Traps on Cloud or On-premise

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Traps on Cloud or On-premise

L2 Linker

Good Afternoon Colleagues 

I hope you are doing good . I am new reseller for PaloAlto in Egypt . I will offer to one of  my customers Palo Alto firewall 850 . He needs also endpoint protection . Before offer to him PaloAlto traps , I need to know if traps has a version that can work On-premise or it is working on cloud only ?

 

Thx in advance.

 

Best Regards

1 accepted solution

Accepted Solutions

Hi @AhmedSallam-

 

I also answered in the other post.  The letter tier simply denotes the quantity of agents.  There is no functional difference between tiers. 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

18 REPLIES 18

L4 Transporter

The on-premise Traps Endpoint Security Manager (ESM) end of life has been announced.  The date can be found here:

 

https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary

 

Cortex XDR Prevent (and Pro) offers an on-premise broker to serve as a proxy; however, the management component is in the cloud.


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Good Afternoon David

Thx for your detailed replay . So if i choose to use Traps cloud version , Will traffic be inspected locally on clients workstations that have traps installed before leave to the Internet or traffic will be inspected at Palo Alto servers at Cloud before leave to the Internet ?

 

Best Regards

Most everything is handled locally, with the exception of malware verdicts.  Instead of leveraging signature files, the agent will check with WildFire via a SHA-256 hash.  If the file is known, it will respond accordingly.  If it is unknown, local analysis will score the file and make a temporary verdict.  At the same time the file is uploaded and detonated in WildFire.  After analysis, the file is known.  This logic is the same logic that applied in the on-premise ESM.

 

Do you have connectivity challenges or are you trying to limit internet traffic?


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Good Morning David

Many thanks for your fast response and your willing to help . The case that the customer is governmental entity and cloud solution  not allowed for governmental solution  . The reason that for normal cloud solution - as per my knowledge-  , All files should be sent to cloud to be inspected first before leave to the internet.

 

Based on you last replay , I would like to summarize the below:

  • It seems that the operation of traps on ESM and traps on cloud is the same . I think the major difference that in ESM solution i need to have  ESM Server but in Cloud solution , No.
  • Also in cloud solution & ESM solution , All inspection done locally expect for malware . Is that true?

Is there any major difference between the two solutions from your point of view ?

 

Best Regards

Hi @AhmedSallam 

 

There are quite a few differences between ESM and Cortex XDR.  You get significantly more features in Cortex XDR.  Some differences include:

 

1.  Management server location (Cloud vs on-Prem)

2.  Cortex XDR has more prevention features (Behavior Threat Protection, etc)

3.  Agent communication (Cortex XDR - communicates over internet / ESM - communicates while on network, VPN, or DMZ exposed Core)

4.  EDR capabilities available in Cortex XDR

5.  Cortex XDR has device control features (USB Device control, Host-based firewall, bitlocker support)

6.  Cortex XDR allows response capabilities 

 

WildFire is used in both solutions.  WildFire is cloud-based.  

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hello David

Thx for the good presentation for EMS vs Cortex XDR . I think if i need to have good replacement for EMS , The equivalent is TMS . Is that true ?

I think Cortex XDR will be required only if behavioral analysis is required . Is this true ?

 

 

Best Regards

Hi @AhmedSallam 

 

So TMS doesn't technically exist anymore.  The features previously available within TMS are now available within Cortex XDR Prevent.  Cortex XDR Pro (which includes the features in Prevent) gives you the additional features that were not available in TMS.  This includes features such as IOCs, BIOCs, hunting, analytics, etc.  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hello David

Thanks for your email . That's make everything clear . The below is the quotation sent by PaloAlto distributor in Egypt . Does the below refer to endpoint Cortex XDR Prevent ?

Trap Offer.jpg

Good Morning David @dfalcon 

I hope you are doing well. Are you able to confirm weather the quotation sent by PaloAlto distributor in Egypt - that I shared in my previous message- refer to endpoint Cortex XDR Prevent ?

 

Thx in advance

Hi @AhmedSallam 

 

Can you send me a direct message with your email address?  I'm not sure if that SKU is accurate.  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Good Morning David @dfalcon 

My email address is ahmed.abdulla@siscomgroup.ca

 

Just send to me any test email and I will reply to you with quotation received from the Egyptian distributor

 

Thx for your support.

 

Best Regards

 

Good Afternoon @dfalcon 

I would like to share with you below here the SKU received from the Egyptian distributor:

 

Part Code: PAN-TRAPS-A-BKLN-1YR

Product Description: Traps Advanced Endpoint Protection for agents, tier A, 1-year prepaid, includes Premium Partner Support

 

Waiting for your confirmation 

 

Thx in advance.

 

Best Regards

Hi @AhmedSallam-

 

I believe that SKU is being discontinued.  The replacement SKU should be PAN-XDR-PRVT.  You may have your distributor double-check.  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hi @dfalcon 

Thx for your great support . I will check with the distributor and will let you know.

 

Thx in advance.

 

Best Regards

  • 1 accepted solution
  • 16358 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!