Traps on Cloud or On-premise

Reply
Highlighted
L2 Linker

Traps on Cloud or On-premise

Good Afternoon Colleagues 

I hope you are doing good . I am new reseller for PaloAlto in Egypt . I will offer to one of  my customers Palo Alto firewall 850 . He needs also endpoint protection . Before offer to him PaloAlto traps , I need to know if traps has a version that can work On-premise or it is working on cloud only ?

 

Thx in advance.

 

Best Regards


Accepted Solutions
Highlighted
L4 Transporter

Re: Traps on Cloud or On-premise

Hi @AhmedSallam-

 

I also answered in the other post.  The letter tier simply denotes the quantity of agents.  There is no functional difference between tiers. 


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Traps on Cloud or On-premise

The on-premise Traps Endpoint Security Manager (ESM) end of life has been announced.  The date can be found here:

 

https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary

 

Cortex XDR Prevent (and Pro) offers an on-premise broker to serve as a proxy; however, the management component is in the cloud.


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L2 Linker

Re: Traps on Cloud or On-premise

Good Afternoon David

Thx for your detailed replay . So if i choose to use Traps cloud version , Will traffic be inspected locally on clients workstations that have traps installed before leave to the Internet or traffic will be inspected at Palo Alto servers at Cloud before leave to the Internet ?

 

Best Regards

Highlighted
L4 Transporter

Re: Traps on Cloud or On-premise

Most everything is handled locally, with the exception of malware verdicts.  Instead of leveraging signature files, the agent will check with WildFire via a SHA-256 hash.  If the file is known, it will respond accordingly.  If it is unknown, local analysis will score the file and make a temporary verdict.  At the same time the file is uploaded and detonated in WildFire.  After analysis, the file is known.  This logic is the same logic that applied in the on-premise ESM.

 

Do you have connectivity challenges or are you trying to limit internet traffic?


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L2 Linker

Re: Traps on Cloud or On-premise

Good Morning David

Many thanks for your fast response and your willing to help . The case that the customer is governmental entity and cloud solution  not allowed for governmental solution  . The reason that for normal cloud solution - as per my knowledge-  , All files should be sent to cloud to be inspected first before leave to the internet.

 

Based on you last replay , I would like to summarize the below:

  • It seems that the operation of traps on ESM and traps on cloud is the same . I think the major difference that in ESM solution i need to have  ESM Server but in Cloud solution , No.
  • Also in cloud solution & ESM solution , All inspection done locally expect for malware . Is that true?

Is there any major difference between the two solutions from your point of view ?

 

Best Regards

Highlighted
L4 Transporter

Re: Traps on Cloud or On-premise

Hi @AhmedSallam 

 

There are quite a few differences between ESM and Cortex XDR.  You get significantly more features in Cortex XDR.  Some differences include:

 

1.  Management server location (Cloud vs on-Prem)

2.  Cortex XDR has more prevention features (Behavior Threat Protection, etc)

3.  Agent communication (Cortex XDR - communicates over internet / ESM - communicates while on network, VPN, or DMZ exposed Core)

4.  EDR capabilities available in Cortex XDR

5.  Cortex XDR has device control features (USB Device control, Host-based firewall, bitlocker support)

6.  Cortex XDR allows response capabilities 

 

WildFire is used in both solutions.  WildFire is cloud-based.  

 


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L2 Linker

Re: Traps on Cloud or On-premise

Hello David

Thx for the good presentation for EMS vs Cortex XDR . I think if i need to have good replacement for EMS , The equivalent is TMS . Is that true ?

I think Cortex XDR will be required only if behavioral analysis is required . Is this true ?

 

 

Best Regards

Highlighted
L4 Transporter

Re: Traps on Cloud or On-premise

Hi @AhmedSallam 

 

So TMS doesn't technically exist anymore.  The features previously available within TMS are now available within Cortex XDR Prevent.  Cortex XDR Pro (which includes the features in Prevent) gives you the additional features that were not available in TMS.  This includes features such as IOCs, BIOCs, hunting, analytics, etc.  


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L2 Linker

Re: Traps on Cloud or On-premise

Hello David

Thanks for your email . That's make everything clear . The below is the quotation sent by PaloAlto distributor in Egypt . Does the below refer to endpoint Cortex XDR Prevent ?

Trap Offer.jpg

Highlighted
L2 Linker

Re: Traps on Cloud or On-premise

Good Morning David @dfalcon 

I hope you are doing well. Are you able to confirm weather the quotation sent by PaloAlto distributor in Egypt - that I shared in my previous message- refer to endpoint Cortex XDR Prevent ?

 

Thx in advance

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!