Panda Security - Adaptive Defense 360

FIND THE ANSWERS, SOLVE THE PROBLEM

Index

1. Adapting Security Needs

2. Adaptive Defense 360

3. Features & Benefits

4. How does it work?

5. Customer testimonials

14/09/2015 Adaptive Defense 360 2

Adapting to New Security Needs



From Protection only…

Protection is a must, but how solid is your protection?

All organizations, large and small, are

being targeted and most protection layers are eventually breached.

They also thought

they were protected…


… to Protection plus

Detection, Response

and Remediation

Organizations need to Prevent attacks and they need react if the prevention fails by setting mechanisms to:

- Proactively detect security attacks

- Gather the necessary information to respond effectively to the security breach

- Apply remediation actions automatically to minimize the impact and scope of the infection


Understand and Follow

the Information Flow

In the era of BYOD, distributed and remote

offices or Cloud solutions, setting information

flow control rules is no longer a feasible option.

There is a need to shift from control to

understand and follow the information flow;

who, how and when the information is

accessed and it flows within and outside your

organization.


Minimize Friction with

Business Operations

• What really matters is your

business

• Tight security measures can

suffocate employees daily

operations

• Security shouldn’t be a stopper

but a facilitator

• Users demand no interference in

their daily tasks and IT

administrators better security

with less hassle

What is Panda Adaptive Defense

360?



Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution

Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities

The EDR capabilities relies on a new security model which can guarantee complete protection for devices

and servers by classifying 100% of the processes running on every computer throughout the organization

and monitoring and controlling their behavior.

More than 1.2 billion applications already classified.

Automated malware removal to reduce burden on administrators

Block non-goodware applications and exploits to prevent future attacks

Forensic information for in-depth analysis of every attempted attack.

Targeted and zero-day attacks are blocked in real-time without signature files

Features and benefits


Protection of intellectual assets against targeted

attacks

Web & Mail (Exchange) Filtering

Device Control

Data access and transmission monitoring for

applications

Forensic report


Protection

Productivity & Management

Detection &

Response

Light, easy-to-deploy solution

Daily and on-demand reports

Simple, centralized administration from a

Web console

Total transparency for the user

Better service, simpler management

Continuous monitoring and analysis of running

applications

Protection of vulnerable

systems

Antivirus/Antimalware

Personal Firewall

How does Adaptive Defense 360

work?



Combining Panda’s EPP and EDR capabilities

Adaptive Defense 360 are 2 solutions in a single console.

Adaptive Defense 360 starts with Panda’s best-of-breed EPP solution (Endpoint Protection

Plus) and adds the EDR capabilities of Adaptive Defense in order to protect against zero-

day and targeted attacks that take advantage of the ‘window of opportunity for

malware”.


The best Endpoint

Protection

Covers all infection vectors in Windows, Linux, Mac

OS X and Android devices

Prevention technologies

• Browsing, email and file system protection

• Control of devices connected to the PC

Security on all platforms.

• Windows (from 2000 to 10)

• Linux (Ubuntu certified, Red Hat, Debian,

OpenSuse and Suse)*

• Mac OS X (10.6 – 10.10)*

• Android (from 2.3)*

• Virtual engines (WMware, Virtual PC, MS Hyper-V,

Citrix)

Cross-platform security

Monitors and filters Web traffic and spam, allowing

companies to focus on their business and forget

about unproductive employee behavior

Website monitoring and filtering

• Increases business productivity

• Monitors Web browsing

• Select the Web categories you consider

dangerous or unproductive during working hours

• Compatible with any Web browser

No more saturated inboxes

• Reduces the attack surface in Exchange servers

through content filtering

• Increases security and user productivity with the

anti-malware and anti-spam engine, blocking

junk mail and malicious messages

Maximum productivity

* Only endpoint protection, EDR not supported on these platforms

A three phased cloud security model for

Endpoint Detection and Response


1st Phase:

Comprehensive monitoring of all

the actions triggered by

programs on endpoints

2nd Phase:

Analysis and correlation of all

actions monitored on customers'

systems thanks to Data Mining

and Big Data Analytics

techniques

3rd Phase:

Endpoint hardening &

enforcement: Blocking of all

suspicious or dangerous

processes, with notifications to

alert network administrators

Differentiation


Key Differentiators

The only offering to include Endpoint Defense & Response and Endpoint Protection Platform capabilities

Categorizes all running processes on the endpoint minimizing risk of unknown malware

• Continuous monitoring and attestation of all processes fills the detection gap of AV products

Automated investigation of events significantly reduces manual intervention by the security team

• Machine learning and collective intelligence in the cloud, and manual check from PandaLabs Experts definitively identifies goodware & blocks malware

Integrated remediation of identified malware

• Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity

Minimal endpoint performance impact (5%)



What Differentiates Adaptive Defense 360

* WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc

AV vendors WL vendors* New ATD vendors**

Lack of proactive detection Do not classify all applications

Management of WLs required

Not all infection vectors covered

(i.e. USB drives)

Interference to end-users and

more hassle for admin (false

positives, quarantine

administration,… )

Complex deployments required

Monitoring sandboxes is not as

effective as

monitoring real environments

No traceability for forensic

information

Expensive work overhead involved

ATD vendors do not

prevent/block attacks

No protection against

vulnerable applicatons

External solution or manual

intervention needed for

remediation


New malware detection capability* Traditional

Antivirus (25) Panda Adaptive Defense 360

New malware blocked during… Deep-hardening Mode

the first 24 hours 82% 99%

the first 7 days 93% 100%

the first 3 months 98% 100%

Suspicious detections YES NO (no uncertainty)

* Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies

were not included in this study. ** Using the Universal Agent technology included as endpoint protection in all Panda Security

solutions.

Adaptive Defense 360 above and beyond AVs

+1,2 billion applications already

categorized

Malware detected in 100% of deployments

regardless of the existing protection

mechanisms

+100,000 endpoints and servers protected

+200,000 security breaches mitigated in

the past year

+230,000 hours of IT resources saved

estimated cost reduction of 14,2M€*


Adaptive Defense in

figures

* Based on average time and cost estimations from

Ponemom Institute report on Cost of Cybercrime Oct-2014

Customer testimonials


"Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection

of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each

device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection

Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point

which we were not convinced we would be able to achieve when we began to evaluate solutions.”

Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC).

"After the success of this project, and thanks to the quality of the services delivered, Eulen is now

concentrating on the security of new operating systems such as Android, and as such is considering further

collaboration with Panda Security."


Thank you!


The endpoint protection installed on each

computer monitors all the actions triggered by

running processes. Each event is cataloged

(based on more than 2,000 characteristics) and

sent to the cloud*

• File downloads

• Software installation

• Driver creation

• Communication processes

• DLL loading

• Service creation

• Creation and deletion of files and folders

• Creation and deletion of Registry branches

• Local access to data (over 200 formats)

Phase 1: Continuous

endpoint monitoring

* It is estimated a two weeks period for full detection and

classification of current applications

14/09/2015 Adaptive Defense 360

Phase 2: Big Data

Analysis

* Pattern based classification by Panda Labs with a response time of less than 24hours in average

** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running.

Information

Static

Contextual

External (3rd parties)

Controlled execution and classification* on physical

machines

Big Data Analysis

Continuous classification of executable files

Trustability score

The trustability score** of

each process is recalculated based on

the dynamic behavior of the process

The trustability score** is recalculated based on

the new evidence received (Retrospective

Analysis)

25 25


Phase 3: Endpoint

hardening and

enforcement

The service classifies all executable files with

near 100% accuracy (99.9991%)

Every process classified as malware is

immediately blocked.

Protection against vulnerabilities

The service protects browsers and

applications such as Java, Adobe or

Microsoft Office against security flaws by

using contextual and behavioral-based rules.

Data hardening

Only trusted applications are allowed to

access data and sensitive areas of the

operating system.

Blocking of all unclassified processes.

All unclassified processes are prevented from

running until they are assigned an MCL

(Maximum Confidence Level) by the system.

If a process is not classified automatically, a

security expert will classify it.

STA

ND

AR

D M

OD

E

EX

TEN

DED

MO

DE