Palo Alto Networks has just released new functionality that includes significant machine learning capabilities for real-time unknown malware prevention.
The next-gen security company says the updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints.
The company also mentions that many organizations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products.
According to Palo Alto Networks, the following updates will include:
- Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognize malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
- Trusted publisher identification allows organizations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
- Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
- Grayware classification allows an enterprise to identify non-malicious but otherwise undesirable software and prevent it from running in their environment.
Rob Westervelt, research manager at IDC, says the sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace.
“The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”
Lee Klarich, executive vice president of product management at Palo Alto Networks, says Antivirus point products give organizations a false sense of security. This is because while they technically make users compliant with regulatory and corporate governance requirements.
“To do that, organizations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”