Palo Alto Networks Sunsets On-premise Traps:

What Traps EOL Means for You

Ashish Shah, Senior Solution Architect, Dasher Technologies

Enterprise security is seeing some big changes. Recently, Palo Alto Networks (PAN) announced that the current version 4.2 of Traps Endpoint Security Manager (ESM) for on-premise management will be its last. Customers will continue to receive support and updates as needed, but Traps ESM will officially reach end-of-life (EOL) status in March 2022.

Traps EOL

The Traps EOL news comes accompanied by cloud-driven replacements. Last year, PAN introduced the cloud-delivered Traps Management Service (TMS) for endpoint security. And at the start of 2019, PAN unveiled Cortex, which integrates network, endpoint, and cloud data to provide continuous security and is deployed on a global, scalable public cloud platform.

The impending Traps EOL and arrival of new cloud-powered tools should surprise no one. It is just more evidence of an overall cloud migration trend. Forrester notes, “As software, infrastructure, and platforms shift to the cloud, a new breed of security services continues to emerge and grow to address the security requirements.”

This doesn’t mean the Traps EOL is not cause for concern for current users. Migration issues and security concerns have a huge impact on enterprise operations and can easily overwhelm IT departments. But you don’t have to go it alone.

How can Dasher support you?

Dasher can ease the path forward in many ways, starting with helping you validate whether your organization is migration ready. For those currently using Traps ESM, it’s best to ask Dasher Engineering for assistance before you initiate migration to Traps management service (TMS). We customize planning assistance for every migration, but here are a few of the necessary preparations:

  • Review PAN’s documentation on the “Differences Between Endpoint Security Manager and Traps Management Service” to determine whether upgrading to TMS is right for you.
  • Sanitize your security policy. Because the policy structure for TMS is different from ESM, you cannot migrate rules from an existing deployment. To ease migration, review existing user rules for each policy type and remove any that are no longer required (rules that were resolved in content updates or that apply to earlier versions of the Traps agent, for example).
  • Review/restore candidates. Before migrating to TMS, review any files that were quarantined. Does the file need to be restored or do you need to take any additional action to remediate the endpoint? After you upgrade the agent to a Traps version supported by TMS, the agent will not communicate with the ESM and will not respond to requests from the ESM to restore files.
  • Review security events. Review and address any events that require remediation. Security events that are not sent to the ESM before installing the new agents will not be sent to TMS.
  • Upgrade the Traps agent to a release that supports migration.
  • Locate your ESM Auth code to activate TMS without having to purchase additional licenses.

Integrating with the Cortex platform

By default, Traps management service (TMS) includes 100 GB of log storage when activated, but if you require more, an additional Cortex Data Lake license must be purchased. This brings up an interesting point: Migrating from ESM to TMS due to on-premise Traps EOL is its own endeavor. But if you decide to embrace cloud-driven security, a world of next-gen security capabilities opens up to you: You can integrate TMS with a variety of new PAN security services.

Palo Alto’s cloud-delivered Security Operating Platform enables automated threat identification and enforcement using a data-driven approach and precise analytics. And its Cortex is billed as “the industry’s only open and integrated AI-based continuous security platform,” with a new detection and response app (Cortex XDR) that natively integrates network, endpoint, and cloud data to stop sophisticated attacks. It uses behavioral analytics to speed alert, triage, and incident response and supplies a complete picture of each threat and its root cause automatically.

Security and Migration

Enterprise security threats are evolving at a rapid pace, but so are the tools designed to thwart them. PAN has set the clock running on Traps EOL just as a new crop of cloud-powered services debuts. When reviewing your options and setting your security strategy, Dasher stands ready to:

  1.      Validate you are migration ready
  2.      Help you migrate to the cloud
  3.      Customize and optimize your TMS cloud implementation
  4.      Provide insight and training into new TMS features and benefits
  5.      Provide insight and assistance integrating TMS with rest of Palo Alto Networks security services

To learn more about how Dasher’s engineers can help you manage Traps EOL, plan for cloud migration, or confidently handle any IT security concern, please email [email protected].