advanced security for the endpointpartnernews.pandasecurity.com/za/src/uploads/2019/... ·...
TRANSCRIPT
pandasecurity.com
Advanced Security for the EndpointPanda Security – Building Resilient Organisations
Panda Security
29 Years of Endpoint Security Innovation
1990 2003 2015 2019
Lowest
HighestPr
otec
tion
Leve
l
Protection Methods
Protection CoverageFile-Based Fileless Malwareless
Known viruses
Unknown viruses
Unknown malwarebehaviour
Known malwareKnown goodwareUnknown malwareUnknown goodware
Living-off-the-Landattacks
Known andUnknown humanmalicious activity
Data Privacy Sensitive information
Signatures
Heuristics
Behaviour Analysis
100% AttestationContext-based behaviour analysis
Dynamic Anti-ExploitContext-based behaviour analysis
Threat Hunting& Investigation
Data Control
BaselineIntegrated
ServicesIncremental updates
Automated Malware Analysis
100% Attestation Service(Automation by ML)
SAAS Console
Threat Hunting &Investigation Service
Data Classification
2017
The State of Cybersecurity
Panda Security
More Attacks, and More Complexity
Panda Security
The increasing sophistication of cyber-attacks
MalwareExecutable filesFileless threats
ExploitsMalicious code-
embeddedScript-based attacks
InsidersImproper use of
credentialsData loss
Hacking Attacks
Lateral movementCoordinated attacks
Panda Security
The endpoint is the target
Attackers need to reach an endpoint.
From there they can hit other targets, steal sensitive information and credentials, gather intelligence, or launch new attacks.
% of incidents by target
Panda Security
The figure shows how the percentage of breaches where time to compromise/time to discovery was days or less, is increasing.
Attackers aremore efficient nowthan ever before
Time toDiscover
Time toCompromise
The Gap is Getting Wider
Panda Security
Cybersecurity Skills Crisis
(3)CSIS (Center for Strategic and International Studies)(4)451 Research study
(3)Forbes, “One Million Cybersecurity Job Openings in 2016”(4)Security Magazine, “How Cybersecurity Education Aims to Fill the Talent Gap”VentureBeat, “Digital organizations face a huge cybersecurity skills gap”
When hiring, they are unsure of what skills are most important.(4)
What are organisations reporting?A lack of Cybersecurity expertise(3)
Even if they have the budget to close the gap, there is a shortage of Cybersecurity experts
Cybersecurity market grows to
$170 billion by 2020 (3)
1.5million UNFILLEDcybersecurity positions globally by 2020 (4)
Predictions for 2020
34,5% 82% in their teams in the industry
Panda Security
Security solutions delegate decisions
Only 4% of alerts are ever investigated.
“Two-thirds of the time spent by security staff responding to malware alerts is wastedbecause of faulty intelligence”
“It costs organisations an average of $1.27 million annually in time wasted responding to erroneous or inaccurate malware alerts”
Source: EMA
Unchecked Risk Alerts
Adaptive Defense 360 -A new security model
Panda Security
EPP + EDR, Managed services-as-features on a single, cloud-first architecture and a single lightweight agent
Panda Security
The Current Model The current model is based on the isolated detection of known malicious processes, which means:
• All suspicious activity must beinvestigated on a case-by-casebasis.
• Unknown processes are allowed.That’s why hackers can work aroundthese systems so easily and theirsuccess rate is so high.
Suspicious
Malware
Unknown
More risk
More effort
Suspicious items need to be investigated by customers.Unknowns are allowed to run.
Panda Security
The Panda Adaptive Defense Approach
Based on the classification of all running processes on your network.
• Every program’s activity is monitored andanalysed in real time.
• All behaviour is verified by the managedservice. The administrator does not haveto investigate anything.
Maximum level of protection, less effort, and no risk.
Suspicious
Malware
Unknown
Zero Risk
Goodware
All processes are classified
Managed Service
Service managed by real-time visibility and forensic analysis
100% Attestation Service
Panda Security
Panda Adaptive Defense 360Panda Adaptive Defense 360 is a cloud-based endpoint cybersecurity solution that automates the prevention, detection and remediation tasks, drastically reducing the attack surface at the endpoints.
It combines a full-stack of EPP and EDR capabilities in a single light agent. On top of that, two unique Managed Services-as-Features, included in the solution:
100% Attestation Service Threat Hunting and Investigation Service
Containment, Response. Attack surface reduction Automates containment, remediation and forensics, enabling actions to reduce the attack surface
Prevention, Detection and ResponseIn a single lightweight agent. Real-Time visibility of all endpoint activity
Threat Hunting and Investigation Service
Led by Panda Security and MSSP’ threat hunters. It enables discovery of new malwareless threat techniques
100% Attestation service
Denies unknown process execution until classified by ML/Experts in near real-time. Maximum prevention & Detection
Panda Security
What is the 100% Attestation Service?Result: Malware is prevented from running Endpoints are not damaged by malware
For each binary: 10,000 attributes
Behavioural, Static and Context Cloud-based ML determines the nature of binaries
in real-time
All binaries are classified (MW/GW)
The Service classifies 100% of them
That is why endpoints are not infected by malware
Cloud-based Collective IntelligenceLive repository of MW&GW
No added or hidden
costs
No delegation
No over-whelming
alerts
The Service is part of the solution:
Panda Security
Cloud-based Machine LearningA means to an end: Classify 100% of processes and with scalability.
• The model implements a broad set of algorithms from the simplest, such as similarity algorithms and decision trees to the most complex, such as neural networks, deep learning models.
• Thousands of flags are used in input by the models varying from static, to behavioural, context-executing based ones
• Our cloud-based ML, the RANKER, is actually an ensemble of models. Each one designed to predict the classification of each process with algorithms of different nature working with a set of flags.
• The final verdict is a weighting of the partial results.
• The ensemble model maximises the accuracy and confidence of the ML results, where 0 false-positive and maximum confidence are prerequisites
Panda Security
How the 100% Attestation Service worksA sequence of technologies to classify 100% of processes, only allowing those certified by Panda to run
Technology Step 1Black Listing
Step 2White Listing
Step 3ML Classification
Step 4Manual Classification
Detects
Based on
Results
1As of 2019
Customers
Local Technologies:
Signatures, Heuristics Behaviour
analysis, Anti-exploit…
Events Stream
Events StorageHistoric Timeline
Cloud Platform
Panda Security
Technology Step 1Black Listing
Step 2White Listing
Step 3ML Classification
Step 4Manual Classification
Detects Known Malware Known Goodware
Based on Collective Intelligence2.3 Billion 1 Known MW
Collective Intelligence3.2 Billion 1 Known GW
Results 73,31% Automatic classification
Events Stream
Cloud-based lookup
1As of 2019
Customers
Local Technologies:
Signatures, Heuristics Behaviour
analysis, Anti-exploit…
How the 100% Attestation Service worksA sequence of technologies to classify 100% of processes, only allowing those certified by Panda to run
Cloud Platform
Events StorageHistoric Timeline
Technology Step 1Black Listing
Step 2White Listing
Step 3ML Classification
Step 4Manual Classification
Detects Known Malware Known Goodware Unknown Processes New Attack Patterns
Based on Collective Intelligence2.3 Billion 1 Known MW
Collective Intelligence3.2 Billion 1 Known GW
AD: Cloud-Based Machine Learning AD: Malware Analysts
Results 73,31% Automatic classification 99.98% Automaticclassification
100% classification+0.02% Manual
Events Stream
Cloud-based lookup
Panda Security
1As of 2019
Customers
Local Technologies:
Signatures, Heuristics Behaviour
analysis, Anti-exploit…
How the 100% Attestation Service worksA sequence of technologies to classify 100% of processes, only allowing those certified by Panda to run
Cloud Platform
Events StorageHistoric Timeline
Technology Step 1Black Listing
Step 2White Listing
Step 3ML Classification
Step 4Manual Classification
Detects Known Malware Known Goodware Unknown Processes New Attack Patterns
Based on Collective Intelligence2.3 Billion 1 Known MW
Collective Intelligence3.2 Billion 1 Known GW
AD: Cloud-Based Machine Learning AD: Malware Analysts
Results 73,31% Automatic classification 99.98% Automaticclassification
100% classification+0.02% Manual
Events Stream
Cloud-based lookup
c
Panda Security
1As of 2019
Customers
Local Technologies:
Signatures, Heuristics Behaviour
analysis, Anti-exploit…
How the 100% Attestation Service worksA sequence of technologies to classify 100% of processes, only allowing those certified by Panda to run
Cloud Platform
Events StorageHistoric Timeline
Technology Step 1Black Listing
Step 2White Listing
Step 3ML Classification
Step 4Manual Classification
Detects Known Malware Known Goodware Unknown Processes New Attack Patterns
Based on Collective Intelligence2.3 Billion 1 Known MW
Collective Intelligence3.2 Billion 1 Known GW
AD: Cloud-Based Machine Learning AD: Malware Analysts
Results 73,31% Automatic classification 99.98% Automaticclassification
100% classification+0.02% Manual
Events Stream
Cloud-based lookup
Panda Security
1As of 2019
Customers
Local Technologies:
Signatures, Heuristics Behaviour
analysis, Anti-exploit…
c
How the 100% Attestation Service worksA sequence of technologies to classify 100% of processes, only allowing those certified by Panda to run
Cloud Platform
Events StorageHistoric Timeline
Panda Security
The 100% Attestation Service eliminates file-based malware infections
“The 100% attestation service can drastically
reduce the threat surface of endpoints.”
Gartner Magic Quadrant for EPP, 2018
Benefits
Hacker detection• Find attackers using Living-off-the land Techniques• Lateral movements
Identification of malicious employees• User behaviour modelling
New Threat Detections in the endpoints• New or improved IoAs to block them before
damage
Panda Security
Managed Threat Hunting Service-as-a-featureLiving-off-the Land attacks
• It continuously monitors everything that happens on endpoints in real time in the form of event telemetry.
• In case of access, their actions are recorded, which allows the forensic analysis of the attack.
Panda Security
Managed Threat Hunting Service-as-a-featureLiving-off-the Land attacks
Customers’ endpoints
Events StorageHistoric Timeline
3. Incident Confirmation• Investigation and Forensics
Events Stream
1.Hypothesis GenerationBack Testing against 12 months
of endpoint telemetry
2. Real Time Threat Engine
IoAs behaviour anomaliesIoA New hypothesis
Panda Security
Solution Performance
*Approximation only applicable to AD360
The panda agent is extremely light from a performance perspective with the majority of processing done in the cloud.
Initial Bandwidth:
• 13MB* Installer and communications agent
• 89MB* Endpoint protection package
Communication with the server:
• Download – 3.2MB/day*
• Upload – 1MB/day*
Real-time on-access protection:
• 500 KB: Bandwidth used on the first day, when the cache is empty
• 35-100 KB: Bandwidth used after the first day, once the information is cached.
Full scan of the computer:
• 200-500 KB: First full scan of the computer.
• 50-200 KB: Subsequent full scans of the computer.
Accolades & Awards
100% Detection
5 Star
Rating
25+ Years
2018 Gartner Magic QuadrantRanked as a Visionary
Additional Awards
Panda Security
Gartner Peer Insights Customers’ Choice 2019
“By far the best, among all other EPP & EDR that I tested and can withstand direct or targeted attacks. No Antivirus or EDR and EPP solutions can offer 100% but, this is the closest.”
Infrastructure and Operations. Education. Gov’t/PS/ED <5,000 Employees
“Quite Better Than Other EDRs. AD is a powerful tool and the advanced console integrated with ART is very useful. Panda is able to block and classify different malware and to make the user feel safe.”
Security and Risk Management. Communications. Gov’t/PS/ED 50,000 + Employees
Panda Security
What Our Customers Say
Anticipation is our best ally when defining our future
needs and preventing risks. Adaptive Defense 360 gives
us the visibility needed to achieve that anticipation.
Jean-Yves Andreoletti
Systems and Network Integration, Validation and
Maintenance Platforms Engineer
Panda Adaptive Defense 360 proactive approach to
fighting against malicious software gives me peace of mind. It’s easy to configure, manage, and remediates issues quickly through its
simple to use web interface.
Jeff SmithTechnology Systems Administrator
at SHS Chicago
We greatly appreciate Panda Security’s channel
strategy and portfolio. With their console we can
manage our entire client base from a single point,
something no other vendor is able to provide.
Nathan Mills Managing Director
Panda Security
Aether Platform Product & Add-ons
Panda Security
The cloud-based single management platform and console
Aether is a cloud first platform for centrally managing all Panda Security’s Endpoint Protection, Advanced Security and Data Privacy solutions and modules for B2B users. All from a single web-based console and a single light agent at the endpoint.
Aether platform automatically provides the following capabilities to all products :
• Real-Time
• Multi-Product
• Cross-Platform
• Detailed
• Granular
• Flexible
Aether Management Platform
Panda Security
Panda Security
Aether CapabilitiesReal-Time
• Ability to send critical configurations to thousands of computers in a matter of seconds
• Ability to deploy urgent tasks across the entire organisation in seconds
Multi-Product• Multiple coexisting products managed from a single web
console • A single deployment for all solutions
Cross-Platform• 100% Panda protection for Windows, Linux, macOS and
Android• Panda engine and signatures across all platforms• Real-time protection and URL filtering on Windows, Linux and
macOS
Granular• Independent configuration of the proxy server, security settings,
remote control and alerts• Customisable user roles with granular permissions
Flexible• Customisable lists and reports• Filter-based views and actions• Independent configurations for each computer • Advanced settings for tasks
Detailed• Hardware and software information for each computer• 1-Year reports for VIP customers • User activity tracking
Aether
Panda Security
A single cloud first platform
A single lightweight agent
Endpoint Portfolio
Panda Security
Advanced Endpoint Security and Data Privacy
Panda Security
Endpoint Protection, Advanced Security & Data Privacy Portfolio
EPP for Windows, Mac, Linux, Android
EPP + Web filtering + Exchange protection
EPP + EDR for Windows+ Services(100% Att.1 & THIS2)
EDR for Windows + Services (100% Att.1 & THIS2)
BASE OFFERING OPTIONAL CAPABILITIES - MODULES
• Panda Patch Management• Panda Full Encryption
• Panda Patch Management• Panda Full Encryption
• Panda Patch Management• Panda Full Encryption • Panda Data Control• Advanced Reporting Tool
• Panda Patch Management• Panda Full Encryption • Panda Data Control• Advanced Reporting Tool• SIEMFeeder
1100% Att.: 100% Attestation Service. Classification of all executables, as a service by Panda.2THIS: Threat Hunting and Investigation Service.
Panda Security
Panda Security
Add-on: Panda Patch Management
It does not require the deployment of any new endpoint agents or management consoles as it is fully integrated in all of Panda Security's endpoint solutions. It provides centralised, real-time visibility into the security status of software vulnerabilities, missing patches, updates and unsupported (EOL) software, and tools to install and monitor updates.
Patch assessment and management for OS and 3rd-party applications
Audit, monitor and prioritise operating systems and application updates.
Prevent incidents, systematically reducing the attack surface created by software vulnerabilities.
Contain and mitigate vulnerability exploitation attacks with immediate updates.
Reduce operating costs. It does not require the deployment of additional agents. Updates are launched remotely and provide complete, unattended visibility of all vulnerabilities, pending updates and EoL applications.
Panda Patch Management is a module for managing vulnerabilities in the operating systems and third-party applications on Windows workstations and servers.
Panda Security
Add-on: Panda Full Encryption
centrally controlling and managing the eRecovery keys stored on Panda Security's cloud-based management platform: Aether.
The first line of defence to protect data simply and effectively
Prevent loss, theft and unauthorised access. Recovery keys are stored and recovered securely from the cloud.
No deployment or installation additional agents. No servers or additional costs for additional servers
Achieve regulatory compliance by monitoring and enforcing encryption activation on Windows devices, thanks to its intuitive dashboards, detailed reports and change audits.
Panda Full Encryption leverages BitLocker, a proven and stable Microsoft technology, to encrypt and decrypt disks without impacting end users and providing organisations with the added value of
Panda Security
Add-on: Panda Data Control
Panda Data Control discovers, audits and monitors unstructured personal data on endpoints: from data at rest to data in use and data in motion.
Assessment and monitoring of sensitive data across all endpoints
Discover and audit: Identifies users, devices, or servers in your company with access to Personally Identifiable Information (PII).
Monitor and detect: Real-time alerts on leaks, use, and suspicious unauthorised transit.
Simplify management: Activation is immediate and managed directly from the Cloud platform.
Control of Data: Demonstrate that the company has complete control over the PII located on its devices.
This module is designed to assist organisations in complying with data protection regulations, as well as discovering and protecting personal and sensitive data, both in real time and throughout its lifecycle on endpoints and servers.
Panda Security
Add-on: Panda Advanced Reporting Tool
The Advanced Reporting Tool dashboards include key indicators, searches and preset alerts across three areas:
• Security incidents.
• Access to critical information.
• Network resources and applications used.
From data to actionable IT and security insights
Threat control: Determine the origin of security threats and apply security measures to prevent future attacks.
Manage access: Implement more restrictive policies for accessing critical business information.
Monitor and detect: misuse of corporate resources that may impact on business and employee performance.
Correcting employee behaviour that is not in line with defined usage policies.
This module aggregates all the data gathered, correlating and graphically presenting it in real time to offer granular visibility into any event that takes place on the network.
Panda Security
Add-on: Panda SIEM Feeder
A new source of critical information into your SIEM:
Integration with corporate SIEM systems, to provide details and context of everything that runs on your IT network
SIEM Capabilities: Collect and correlate the status of IT systems allowing organisations to turn massive volumes of data into useful information for decision making.
Integrate a new source of critical information into the security intelligence collected and correlated by your SIEM: all processes and programs run on your devices and continuously monitored by Panda Adaptive Defense and Panda Adaptive Defense 360.
Panda Adaptive Defense 360 seamlessly integrates with existing corporate SIEM solutions without additional deployments on users’ devices. Helping administrators filter the huge volumes of data handled by your SIEM system and focus on what really matters.
• Security incidents • Bandwidth Usage
• Unknown processes • Vulnerable Software
• Access to MS Office files • Computers with operating system modifications
Panda Security
Panda Systems Management
• Free up your IT team to concentrate on value-added projects.
• Resolve problems proactively.
• Enhance support for new technologies and encourages adoption of BYOD.
The new way to manage, monitor and conduct maintenance on IT systems
Alerts & Monitoring: Real-time graphs and alerts for CPU usage, memory and hard disks, etc.
Rapid Tasks & Scripts: Create or download scripts from our ComStore and modify them if you need it.
Patch Management: Automate the deployment of updates and patches for the software installed.
Software Deployment: Centrally deploy software and updates, controlling all processes.
Tickets System: Organise, classify and prioritise incident resolution.
Mobile Device Management: Password policies, control device usage , remote locking and data wiping.
The easiest way to manage, monitor and maintain all of your company's devices, whether they are in the office or in a remote location.
Panda Security
Panda Fusion 360
• Automation of infrastructure management and centralised control.
• The best support experience with proactive troubleshooting and remote, non-intrusive access to devices, no matter where they are.
Cloud Advanced Security, Management and Support
Complete Security Suite: Featuring anti-malware, firewall, device control, web filtering, anti-spam and content filter.
Advanced Cybersecurity: With the 360 capabilities you will add an extra layer of security with the best EPP and EDR technologies of Panda Adaptive Defense 360.
Inventory & Monitoring: Control and monitor all devices on the network, their performance, software and licenses.
Deployment Manager: Centralised and automatic patch management, and software installation.
Remote Support: With non-disruptive access, a ticketing system and script creation.
Remotely protects, manages and supports all of your IT infrastructure devices, including tablets and smartphones.
• Maximum protection against malware and other unknown threats.
Panda Security
Panda Email Protection
Thanks to its advanced cloud-based scanning technologies it does not require any additional infrastructure to start operating.
Email security and filtering from the cloud
Robust Protection: Antivirus engine leverages maximum detection and protection capabilities.
Simple Management: Security can be managed anytime, anywhere from the Web console.
Business Continuity: 24x7 service availability provides continuous and secure access to email.
Monitoring & Reports: The dashboard provides a dynamic view of system status and reports for users and administrators.
Multi-layer protection for your company's email against all types of malware and spam.
Email Protection offers immediate, effective protection against viruses and spam, through online scans performed on Panda Security’s servers.
Panda Security
Panda Adaptive Defense 360Summary of our value proposition
• Cloud-first architecture & lightweight agent requires no client infrastructure.
• Panda is responsible for the management and maintenance of the solution
• Easy deployment of the solutions
• A single agent and add-on modules allow for scalability
• Real-time prevention and detection of advanced threats
• ML, Deep Learning and expert analysists form part of the 100% attestation service
• THIS provides notifications of compromise by cyber-analysts
• Collective Threat Intelligence - all the telemetry of Panda SaaS
• Integration with SIEM solutions
• SaaS approach includes Data Control, Vulnerability Assessment/Patch management and full disk encryption management
• Windows, Linux, MacOS and mobile protection for Android from the same console
pandasecurity.com
Reinventing Cybersecurity