Home | About Us Panda Security
Panda Security : Closing The Gap In Malware Detection

Exective Summary

Panda Adaptive Defense, is a new approach to disrupt the predominant "prevention-based dynamics which have dominated the security industry since its inception, and the anti-malware industry in particular. Under these dynamics, anti-malware companies and malware creators keep playing an arms race to gain a temporary lead, a "window of detection" until it gets closed with new evasion techniques, requiring ever increasing investments and resources just to maintain an appearance of a "stabilized front".

The new trust-based approach, is based on three principles: continuous monitoring of all behavior of running programs at the endpoints; continuous classification and risk assessment of running programs in real or near real time, based on a big data approach together with expert review by analysts if needed, and maximum transparency/convenience, so that there is no need for end-user or admin input for the service to run.

Although perfect protection will never be achieved, the new approach significantly raises the bar for malware to remain uncovered and to bypass existing security defenses. However, since new incidents will happen, Panda Adaptive Defense also provides the necessary forensic capabilities to respond, to determine when the malware infiltrated the system, who was affected, what was targeted and how did it get there.

Diego Navarrete, CEO



  • Designing an Adaptive Security Architecture for Protection From Advanced Attacks
  • Neil MacDonald | Peter Firstbrook
  • 12 February 2014
  • Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.
Key Challenges
  • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers.
  • Most organizations continue to overly invest in prevention-only strategies.
  • Detective, preventive, response and predictive capabilities from vendors have been delivered in nonintegrated silos, increasing costs and decreasing their effectiveness.
  • Information security doesn't have the continuous visibility it needs to detect advanced attacks.
  • Because enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to "incident response" is the wrong mindset.
Recommendations

Information security architects:

  • Shift your security mindset from "incident response" to "continuous response," wherein systems are assumed to be compromised and require continuous monitoring and remediation.
  • Adopt an adaptive security architecture for protection from advanced threats using Gartner's 12 critical capabilities as the framework.
  • Spend less on prevention; invest in detection, response and predictive capabilities.
  • Favor context-aware network, endpoint and application security protection platforms from vendors that provide and integrate prediction, prevention, detection and response capabilities.
  • Develop a security operations center that supports continuous monitoring and is responsible for the continuous threat protection process.
  • Architect for comprehensive, continuous monitoring at all layers of the IT stack: network packets, flows, OS activities, content, user behaviors and application transactions.

Panda Security Content

Introduction

Despite continued and increased investments in security (in 2013, enterprises spent more than $13 billion on firewalls, intrusion prevention systems, endpoint protection platforms and secure Web gateways), it is clear that the battle against malware has not improved.

On the contrary, highly publicized breaches, together with the even more famous revelations about state – sponsored spying activities continue to carve out a perception of a very high general risk, and of porous and indefensible networks.

As Gartner says, «all organizations should now assume that they are in a state of continuous compromise» ("Designing an Adaptive Security Architecture for Protection From Advanced Attacks". Published: 12 February 2014). According to the Verizon Data Breach Investigative Report, 85% of the attacks remained undetected for weeks or more, and 92% of the attacks were not detected by the organizations themselves. It is very likely then that the overall risk has remained at similar levels in the past.

As Mr. Donald Rumsfeld's once said, "there are things we do not know we don't know". Read more.