Have you looked at Palo Alto Traps Advanced Endpoint Protection?
Because the approach we use in our Traps Advanced Endpoint Protection product can sound similar to that used by EMET, many customers ask how we differ. So lets talk about how exploits that bypass EMET still get blocked by Traps, and how Traps stops malware
that does not use an exploit and therefore cannot be blocked by EMET:
- Anti-exploit effectiveness: Traps comes with more than twice the number of exploit prevention modules (EPM). This
means that Traps blocks more exploit techniques, including techniques that are used specifically to bypass EMET. These EPMs are implemented at a lower level making them extremely difficult to bypass. Some of the modules in EMET only work on applications that
were compiled to work with EMET, whereas the Traps EPMs are enforced on any application with no dependency on application awareness.
- Self-protection mechanisms: Lets face it, many of our users have highly privileged control over their own PCs. This means
they can disable software and stop processes at will. While EMET can be easily disabled, sometimes even by an end-user with low privileges, Traps includes proprietary self-protection mechanisms that make it extremely difficult, even for a local administrator,
to disable the agent. The specifics are top-secret but lets just say that even successfully stopping the Traps related services is not going to stop us from blocking exploits.
- Application coverage: Traps can prevent exploitation of any application process. Furthermore, the agent automatically
discovers new processes being used on endpoints and populates a list in the admin console so the administrator can select the processes that should be protected. As an example, we have one customer that is using Traps to protect more than 250 applications
in addition to the hundreds that are already included in our default policy. This is compared to roughly 10 applications covered by the EMET default policy. Its also worth mentioning that Traps includes full protection for Java, including the very famous
logic-flaws in it, whereas EMET merely stops memory corruptions in Java, which are rare.
- Centralized Management: Traps is a scalable enterprise product with a centralized console for policy management and reporting.
EMET is a tool that lacks any centralized policy management and only reports to the local event log on the endpoint.
- Breadth of security layers: Traps components include anti-exploit, anti-malware, forensics, device control, application
control and WildFire cloud integration. EMET is simply an anti-exploit tool, offering a small subset of our anti-exploit features.
- Integration: Traps integrates with WildFire, a key component to our threat intelligence cloud, in order to leverage intelligence
gathered from thousands of Wildfire customers submitting over a million suspect files each day. Traps also integrates with popular SIEM solutions, Syslog, ePO, and uses an MS SQL back end.