Embed Size (px)
Citation preview
Adaptive Defense
CLOSING THE GAP OF MALWARE DETECTION
24/03/2015 Audit Service 2
Index
1. The 3 factors that define
corporate IT security
2. What is Panda Adaptive
Defense?
3. Who is it Aimed to?
4. Features & Benefits
5. How does it work?
6. Customer testimonials
24/03/2015 Audit Service 3
The 3 factors that define
corporate IT security
24/03/2015 Panda Adaptive Defense 4
The 3 factors…
Increased sophistication
of malware
Ev
olu
tio
n
1998 2014
1
2
3
Evolution of corporate IT
environments
Evolution of traditional
antivirus solutions
24/03/2015 Panda Adaptive Defense 5
First factor:
Malware
Sophistication
a. Malware is increasingly sophisticated and
difficult to detect
o Increasingly complex forms of malware
o Advanced stealth capabilities
b. Evolution of infection strategies
o Prior research of targets
o Multi-staged, coordinated attacks that
use multiple vectors simultaneously
(Advanced Persistent Threats)
c. Shift in malware authors' primary motivation
o From popularity to financial benefits
Companies run their business in a much more
dangerous environment for their intellectual
assets
Ma
lwa
re E
vo
lutio
n
1998 2014
VIRUS
SPYWARE
BOTS
TROJANS
TARGETED
ATTACKS
ZERO-DAY
ATTACKS
DYNAMIC
TROJANS 100 new
samples
appear daily
1.369 new samples appear daily
Over 200,000 new samples appear daily
24/03/2015 Panda Adaptive Defense 6
Second factor:
Evolution of
corporate IT
environments
Infrastructures are harder to manage.
o BYOD.
o Roaming workers, workers at remote
offices.
o Heterogeneous systems.
o More software installed, more
vulnerabilities
Internal processes are increasingly dependent
on technologies.
IT Departments have remain unchanged or have
shrunk.
As corporate IT systems become more complex
they are more vulnerable to malware
Infrastructure
Technology dependency
IT
IT e
nv
iro
nm
en
t
ev
olu
tio
n
24/03/2015 Panda Adaptive Defense 7
Third factor:
Evolution of
traditional security
solutions
Malware volume
o MORE resources to dissect malware
o LARGER signature files
o MORE heuristic scanning
Malware complexity and danger
o MORE detection engines
o MORE infection vectors to mitigate
IT infrastructure complexity
o MORE supported platforms
o MORE protection models
(SaaS, endpoint, perimeter...)
Tra
ditio
na
l a
ntiv
iru
s
ev
olu
tio
n
1998 2014
Signature file
Detection engine
Heuristics
High memory and CPU usage
High risk of infection Complex security
management
24/03/2015 Panda Adaptive Defense 8
“Detecting attacks often takes an alarmingly
long time—46% of respondents report an
average detection time of hours or days.
Resolution once an attack has been identified
takes even longer, with 54% reporting average
resolution times of days, weeks or months.”
IDG Research, DARKReading, 2014
New Malware: Window
of Opportunity
2%
4%
7%
9%
18%
70% 75% 80% 85% 90% 95% 100%
3 meses
1 mes
7 dias
3 dias
24h
% VIRUS detectados
% VIRUS no detectados
"18% of new malware goes undetected during
the first 24 hours and 2% is still not detected three
months later."
Panda Security study on the malware window of opportunity
24 h
3 days
7 days
1 month
3 months
% VIRUS detected
% VIRUS undetected
24/03/2015 Audit Service 9
What is Panda Adaptive
Defense?
24/03/2015 Audit Service 10
Panda
Adaptive Defense
VISIBILITY DETECTION
Panda Adaptive Defense is a new security model
which can guarantee complete protection for
devices and servers by classifying 100% of the
processes running on every computer throughout the
organization and monitoring and controlling their
behavior.
More than 1.2 billion applications already classified.
Adaptive Defense new version (1.5) also includes AV
engine, adding the disinfection capability. Adaptive
Defense could even replace the company antivirus.
Forensic
information to
analyze each
attempted attack
in detail
… and traceability of
each action taken by
the applications
running on a system
… and blockage of
applications and
isolation of systems to
prevent future attacks
… and blockage of
Zero-day and targeted
attacks in real-time
without the need for
signature files
RESPONSE PREVENTION
24/03/2015 Audit Service 11
Who is it Aimed for?
24/03/2015 Adaptive Defense & Audit Service Sales
Policy 12
Focus on Key accounts
Ideally clients with more than 500 PCs (100 minimum) and concerned with security risks
Ideal for specific vertical markets:
• Large commerces (POS):
• Visibility and control with low performance impact
• Full visibility of the applications running
• Black-listing and lockdown features will be added soon
• Financial, energy and pharmaceutical sectors
• Visibility for prevention and stops custom, targeted attacks aimed at this kind of
organizations:
• Banks and financial institutions
• Insurance companies
• Fund managers
• Pharmaceutical research, …
• Government
• For government information security professionals, the challenge is to combat malicious attacks
and advanced cyber threats
24/03/2015 Audit Service 13
Features and benefits
24/03/2015 Panda Adaptive Defense 14
Detailed and configurable monitoring of running
applications
Protection of vulnerable systems
Protection of intellectual assets against targeted attacks
Forensic report
Protection
Productivity Identification and blocking of unauthorized programs
Light, easy-to-deploy solution
Management Daily and on-demand reports
Simple, centralized administration from a Web console
Better service, simpler management
24/03/2015 Panda Adaptive Defense 15
What Differentiates Adaptive Defense
* WL=Whitelisting. Bit9, Lumension, etc
** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
AV vendors WL vendors* New ATD vendors**
Detection gap Do not classify all applications
Management of WLs required Not all infection vectors covered
(i.e. USB drives)
No transparent to end-users and
admin (false positives, quarantine
administration,… ) Complex deployments required
Monitoring sandboxes is not as
effective as
monitoring real environments
Management infrastructure required Expensive work overhead involved ATD vendors do not prevent/block
attacks
24/03/2015 Panda Adaptive Defense 16
New malware detection capability* Traditional
Antivirus (25) Panda Adaptive Defense
Standard Model Extended Model
New malware blocked during the first 24 hours 82% 98,8% 100%
New malware blocked during the first 7 days 93% 100% 100%
New malware blocked during the first 3 months 98% 100% 100%
% detections by Adaptive Defense detected by no other antivirus 3,30%
Suspicious detections YES NO (no uncertainty)
File Classification Universal
Agent** Panda Adaptive Defense
Files classified automatically 60,25% 99,56%
Classification certainty level 99,928% 99,9991%
< 1 error / 100.000 files
* Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies
were not included in this study.
Adaptive Defense vs Traditional Antivirus
** Universal Agent technology is included as endpoint protection in all Panda Security solutions
24/03/2015 Audit Service 17
How does Adaptive Defense
work?
24/03/2015 Panda Adaptive Defense 18
A brand-new three phased cloud-based
security model
1st Phase:
Comprehensive monitoring of all
the actions triggered by
programs on endpoints
2nd Phase:
Analysis and correlation of all
actions monitored on customers'
systems thanks to Data Mining
and Big Data Analytics
techniques
3rd Phase:
Endpoint hardening &
enforcement: Blocking of all
suspicious or dangerous
processes, with notifications to
alert network administrators
24/03/2015 Panda Adaptive Defense 19
The endpoint protection installed on each
computer monitors all the actions triggered by
running processes. Each event is cataloged
(based on more than 2,000 characteristics) and
sent to the cloud*
o File downloads
o Software installation
o Driver creation
o Communication processes
o DLL loading
o Service creation
o Creation and deletion of files and folders
o Creation and deletion of Registry branches
o Local access to data (over 200 formats)
Phase 1: Continuous
endpoint monitoring
* It is estimated a two weeks period for full detection and
classification of current applications
24/03/2015 Panda Adaptive Defense 20
Phase 2: Big Data
Analysis
* Pattern based classification by Panda Labs with a response time of less than 24hours in average
** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running.
Information
Static
Contextual
External (3rd parties)
Controlled execution and
classification* on physical
machines
Big Data Analysis
Continuous
classification
of executable files
Trustability score
The trustability score** of each
process is recalculated based
on the dynamic behavior of
the process
The trustability score** is
recalculated based on the
new evidence received
(Retrospective Analysis)
24/03/2015 Panda Adaptive Defense 21
Phase 3: Endpoint
hardening and
enforcement
The service classifies all executable files with
near 100% accuracy (99.9991%)
Every process classified as malware is
immediately blocked
Protection against vulnerabilities
The service protects browsers and
applications such as Java, Adobe or
Microsoft Office against security flaws by
using contextual and behavioral-based rules
Data hardening
Only trusted applications are allowed to
access data and sensitive areas of the
operating system
Blocking of all unclassified processes.
All unclassified processes are prevented from
running until they are assigned an MCL
(Maximum Confidence Level) by the system.
If a process is not classified automatically, a
security expert will classify it
STA
ND
AR
D M
OD
E
EX
TEN
DED
MO
DE
24/03/2015 Global 22
Solution Architecture Adaptive Defense & other Panda Products
Collective Intelligence
Adaptive Defense Big Data
Endpoint Agent/s
Endpoint Management Console
Continuous Analysis
Continuous Exec
Classification
Adaptive Defense Agent/s
Central Management
Center
Security & IT Managers
Central Office
Other branches location
Employees Seats
Adaptive Defense Management Console
Systems Management Management Console
Systems Management Agent/s
Adaptive Defense Big Data Comms
Endpoint Protection Collective Intelligence Comms
Endpoint Protection Agents Comms
Adaptive Defense Agents Comms
Systems Management Agents Comms
Management Console Comms
24/03/2015 Audit Service 23
Customer testimonials
24/03/2015 Audit Service 24
"Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection
of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each
device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection
Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point
which we were not convinced we would be able to achieve when we began to evaluate solutions.”
Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC).
“We are highly satisfied with the quality of the service provided by Panda Security over these months.
Thanks to this innovative service for classifying applications, we can rest assured that we have real-time
blocking and warnings that protect us against advanced cyber-threats such as meta-exploits, APTs in
adware, PUPs, etc."
"After the success of this project, and thanks to the quality of the services delivered, Eulen is now
concentrating on the security of new operating systems such as Android, and as such is considering further
collaboration with Panda Security."
Thank you!
