Layer Security (TLS) 1.2.
  • Palo Alto Networks cloud-delivered security services:
    • Cortex Data Lake
      (formerly the Logging Service)—A cloud-based logging infrastructure that allows you to centralize the collection and storage of logs generated by your Traps agents regardless of location. The Traps agents and Traps management service forward all logs to the Cortex Data Lake. You can view the logs for your agents in Traps management service. With the Log Forwarding app, you can also forward logs to an external syslog receiver.
      You can host your Cortex Data Lake instance in either the United States (US) Region or European Union (EU) Region.
    • Directory Sync Service
      —The Directory Sync Service enables Palo Alto Networks cloud-based applications to leverage computer, user, and group attributes from your on-premise Active Directory for use in policy and endpoint management. The Directory Sync Service uses an on-premise agent to collect those attributes from your on-premise Active Directory. The Directory Sync Service agent runs in the background to collect the Active Directory information and syncs it with the cloud-based Directory Sync Service that you configure using the Hub.
      You can host your Directory Sync Service instance in either the US Region or EU Region.
    • WildFire cloud service
      —The WildFire® cloud service identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls and Traps management service can use to then detect and block that malware. When a Traps agent detects an unknown sample (an attempt to run a macro, DLL, or executable file), Traps management service can automatically forward the sample for WildFire analysis. Based on the properties, behaviors, and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire determines the sample to be benign, grayware, phishing, or malicious. WildFire then generates signatures to recognize the newly-discovered malware and makes the latest signatures globally available every five minutes. For more information, see WildFire Analysis Concepts.

Related Documentation