SlideShare a Scribd company logo

Panda Security - Adaptive Defense

Panda Security
Panda Security

Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More info: http://www.pandasecurity.com/enterprise/solutions/advanced-threat-protection/

Related slideshows

20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from Symantec
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 
1 of 25
Download to read offline
Adaptive Defense CLOSING THE GAP OF MALWARE DETECTION
24/03/2015Audit Service 2 Index 1. The 3 factors that define corporate IT security 2. What is Panda Adaptive Defense? 3. Who is it Aimed to? 4. Features & Benefits 5. How does it work? 6. Customer testimonials
24/03/2015Audit Service 3 The 3 factors that define corporate IT security
24/03/2015Panda Adaptive Defense 4 The 3 factors… Increased sophistication of malware Evolution 1998 2014 1 2 3 Evolution of corporate IT environments Evolution of traditional antivirus solutions
24/03/2015Panda Adaptive Defense 5 First factor: Malware Sophistication a. Malware is increasingly sophisticated and difficult to detect o Increasingly complex forms of malware o Advanced stealth capabilities b. Evolution of infection strategies o Prior research of targets o Multi-staged, coordinated attacks that use multiple vectors simultaneously (Advanced Persistent Threats) c. Shift in malware authors' primary motivation o From popularity to financial benefits Companies run their business in a much more dangerous environment for their intellectual assets MalwareEvolution 1998 2014 VIRUS SPYWARE BOTS TROJANS TARGETED ATTACKS ZERO-DAY ATTACKS DYNAMIC TROJANS 100 new samples appear daily 1.369 new samples appear daily Over 200,000 new samples appear daily
24/03/2015Panda Adaptive Defense 6 Second factor: Evolution of corporate IT environments Infrastructures are harder to manage. o BYOD. o Roaming workers, workers at remote offices. o Heterogeneous systems. o More software installed, more vulnerabilities Internal processes are increasingly dependent on technologies. IT Departments have remain unchanged or have shrunk. As corporate IT systems become more complex they are more vulnerable to malware Infrastructure Technology dependency IT ITenvironment evolution
24/03/2015Panda Adaptive Defense 7 Third factor: Evolution of traditional security solutions Malware volume o MORE resources to dissect malware o LARGER signature files o MORE heuristic scanning Malware complexity and danger o MORE detection engines o MORE infection vectors to mitigate IT infrastructure complexity o MORE supported platforms o MORE protection models (SaaS, endpoint, perimeter...) Traditionalantivirus evolution 1998 2014 Signature file Detection engine Heuristics High memory and CPU usage High risk of infection Complex security management
24/03/2015Panda Adaptive Defense 8 “Detecting attacks often takes an alarmingly long time—46% of respondents report an average detection time of hours or days. Resolution once an attack has been identified takes even longer, with 54% reporting average resolution times of days, weeks or months.” IDG Research, DARKReading, 2014 New Malware: Window of Opportunity 2% 4% 7% 9% 18% 70% 75% 80% 85% 90% 95% 100% 3 meses 1 mes 7 dias 3 dias 24h % VIRUS detectados % VIRUS no detectados "18% of new malware goes undetected during the first 24 hours and 2% is still not detected three months later." Panda Security study on the malware window of opportunity 24 h 3 days 7 days 1 month 3 months % VIRUS detected % VIRUS undetected
24/03/2015Audit Service 9 What is Panda Adaptive Defense?
24/03/2015Audit Service 10 Panda Adaptive Defense VISIBILITY DETECTION Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. Forensic information to analyze each attempted attack in detail … and traceability of each action taken by the applications running on a system … and blockage of applications and isolation of systems to prevent future attacks … and blockage of Zero-day and targeted attacks in real-time without the need for signature files RESPONSEPREVENTION
24/03/2015Audit Service 11 Who is it Aimed for?
24/03/2015 Adaptive Defense & Audit Service Sales Policy 12 Focus on Key accounts Ideally clients with more than 500 PCs (100 minimum) and concerned with security risks Ideal for specific vertical markets: • Large commerces (POS): • Visibility and control with low performance impact • Full visibility of the applications running • Black-listing and lockdown features will be added soon • Financial, energy and pharmaceutical sectors • Visibility for prevention and stops custom, targeted attacks aimed at this kind of organizations: • Banks and financial institutions • Insurance companies • Fund managers • Pharmaceutical research, … • Government • For government information security professionals, the challenge is to combat malicious attacks and advanced cyber threats
24/03/2015Audit Service 13 Features and benefits
24/03/2015Panda Adaptive Defense 14 Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management Daily and on-demand reports Simple, centralized administration from a Web console Better service, simpler management
24/03/2015Panda Adaptive Defense 15 What Differentiates Adaptive Defense * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Management infrastructure required Expensive work overhead involved ATD vendors do not prevent/block attacks
24/03/2015Panda Adaptive Defense 16 New malware detection capability* Traditional Antivirus (25) Panda Adaptive Defense Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Panda Adaptive Defense Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
24/03/2015Audit Service 17 How does Adaptive Defense work?
24/03/2015Panda Adaptive Defense 18 A brand-new three phased cloud-based security model 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
24/03/2015Panda Adaptive Defense 19 The endpoint protection installed on each computer monitors all the actions triggered by running processes. Each event is cataloged (based on more than 2,000 characteristics) and sent to the cloud* o File downloads o Software installation o Driver creation o Communication processes o DLL loading o Service creation o Creation and deletion of files and folders o Creation and deletion of Registry branches o Local access to data (over 200 formats) Phase 1: Continuous endpoint monitoring * It is estimated a two weeks period for full detection and classification of current applications
24/03/2015Panda Adaptive Defense 20 Phase 2: Big Data Analysis * Pattern based classification by Panda Labs with a response time of less than 24hours in average ** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running. Information Static Contextual External (3rd parties) Controlled execution and classification* on physical machines Big Data Analysis Continuous classification of executable files Trustability score The trustability score** of each process is recalculated based on the dynamic behavior of the process The trustability score** is recalculated based on the new evidence received (Retrospective Analysis)
24/03/2015Panda Adaptive Defense 21 Phase 3: Endpoint hardening and enforcement The service classifies all executable files with near 100% accuracy (99.9991%) Every process classified as malware is immediately blocked Protection against vulnerabilities The service protects browsers and applications such as Java, Adobe or Microsoft Office against security flaws by using contextual and behavioral-based rules Data hardening Only trusted applications are allowed to access data and sensitive areas of the operating system Blocking of all unclassified processes. All unclassified processes are prevented from running until they are assigned an MCL (Maximum Confidence Level) by the system. If a process is not classified automatically, a security expert will classify it STANDARDMODE EXTENDEDMODE
24/03/2015Global 22 Solution Architecture Adaptive Defense & other Panda Products Collective Intelligence Adaptive Defense Big Data Endpoint Agent/s Endpoint Management Console Continuous Analysis Continuous Exec Classification Adaptive Defense Agent/s Central Management Center Security & IT Managers Central Office Other branches location Employees Seats Adaptive Defense Management Console Systems Management Management Console Systems Management Agent/s Adaptive Defense Big Data Comms Endpoint Protection Collective Intelligence Comms Endpoint Protection Agents Comms Adaptive Defense Agents Comms Systems Management Agents Comms Management Console Comms
24/03/2015Audit Service 23 Customer testimonials
24/03/2015Audit Service 24 "Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point which we were not convinced we would be able to achieve when we began to evaluate solutions.” Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC). “We are highly satisfied with the quality of the service provided by Panda Security over these months. Thanks to this innovative service for classifying applications, we can rest assured that we have real-time blocking and warnings that protect us against advanced cyber-threats such as meta-exploits, APTs in adware, PUPs, etc." "After the success of this project, and thanks to the quality of the services delivered, Eulen is now concentrating on the security of new operating systems such as Android, and as such is considering further collaboration with Panda Security."
Thank you!

More Related Content

Panda Security - Adaptive Defense

  • 1. Adaptive Defense CLOSING THE GAP OF MALWARE DETECTION
  • 2. 24/03/2015Audit Service 2 Index 1. The 3 factors that define corporate IT security 2. What is Panda Adaptive Defense? 3. Who is it Aimed to? 4. Features & Benefits 5. How does it work? 6. Customer testimonials
  • 3. 24/03/2015Audit Service 3 The 3 factors that define corporate IT security
  • 4. 24/03/2015Panda Adaptive Defense 4 The 3 factors… Increased sophistication of malware Evolution 1998 2014 1 2 3 Evolution of corporate IT environments Evolution of traditional antivirus solutions
  • 5. 24/03/2015Panda Adaptive Defense 5 First factor: Malware Sophistication a. Malware is increasingly sophisticated and difficult to detect o Increasingly complex forms of malware o Advanced stealth capabilities b. Evolution of infection strategies o Prior research of targets o Multi-staged, coordinated attacks that use multiple vectors simultaneously (Advanced Persistent Threats) c. Shift in malware authors' primary motivation o From popularity to financial benefits Companies run their business in a much more dangerous environment for their intellectual assets MalwareEvolution 1998 2014 VIRUS SPYWARE BOTS TROJANS TARGETED ATTACKS ZERO-DAY ATTACKS DYNAMIC TROJANS 100 new samples appear daily 1.369 new samples appear daily Over 200,000 new samples appear daily
  • 6. 24/03/2015Panda Adaptive Defense 6 Second factor: Evolution of corporate IT environments Infrastructures are harder to manage. o BYOD. o Roaming workers, workers at remote offices. o Heterogeneous systems. o More software installed, more vulnerabilities Internal processes are increasingly dependent on technologies. IT Departments have remain unchanged or have shrunk. As corporate IT systems become more complex they are more vulnerable to malware Infrastructure Technology dependency IT ITenvironment evolution
  • 7. 24/03/2015Panda Adaptive Defense 7 Third factor: Evolution of traditional security solutions Malware volume o MORE resources to dissect malware o LARGER signature files o MORE heuristic scanning Malware complexity and danger o MORE detection engines o MORE infection vectors to mitigate IT infrastructure complexity o MORE supported platforms o MORE protection models (SaaS, endpoint, perimeter...) Traditionalantivirus evolution 1998 2014 Signature file Detection engine Heuristics High memory and CPU usage High risk of infection Complex security management
  • 8. 24/03/2015Panda Adaptive Defense 8 “Detecting attacks often takes an alarmingly long time—46% of respondents report an average detection time of hours or days. Resolution once an attack has been identified takes even longer, with 54% reporting average resolution times of days, weeks or months.” IDG Research, DARKReading, 2014 New Malware: Window of Opportunity 2% 4% 7% 9% 18% 70% 75% 80% 85% 90% 95% 100% 3 meses 1 mes 7 dias 3 dias 24h % VIRUS detectados % VIRUS no detectados "18% of new malware goes undetected during the first 24 hours and 2% is still not detected three months later." Panda Security study on the malware window of opportunity 24 h 3 days 7 days 1 month 3 months % VIRUS detected % VIRUS undetected
  • 9. 24/03/2015Audit Service 9 What is Panda Adaptive Defense?
  • 10. 24/03/2015Audit Service 10 Panda Adaptive Defense VISIBILITY DETECTION Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. Forensic information to analyze each attempted attack in detail … and traceability of each action taken by the applications running on a system … and blockage of applications and isolation of systems to prevent future attacks … and blockage of Zero-day and targeted attacks in real-time without the need for signature files RESPONSEPREVENTION
  • 11. 24/03/2015Audit Service 11 Who is it Aimed for?
  • 12. 24/03/2015 Adaptive Defense & Audit Service Sales Policy 12 Focus on Key accounts Ideally clients with more than 500 PCs (100 minimum) and concerned with security risks Ideal for specific vertical markets: • Large commerces (POS): • Visibility and control with low performance impact • Full visibility of the applications running • Black-listing and lockdown features will be added soon • Financial, energy and pharmaceutical sectors • Visibility for prevention and stops custom, targeted attacks aimed at this kind of organizations: • Banks and financial institutions • Insurance companies • Fund managers • Pharmaceutical research, … • Government • For government information security professionals, the challenge is to combat malicious attacks and advanced cyber threats
  • 14. 24/03/2015Panda Adaptive Defense 14 Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management Daily and on-demand reports Simple, centralized administration from a Web console Better service, simpler management
  • 15. 24/03/2015Panda Adaptive Defense 15 What Differentiates Adaptive Defense * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Management infrastructure required Expensive work overhead involved ATD vendors do not prevent/block attacks
  • 16. 24/03/2015Panda Adaptive Defense 16 New malware detection capability* Traditional Antivirus (25) Panda Adaptive Defense Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Panda Adaptive Defense Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
  • 17. 24/03/2015Audit Service 17 How does Adaptive Defense work?
  • 18. 24/03/2015Panda Adaptive Defense 18 A brand-new three phased cloud-based security model 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
  • 19. 24/03/2015Panda Adaptive Defense 19 The endpoint protection installed on each computer monitors all the actions triggered by running processes. Each event is cataloged (based on more than 2,000 characteristics) and sent to the cloud* o File downloads o Software installation o Driver creation o Communication processes o DLL loading o Service creation o Creation and deletion of files and folders o Creation and deletion of Registry branches o Local access to data (over 200 formats) Phase 1: Continuous endpoint monitoring * It is estimated a two weeks period for full detection and classification of current applications
  • 20. 24/03/2015Panda Adaptive Defense 20 Phase 2: Big Data Analysis * Pattern based classification by Panda Labs with a response time of less than 24hours in average ** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running. Information Static Contextual External (3rd parties) Controlled execution and classification* on physical machines Big Data Analysis Continuous classification of executable files Trustability score The trustability score** of each process is recalculated based on the dynamic behavior of the process The trustability score** is recalculated based on the new evidence received (Retrospective Analysis)
  • 21. 24/03/2015Panda Adaptive Defense 21 Phase 3: Endpoint hardening and enforcement The service classifies all executable files with near 100% accuracy (99.9991%) Every process classified as malware is immediately blocked Protection against vulnerabilities The service protects browsers and applications such as Java, Adobe or Microsoft Office against security flaws by using contextual and behavioral-based rules Data hardening Only trusted applications are allowed to access data and sensitive areas of the operating system Blocking of all unclassified processes. All unclassified processes are prevented from running until they are assigned an MCL (Maximum Confidence Level) by the system. If a process is not classified automatically, a security expert will classify it STANDARDMODE EXTENDEDMODE
  • 22. 24/03/2015Global 22 Solution Architecture Adaptive Defense & other Panda Products Collective Intelligence Adaptive Defense Big Data Endpoint Agent/s Endpoint Management Console Continuous Analysis Continuous Exec Classification Adaptive Defense Agent/s Central Management Center Security & IT Managers Central Office Other branches location Employees Seats Adaptive Defense Management Console Systems Management Management Console Systems Management Agent/s Adaptive Defense Big Data Comms Endpoint Protection Collective Intelligence Comms Endpoint Protection Agents Comms Adaptive Defense Agents Comms Systems Management Agents Comms Management Console Comms
  • 24. 24/03/2015Audit Service 24 "Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point which we were not convinced we would be able to achieve when we began to evaluate solutions.” Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC). “We are highly satisfied with the quality of the service provided by Panda Security over these months. Thanks to this innovative service for classifying applications, we can rest assured that we have real-time blocking and warnings that protect us against advanced cyber-threats such as meta-exploits, APTs in adware, PUPs, etc." "After the success of this project, and thanks to the quality of the services delivered, Eulen is now concentrating on the security of new operating systems such as Android, and as such is considering further collaboration with Panda Security."