Good Afternoon Colleagues
I hope you are doing good . I am new reseller for PaloAlto in Egypt . I will offer to one of my customers Palo Alto firewall 850 . He needs also endpoint protection . Before offer to him PaloAlto traps , I need to know if traps has a version that can work On-premise or it is working on cloud only ?
Thx in advance.
Solved! Go to Solution.
I also answered in the other post. The letter tier simply denotes the quantity of agents. There is no functional difference between tiers.
The on-premise Traps Endpoint Security Manager (ESM) end of life has been announced. The date can be found here:
Cortex XDR Prevent (and Pro) offers an on-premise broker to serve as a proxy; however, the management component is in the cloud.
Good Afternoon David
Thx for your detailed replay . So if i choose to use Traps cloud version , Will traffic be inspected locally on clients workstations that have traps installed before leave to the Internet or traffic will be inspected at Palo Alto servers at Cloud before leave to the Internet ?
Most everything is handled locally, with the exception of malware verdicts. Instead of leveraging signature files, the agent will check with WildFire via a SHA-256 hash. If the file is known, it will respond accordingly. If it is unknown, local analysis will score the file and make a temporary verdict. At the same time the file is uploaded and detonated in WildFire. After analysis, the file is known. This logic is the same logic that applied in the on-premise ESM.
Do you have connectivity challenges or are you trying to limit internet traffic?
Good Morning David
Many thanks for your fast response and your willing to help . The case that the customer is governmental entity and cloud solution not allowed for governmental solution . The reason that for normal cloud solution - as per my knowledge- , All files should be sent to cloud to be inspected first before leave to the internet.
Based on you last replay , I would like to summarize the below:
Is there any major difference between the two solutions from your point of view ?
There are quite a few differences between ESM and Cortex XDR. You get significantly more features in Cortex XDR. Some differences include:
1. Management server location (Cloud vs on-Prem)
2. Cortex XDR has more prevention features (Behavior Threat Protection, etc)
3. Agent communication (Cortex XDR - communicates over internet / ESM - communicates while on network, VPN, or DMZ exposed Core)
4. EDR capabilities available in Cortex XDR
5. Cortex XDR has device control features (USB Device control, Host-based firewall, bitlocker support)
6. Cortex XDR allows response capabilities
WildFire is used in both solutions. WildFire is cloud-based.
Thx for the good presentation for EMS vs Cortex XDR . I think if i need to have good replacement for EMS , The equivalent is TMS . Is that true ?
I think Cortex XDR will be required only if behavioral analysis is required . Is this true ?
So TMS doesn't technically exist anymore. The features previously available within TMS are now available within Cortex XDR Prevent. Cortex XDR Pro (which includes the features in Prevent) gives you the additional features that were not available in TMS. This includes features such as IOCs, BIOCs, hunting, analytics, etc.
Thanks for your email . That's make everything clear . The below is the quotation sent by PaloAlto distributor in Egypt . Does the below refer to endpoint Cortex XDR Prevent ?
Good Morning David @dfalcon
I hope you are doing well. Are you able to confirm weather the quotation sent by PaloAlto distributor in Egypt - that I shared in my previous message- refer to endpoint Cortex XDR Prevent ?
Thx in advance
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!