Traps management – let’s move to the cloud!
Blog by: Diğdem Çiftçi, Security Engineer.
Since March 2018, Palo Alto Networks offers a cloud management interface for its next-generation endpoint security solution Traps, so why not use it? Although migration might sound scary if you are a somewhat more conservative Traps customer, there are quite some good reasons to reconsider. This blog will hopefully proof to be helpful on that.
Originally, Traps was solely available as an on-premise solution, meaning that customers needed to provide server
resources themselves to install the SQL database, the Endpoint Security Manager core application and finally the web console. Based on sizing (number of endpoints) and preference, these would be installed on one or more servers. The downside of this was that each customer is/was responsible for providing hardware/software, monitoring and maintenance regarding the underlaying servers. Also performance could become an issue, especially in a rapidly growing enterprise with an expanding number of Traps agents. Due to such a growth, additional server resources could become a requirement. Of course, the total cost of ownership (TCO) of the solution would grow accordingly.
Palo Alto Networks’ cloud management solution for Traps (TMS) is considered to eliminate all these cons, and provide customers with an ‘easier to manage’ solution. Basically, like any other cloud service, the idea is: “Save money and time on hosting and managing your IT yourselves and let us do it for you in the most efficient and effective way.” Due to a fully redundant and secure design, customers can rely on a 99,9+ % uptime guarantee and secured TLS communication between agents and TMS.
A new version
To be honest: the first cloud management version (Traps 5.0) was not fully comparable with the on-premise environment (EMS) when looking at the number of features and their maturity. However, since Palo Alto Networks puts a great amount of their Traps research & development resources into the evolution of TMS, it has become a very good alternative over the past two years.
Choosing the right endpoint security solution
Read all about choosing the right endpoint security solution here.
Currently, cloud managed Traps version 6.1.2 has become available, with integrated EDR capabilities. When looking at on-premise deployments: version 4.2.5 is the latest one. Basically since version 4.2.2 we don’t see any big improvements on new releases. In fact; around March 2019 it was announced that Palo Alto Networks has made the decision to discontinue development of new features for Traps Endpoint Security Manager (ESM) for on-premise management. Please note that despite this announcement, support for any Traps version, including on-premise ESM environments, will remain available until the end-of-life date provided for that version. A list of these dates are mentioned below:
|Version||Release Date||End-of-Life Date|
|3.1||September 3rd, 2014||September 3, 2015|
|3.2||March 31st, 2015||March 31, 2016|
|3.3||November 10th, 2015||February 28, 2017|
|3.4||August 21, 2016||August 21, 2019|
|4.0||April 5th, 2017||April 5, 2018|
|4.1||September 15th, 2017||September 15, 2019|
|4.2||June 25, 2018||March 1, 2022|
|5.0||March 19, 2018||March 19, 2021|
|6.0||February 26, 2019||February 26, 2020|
Why you should consider migrating Traps management to the cloud
- Cost reduction
As mentioned earlier, the total cost of ownership of the Traps solution is directly influenced by a choice for on-premise management (ESM). This is due to the fact you would need your own server resources for hosting database, core application and web console. When choosing for cloud management (TMS) there are no additional costs for hosting all of these since it has become Palo Alto Networks’ responsibility.
- Easier management and agent deployment
TMS is a user-friendly platform. It can be reached through a Palo Alto Networks application hub, from where you can start any Palo Alto application you are entitled to, based on Single Sign On. Of course, the hub supports Multi Factor Authentication for additional security purposes.
Agent installation does not require any customer specific parameters anymore, as installation packages with all the necessary parameters embedded can be downloaded directly from the console.
- Additional features, more coverage
Although scanning of local storage for dormant malware is not strictly necessary in relation to the effectiveness of Traps (which is primarily predictive), the possibility is included in the cloud managed versions. Especially companies that require traditional AV-scanning due to compliance reasons, can therefore consider Traps as AV-replacement.
As mentioned before, EDR (endpoint detection and response) capabilities have been added in the cloud managed Traps 6.0 release and newer. This makes it possible to do behavioral analysis, based on collection of event data. Please note that this requires additional licensing on both feature and cloud storage (Cortex XDR).
- Integration and scalability
TMS is very scalable, leveraging an elastic cloud-architecture. Only if you require a great amount of logs to be available within the cloud platform, you might run out of available storage. Fortunately, storage capacity can be bought and added just by purchasing an additional license.
Integration options with 3rd party solutions are virtually unlimited, due to the open standards used (API-based) used in TMS. Many out-of-the-box integrations exist with solutions from Palo Alto technology partners, e.g. Splunk (SIEM), ProofPoint (hosted e-mailsecurity gateway) and Aruba Networks (NAC).
- End of Support with On-Premise
In regards to the earlier in this blog mentioned end-of-life dates of on-premise Traps versions (up to version 4.2), it is important to know that end-of-life also means end-of-support.
I hope this blog helps you with making the choice for Traps management migration towards the cloud. Please know that we can help you on the actual migration.