Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior.
More info: http://www.pandasecurity.com/enterprise/solutions/advanced-threat-protection/
2. 24/03/2015Audit Service 2
Index
1. The 3 factors that define
corporate IT security
2. What is Panda Adaptive
Defense?
3. Who is it Aimed to?
4. Features & Benefits
5. How does it work?
6. Customer testimonials
4. 24/03/2015Panda Adaptive Defense 4
The 3 factors…
Increased sophistication
of malware
Evolution
1998 2014
1
2
3
Evolution of corporate IT
environments
Evolution of traditional
antivirus solutions
5. 24/03/2015Panda Adaptive Defense 5
First factor:
Malware
Sophistication
a. Malware is increasingly sophisticated and
difficult to detect
o Increasingly complex forms of malware
o Advanced stealth capabilities
b. Evolution of infection strategies
o Prior research of targets
o Multi-staged, coordinated attacks that
use multiple vectors simultaneously
(Advanced Persistent Threats)
c. Shift in malware authors' primary motivation
o From popularity to financial benefits
Companies run their business in a much more
dangerous environment for their intellectual
assets
MalwareEvolution
1998 2014
VIRUS
SPYWARE
BOTS
TROJANS
TARGETED
ATTACKS
ZERO-DAY
ATTACKS
DYNAMIC
TROJANS
100 new
samples
appear daily
1.369 new
samples
appear daily
Over 200,000
new samples
appear daily
6. 24/03/2015Panda Adaptive Defense 6
Second factor:
Evolution of
corporate IT
environments
Infrastructures are harder to manage.
o BYOD.
o Roaming workers, workers at remote
offices.
o Heterogeneous systems.
o More software installed, more
vulnerabilities
Internal processes are increasingly dependent
on technologies.
IT Departments have remain unchanged or have
shrunk.
As corporate IT systems become more complex
they are more vulnerable to malware
Infrastructure
Technology dependency
IT
ITenvironment
evolution
7. 24/03/2015Panda Adaptive Defense 7
Third factor:
Evolution of
traditional security
solutions
Malware volume
o MORE resources to dissect malware
o LARGER signature files
o MORE heuristic scanning
Malware complexity and danger
o MORE detection engines
o MORE infection vectors to mitigate
IT infrastructure complexity
o MORE supported platforms
o MORE protection models
(SaaS, endpoint, perimeter...)
Traditionalantivirus
evolution
1998 2014
Signature file
Detection engine
Heuristics
High memory and CPU
usage
High risk of infection
Complex security
management
8. 24/03/2015Panda Adaptive Defense 8
“Detecting attacks often takes an alarmingly
long time—46% of respondents report an
average detection time of hours or days.
Resolution once an attack has been identified
takes even longer, with 54% reporting average
resolution times of days, weeks or months.”
IDG Research, DARKReading, 2014
New Malware: Window
of Opportunity
2%
4%
7%
9%
18%
70% 75% 80% 85% 90% 95% 100%
3 meses
1 mes
7 dias
3 dias
24h
% VIRUS detectados
% VIRUS no detectados
"18% of new malware goes undetected during
the first 24 hours and 2% is still not detected three
months later."
Panda Security study on the malware window of opportunity
24 h
3 days
7 days
1 month
3 months
% VIRUS detected
% VIRUS undetected
10. 24/03/2015Audit Service 10
Panda
Adaptive Defense
VISIBILITY DETECTION
Panda Adaptive Defense is a new security model
which can guarantee complete protection for
devices and servers by classifying 100% of the
processes running on every computer throughout the
organization and monitoring and controlling their
behavior.
More than 1.2 billion applications already classified.
Adaptive Defense new version (1.5) also includes AV
engine, adding the disinfection capability. Adaptive
Defense could even replace the company antivirus.
Forensic
information to
analyze each
attempted attack
in detail
… and traceability of
each action taken by
the applications
running on a system
… and blockage of
applications and
isolation of systems to
prevent future attacks
… and blockage of
Zero-day and targeted
attacks in real-time
without the need for
signature files
RESPONSEPREVENTION
12. 24/03/2015
Adaptive Defense & Audit Service Sales
Policy
12
Focus on Key accounts
Ideally clients with more than 500 PCs (100 minimum) and concerned with security risks
Ideal for specific vertical markets:
• Large commerces (POS):
• Visibility and control with low performance impact
• Full visibility of the applications running
• Black-listing and lockdown features will be added soon
• Financial, energy and pharmaceutical sectors
• Visibility for prevention and stops custom, targeted attacks aimed at this kind of
organizations:
• Banks and financial institutions
• Insurance companies
• Fund managers
• Pharmaceutical research, …
• Government
• For government information security professionals, the challenge is to combat malicious attacks
and advanced cyber threats
14. 24/03/2015Panda Adaptive Defense 14
Detailed and configurable monitoring of running
applications
Protection of vulnerable systems
Protection of intellectual assets against targeted attacks
Forensic report
Protection
Productivity Identification and blocking of unauthorized programs
Light, easy-to-deploy solution
Management Daily and on-demand reports
Simple, centralized administration from a Web console
Better service, simpler management
15. 24/03/2015Panda Adaptive Defense 15
What Differentiates Adaptive Defense
* WL=Whitelisting. Bit9, Lumension, etc
** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
AV vendors WL vendors* New ATD vendors**
Detection gap
Do not classify all applications
Management of WLs required
Not all infection vectors covered
(i.e. USB drives)
No transparent to end-users and
admin (false positives, quarantine
administration,… )
Complex deployments required
Monitoring sandboxes is not as
effective as
monitoring real environments
Management infrastructure required Expensive work overhead involved
ATD vendors do not prevent/block
attacks
16. 24/03/2015Panda Adaptive Defense 16
New malware detection capability*
Traditional
Antivirus (25)
Panda Adaptive Defense
Standard Model Extended Model
New malware blocked during the first 24 hours 82% 98,8% 100%
New malware blocked during the first 7 days 93% 100% 100%
New malware blocked during the first 3 months 98% 100% 100%
% detections by Adaptive Defense detected by no other antivirus 3,30%
Suspicious detections YES NO (no uncertainty)
File Classification
Universal
Agent**
Panda Adaptive Defense
Files classified automatically 60,25% 99,56%
Classification certainty level 99,928% 99,9991%
< 1 error / 100.000 files
* Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies
were not included in this study.
Adaptive Defense vs Traditional Antivirus
** Universal Agent technology is included as endpoint protection in all Panda Security solutions
18. 24/03/2015Panda Adaptive Defense 18
A brand-new three phased cloud-based
security model
1st Phase:
Comprehensive monitoring of all
the actions triggered by
programs on endpoints
2nd Phase:
Analysis and correlation of all
actions monitored on customers'
systems thanks to Data Mining
and Big Data Analytics
techniques
3rd Phase:
Endpoint hardening &
enforcement: Blocking of all
suspicious or dangerous
processes, with notifications to
alert network administrators
19. 24/03/2015Panda Adaptive Defense 19
The endpoint protection installed on each
computer monitors all the actions triggered by
running processes. Each event is cataloged
(based on more than 2,000 characteristics) and
sent to the cloud*
o File downloads
o Software installation
o Driver creation
o Communication processes
o DLL loading
o Service creation
o Creation and deletion of files and folders
o Creation and deletion of Registry branches
o Local access to data (over 200 formats)
Phase 1: Continuous
endpoint monitoring
* It is estimated a two weeks period for full detection and
classification of current applications
20. 24/03/2015Panda Adaptive Defense 20
Phase 2: Big Data
Analysis
* Pattern based classification by Panda Labs with a response time of less than 24hours in average
** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running.
Information
Static
Contextual
External (3rd parties)
Controlled execution and
classification* on physical
machines
Big Data Analysis
Continuous
classification
of executable files
Trustability score
The trustability score** of each
process is recalculated based
on the dynamic behavior of
the process
The trustability score** is
recalculated based on the
new evidence received
(Retrospective Analysis)
21. 24/03/2015Panda Adaptive Defense 21
Phase 3: Endpoint
hardening and
enforcement
The service classifies all executable files with
near 100% accuracy (99.9991%)
Every process classified as malware is
immediately blocked
Protection against vulnerabilities
The service protects browsers and
applications such as Java, Adobe or
Microsoft Office against security flaws by
using contextual and behavioral-based rules
Data hardening
Only trusted applications are allowed to
access data and sensitive areas of the
operating system
Blocking of all unclassified processes.
All unclassified processes are prevented from
running until they are assigned an MCL
(Maximum Confidence Level) by the system.
If a process is not classified automatically, a
security expert will classify it
STANDARDMODE
EXTENDEDMODE
22. 24/03/2015Global 22
Solution Architecture
Adaptive Defense & other Panda Products
Collective
Intelligence
Adaptive Defense
Big Data
Endpoint
Agent/s
Endpoint
Management
Console
Continuous Analysis
Continuous Exec
Classification
Adaptive
Defense
Agent/s
Central
Management
Center
Security & IT
Managers
Central Office
Other
branches
location
Employees
Seats
Adaptive
Defense
Management
Console
Systems
Management
Management
Console
Systems
Management
Agent/s
Adaptive
Defense
Big Data
Comms
Endpoint Protection
Collective
Intelligence
Comms
Endpoint
Protection
Agents
Comms
Adaptive
Defense
Agents
Comms
Systems Management
Agents
Comms
Management
Console
Comms
24. 24/03/2015Audit Service 24
"Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection
of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each
device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection
Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point
which we were not convinced we would be able to achieve when we began to evaluate solutions.”
Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC).
“We are highly satisfied with the quality of the service provided by Panda Security over these months.
Thanks to this innovative service for classifying applications, we can rest assured that we have real-time
blocking and warnings that protect us against advanced cyber-threats such as meta-exploits, APTs in
adware, PUPs, etc."
"After the success of this project, and thanks to the quality of the services delivered, Eulen is now
concentrating on the security of new operating systems such as Android, and as such is considering further
collaboration with Panda Security."