Post on 12-Apr-2017
FIND THE ANSWERS, SOLVE THE PROBLEM
Index
1. Adapting Security Needs
2. Adaptive Defense 360
3. Features & Benefits
4. How does it work?
5. Customer testimonials
14/09/2015 Adaptive Defense 360 2
Adapting to New Security Needs
14/09/2015 Adaptive Defense 360 3
14/09/2015 Adaptive Defense 360 4
From Protection only…
Protection is a must, but how solid is your protection?
All organizations, large and small, are
being targeted and most protection layers are eventually breached.
They also thought
they were protected…
14/09/2015 Adaptive Defense 360 5
… to Protection plus
Detection, Response
and Remediation
Organizations need to Prevent attacks and they need react if the prevention fails by setting mechanisms to:
- Proactively detect security attacks
- Gather the necessary information to respond effectively to the security breach
- Apply remediation actions automatically to minimize the impact and scope of the infection
14/09/2015 Adaptive Defense 360 6
Understand and Follow
the Information Flow
In the era of BYOD, distributed and remote
offices or Cloud solutions, setting information
flow control rules is no longer a feasible option.
There is a need to shift from control to
understand and follow the information flow;
who, how and when the information is
accessed and it flows within and outside your
organization.
14/09/2015 Adaptive Defense 360 7
Minimize Friction with
Business Operations
• What really matters is your
business
• Tight security measures can
suffocate employees daily
operations
• Security shouldn’t be a stopper
but a facilitator
• Users demand no interference in
their daily tasks and IT
administrators better security
with less hassle
What is Panda Adaptive Defense
360?
14/09/2015 Adaptive Defense 360 8
14/09/2015 Adaptive Defense 360 9
Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution
Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities
The EDR capabilities relies on a new security model which can guarantee complete protection for devices
and servers by classifying 100% of the processes running on every computer throughout the organization
and monitoring and controlling their behavior.
More than 1.2 billion applications already classified.
Automated malware removal to reduce burden on administrators
Block non-goodware applications and exploits to prevent future attacks
Forensic information for in-depth analysis of every attempted attack.
Targeted and zero-day attacks are blocked in real-time without signature files
Features and benefits
14/09/2015 Adaptive Defense 360 10
Protection of intellectual assets against targeted
attacks
Web & Mail (Exchange) Filtering
Device Control
Data access and transmission monitoring for
applications
Forensic report
14/09/2015 Adaptive Defense 360 11
Protection
Productivity & Management
Detection &
Response
Light, easy-to-deploy solution
Daily and on-demand reports
Simple, centralized administration from a
Web console
Total transparency for the user
Better service, simpler management
Continuous monitoring and analysis of running
applications
Protection of vulnerable
systems
Antivirus/Antimalware
Personal Firewall
How does Adaptive Defense 360
work?
14/09/2015 Adaptive Defense 360 12
14/09/2015 Adaptive Defense 360 13
Combining Panda’s EPP and EDR capabilities
Adaptive Defense 360 are 2 solutions in a single console.
Adaptive Defense 360 starts with Panda’s best-of-breed EPP solution (Endpoint Protection
Plus) and adds the EDR capabilities of Adaptive Defense in order to protect against zero-
day and targeted attacks that take advantage of the ‘window of opportunity for
malware”.
14/09/2015 Adaptive Defense 360 14
The best Endpoint
Protection
Covers all infection vectors in Windows, Linux, Mac
OS X and Android devices
Prevention technologies
• Browsing, email and file system protection
• Control of devices connected to the PC
Security on all platforms.
• Windows (from 2000 to 10)
• Linux (Ubuntu certified, Red Hat, Debian,
OpenSuse and Suse)*
• Mac OS X (10.6 – 10.10)*
• Android (from 2.3)*
• Virtual engines (WMware, Virtual PC, MS Hyper-V,
Citrix)
Cross-platform security
Monitors and filters Web traffic and spam, allowing
companies to focus on their business and forget
about unproductive employee behavior
Website monitoring and filtering
• Increases business productivity
• Monitors Web browsing
• Select the Web categories you consider
dangerous or unproductive during working hours
• Compatible with any Web browser
No more saturated inboxes
• Reduces the attack surface in Exchange servers
through content filtering
• Increases security and user productivity with the
anti-malware and anti-spam engine, blocking
junk mail and malicious messages
Maximum productivity
* Only endpoint protection, EDR not supported on these platforms
A three phased cloud security model for
Endpoint Detection and Response
14/09/2015 Adaptive Defense 360 15
1st Phase:
Comprehensive monitoring of all
the actions triggered by
programs on endpoints
2nd Phase:
Analysis and correlation of all
actions monitored on customers'
systems thanks to Data Mining
and Big Data Analytics
techniques
3rd Phase:
Endpoint hardening &
enforcement: Blocking of all
suspicious or dangerous
processes, with notifications to
alert network administrators
Differentiation
14/09/2015 Adaptive Defense 360 16
Key Differentiators
The only offering to include Endpoint Defense & Response and Endpoint Protection Platform capabilities
Categorizes all running processes on the endpoint minimizing risk of unknown malware
• Continuous monitoring and attestation of all processes fills the detection gap of AV products
Automated investigation of events significantly reduces manual intervention by the security team
• Machine learning and collective intelligence in the cloud, and manual check from PandaLabs Experts definitively identifies goodware & blocks malware
Integrated remediation of identified malware
• Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity
Minimal endpoint performance impact (5%)
14/09/2015 Adaptive Defense 360 17
14/09/2015 Adaptive Defense 360 18
What Differentiates Adaptive Defense 360
* WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
AV vendors WL vendors* New ATD vendors**
Lack of proactive detection Do not classify all applications
Management of WLs required
Not all infection vectors covered
(i.e. USB drives)
Interference to end-users and
more hassle for admin (false
positives, quarantine
administration,… )
Complex deployments required
Monitoring sandboxes is not as
effective as
monitoring real environments
No traceability for forensic
information
Expensive work overhead involved
ATD vendors do not
prevent/block attacks
No protection against
vulnerable applicatons
External solution or manual
intervention needed for
remediation
14/09/2015 Adaptive Defense 360 19
New malware detection capability* Traditional
Antivirus (25) Panda Adaptive Defense 360
New malware blocked during… Deep-hardening Mode
the first 24 hours 82% 99%
the first 7 days 93% 100%
the first 3 months 98% 100%
Suspicious detections YES NO (no uncertainty)
* Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies
were not included in this study. ** Using the Universal Agent technology included as endpoint protection in all Panda Security
solutions.
Adaptive Defense 360 above and beyond AVs
+1,2 billion applications already
categorized
Malware detected in 100% of deployments
regardless of the existing protection
mechanisms
+100,000 endpoints and servers protected
+200,000 security breaches mitigated in
the past year
+230,000 hours of IT resources saved
estimated cost reduction of 14,2M€*
14/09/2015 Adaptive Defense 360 20
Adaptive Defense in
figures
* Based on average time and cost estimations from
Ponemom Institute report on Cost of Cybercrime Oct-2014
Customer testimonials
14/09/2015 Adaptive Defense 360 21
"Panda Adaptive Defense is a managed security solution that allows us to guarantee complete protection
of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each
device. We can also offer forensic analysis services to customers on request.“ "Panda Advanced Protection
Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point
which we were not convinced we would be able to achieve when we began to evaluate solutions.”
Alfonso Martín Palma, Senior Manager of the Indra Cybersecurity Operations Center (i-CSOC).
"After the success of this project, and thanks to the quality of the services delivered, Eulen is now
concentrating on the security of new operating systems such as Android, and as such is considering further
collaboration with Panda Security."
14/09/2015 Adaptive Defense 360 22
Thank you!
14/09/2015 Adaptive Defense 360 24
The endpoint protection installed on each
computer monitors all the actions triggered by
running processes. Each event is cataloged
(based on more than 2,000 characteristics) and
sent to the cloud*
• File downloads
• Software installation
• Driver creation
• Communication processes
• DLL loading
• Service creation
• Creation and deletion of files and folders
• Creation and deletion of Registry branches
• Local access to data (over 200 formats)
Phase 1: Continuous
endpoint monitoring
* It is estimated a two weeks period for full detection and
classification of current applications
14/09/2015 Adaptive Defense 360
Phase 2: Big Data
Analysis
* Pattern based classification by Panda Labs with a response time of less than 24hours in average
** The trustability score determines whether or not a process is trusted. If a process is not trusted, it will be prevented from running.
Information
Static
Contextual
External (3rd parties)
Controlled execution and classification* on physical
machines
Big Data Analysis
Continuous classification of executable files
Trustability score
The trustability score** of
each process is recalculated based on
the dynamic behavior of the process
The trustability score** is recalculated based on
the new evidence received (Retrospective
Analysis)
25 25
14/09/2015 Adaptive Defense 360 26
Phase 3: Endpoint
hardening and
enforcement
The service classifies all executable files with
near 100% accuracy (99.9991%)
Every process classified as malware is
immediately blocked.
Protection against vulnerabilities
The service protects browsers and
applications such as Java, Adobe or
Microsoft Office against security flaws by
using contextual and behavioral-based rules.
Data hardening
Only trusted applications are allowed to
access data and sensitive areas of the
operating system.
Blocking of all unclassified processes.
All unclassified processes are prevented from
running until they are assigned an MCL
(Maximum Confidence Level) by the system.
If a process is not classified automatically, a
security expert will classify it.
STA
ND
AR
D M
OD
E
EX
TEN
DED
MO
DE