Panda Security Building a safer digital world Name: Jeffrey Ong Position: Account Manager Date: October 2007

Agenda Deployment Strategy Simple deployment Medium size corporate deployment Large size corporate deployment Deployment Architecture Basic deployment Medium Corporate Deployment Large Corporate Deployment Enterprise Deployment Self-Repair Capability Easy migration from server to server Higher Signature update availability MalwareRadar Integration with Microsoft IIS Vast improvements Scheduled Report sent via Email Reports available in many type Information on the progress of detection in computers

Deployment Strategy

Simple deployment

Medium size corporate deployment

Large size corporate deployment

Deployment Architecture

Basic deployment

Medium Corporate Deployment

Large Corporate Deployment

Enterprise Deployment

Self-Repair Capability

Easy migration from server to server

Higher Signature update availability

MalwareRadar

Integration with Microsoft IIS

Vast improvements

Scheduled Report sent via Email

Reports available in many type

Information on the progress of detection in computers

Panda’s Security Model And Collective Intelligence Security Protection

Panda’s Security Model 1. Layered protection Malware is blocked on the most adequate layer Endpoint Email Servers Messaging Gateways Internet Gateways Minimizes costs of infection within the network Core resources are freed for the business Helps not to reduce the productivity of the employees and administrator

1. Layered protection

Malware is blocked on the most adequate layer

Endpoint

Email Servers

Messaging Gateways

Internet Gateways

Minimizes costs of infection within the network

Core resources are freed for the business

Helps not to reduce the productivity of the employees and administrator

Panda’s Security Model 2. Proactive Endpoint protection TruPrevent Technologies automatically detect and block unknown threats, 0 day attacks, and intruders Without user intervention Avoid new threats from propagating within the network The most advanced HIPS in the market (Gartner): Host Firewall Behavior analysis Application control Security Policies

2. Proactive Endpoint protection

TruPrevent Technologies automatically detect and block unknown threats, 0 day attacks, and intruders

Without user intervention

Avoid new threats from propagating within the network

The most advanced HIPS

in the market (Gartner):

Host Firewall

Behavior analysis

Application control

Security Policies

Panda’s Security Model

Panda’s Security Model 3. Periodic audits Panda Malware Radar, integrated in Corporate Software Solutions, is an automated malware audit service Maximum protection against targeted attacks, bot networks and other malware Locates and cleans even the malware not detected Finds out exactly which malware exists, and where it is Delivers detailed reports with all the information Saves time an efforts controlling the threats on the network Does not need installation

3. Periodic audits

Panda Malware Radar, integrated in Corporate Software Solutions, is an automated malware audit service

Maximum protection against targeted attacks, bot networks and other malware

Locates and cleans even the malware not detected

Finds out exactly which malware exists, and where it is

Delivers detailed reports with all the information

Saves time an efforts controlling the threats on the network

Does not need installation

Panda’s Security Model 4. Collective Intelligence Collective Intelligence allows us to maximize our malware detection capacity while minimizing the resource and bandwidth consumption The knowledge is in Panda, not in our customer’s resources It benefits the community in real time Highest effectiveness by its automated and enhanced malware collection, classification and remediation It gains knowledge to improve existing technologies

4. Collective Intelligence

Collective Intelligence allows us to maximize our malware detection capacity while minimizing the resource and bandwidth consumption

The knowledge is in Panda, not in our customer’s resources

It benefits the community in real time

Highest effectiveness by its automated and enhanced malware collection, classification and remediation

It gains knowledge to improve existing technologies

Panda’s Collective Intelligence The intelligence is in Panda

The intelligence is in Panda

Technology to Protection What is in every desktop?

Layered Protection Strategy

Inside the Workstation Protection for Windows workstation Reactive Units: Antimalware (Files, email, HTTP Demon) Anti-Spam Content-Filter Preventive Units: TruPrevent NetworkSecure

Protection for Windows workstation

Reactive Units:

Antimalware (Files, email, HTTP Demon)

Anti-Spam

Content-Filter

Preventive Units:

TruPrevent

NetworkSecure

CommTouch Partnership Recurrent Pattern Detection Technology (RPD™) Based on most fundamental characteristic of spam – its mass distribution over Internet Industry best detection and accuracy (Osterman Research) Detects and blocks spam in the first few minutes of an outbreak (IDC) Licensed by leading messaging and security vendors Protects over 35 million users worldwide CommTouch Engines (SDK) Queries RTDC to receive message classification Realtime Protection - No signature and software updates Global Coverage – all language and format Future-proof method – lasted 3-4 generations of anti-spam tech Fully automated detection Windows Exchange Server

Recurrent Pattern Detection Technology (RPD™)

Based on most fundamental characteristic of spam – its mass distribution over Internet

Industry best detection and accuracy (Osterman Research)

Detects and blocks spam in the first few minutes of an outbreak (IDC)

Licensed by leading messaging and security vendors

Protects over 35 million users worldwide

CommTouch Engines (SDK)

Queries RTDC to receive message classification

Realtime Protection - No signature and software updates

Global Coverage – all language and format

Future-proof method – lasted 3-4 generations of anti-spam tech

Fully automated detection

Anti Malware Protection What is in every desktop?

Inside the Protection Module OS Kernel Rules User Application Rules Behavioral Analysis Genetic Heuristic Analysis Malware Signatures Advanced Firewall Intrusion Prevention Secure Network Access

Desktop Firewall Bi-directional Stateful Inspection Firewall. TDI filter: controls which applications can access (Internet Explorer, IM, P2P, …) . NDIS filter: controls ports and addresses. Safe PC boot. Centralized management of desktop firewalls.

Bi-directional Stateful Inspection Firewall.

TDI filter: controls which applications can access (Internet Explorer, IM, P2P, …) .

NDIS filter: controls ports and addresses.

Safe PC boot.

Centralized management of desktop firewalls.

Intrusion Prevention Network attack signatures. Analyzes content and behavior of TCP/IP packets (buffer overflows) . Detects Syn Flood, Portscan, spoofing, Denial of Service (DoS). Active Response (blocks attacking IP).

Network attack signatures.

Analyzes content and behavior of TCP/IP packets (buffer overflows) .

Detects Syn Flood, Portscan, spoofing, Denial of Service (DoS).

Active Response (blocks attacking IP).

NetworkSecure Detects security products. Detects state of security updates. Network access control based on Security Policies. PC access control based on Security Policies. Integrates with Network Access Control (NAC). ESEP technology (Endpoint Security Enforcement Protocol).

Detects security products.

Detects state of security updates.

Network access control based on Security Policies.

PC access control based on Security Policies.

Integrates with Network Access Control (NAC).

ESEP technology (Endpoint Security Enforcement Protocol).

O.S. Kernel Rules Enforcement Security Policies for Systems (OS policies). Outsourced security managed by Panda: Vulnerability Quick Patching Rules Preventive Malware Detection Rules Suspicious OS Action Blocking Rules Specific Rules for Servers (database, web, fileserver) User can activate and apply to different users.

Security Policies for Systems (OS policies).

Outsourced security managed by Panda:

Vulnerability Quick Patching Rules

Preventive Malware Detection Rules

Suspicious OS Action Blocking Rules

Specific Rules for Servers (database, web, fileserver)

User can activate and apply to different users.

User Application Rules Security Policies for Users & Applications. Controlled by IT Administrator: File access control User Account access control Registry access control COM component access control Service access control Network access control System rules Application

Security Policies for Users & Applications.

Controlled by IT Administrator:

File access control

User Account access control

Registry access control

COM component access control

Service access control

Network access control

System rules

Application

Malware Signature Engine Same engine and signature for different malware Virus, worms, Trojans, spyware, adware, hacking tools, etc. Decompresses vast majority of packers. Code emulation for detection of polymorphic. Rootkit detection v1.0 (v1.1 low level HDD access). SmartClean for restoring system to pre-infection state (hosts, registry, loaded modules, …).

Same engine and signature for different malware

Virus, worms, Trojans, spyware, adware, hacking tools, etc.

Decompresses vast majority of packers.

Code emulation for detection of polymorphic.

Rootkit detection v1.0 (v1.1 low level HDD access).

SmartClean for restoring system to pre-infection state (hosts, registry, loaded modules, …).

Genetic Heuristic Engine Zero false positive correlation of genetic resemblance to determine “malware family”: Location Format Form Properties Content Etc. “ The Magic” : calculates, correlates and diagnoses. GHE available for file system, http, smtp, httpmail, pop3, nntp, mapi and Instant Messaging

Zero false positive correlation of genetic resemblance to determine “malware family”:

Location

Format

Form

Properties

Content

Etc.

“ The Magic” : calculates, correlates and diagnoses.

GHE available for file system, http, smtp, httpmail, pop3, nntp, mapi and Instant Messaging

Behavioral Analysis We classify a process based on the correlation of all of its interactions with the user and the system over time, not by simply looking at the file File form, format, content, location, etc. System variables and behavior Loaded resources and modules Accessed ports Over 5 million sensors deployed worldwide. High detection rate Low false positives No user interaction

We classify a process based on the correlation of all of its interactions with the user and the system over time, not by simply looking at the file

File form, format, content, location, etc.

System variables and behavior

Loaded resources and modules

Accessed ports

Over 5 million sensors deployed worldwide.

High detection rate

Low false positives

No user interaction

Total Cost Of Ownership Purchase is the beginning.

Total Cost of Ownership Upgrade/Migrate AdminSecure Server 3 method to deploy communication agent Manage Optimize Deploy Microsoft IIS integration Additional AdminServer Additional Repository Self-repair Reporting Real-time network protections information update Higher signature update availability Protection & Detection Audit & Advance Reporting No need to retain previous server hostname and IP address Easy migration for AdminSecure / console Wizard base guide Highest Cost Reason OS version upgrade Software Upgrade Hardware / Software failure Network changes Hardware upgrade Malware Radar TruPrevent

AdminSecure Server

3 method to deploy communication

agent

Microsoft IIS integration

Additional AdminServer

Additional Repository

Self-repair

Reporting

Real-time network protections information update

Higher signature update availability

No need to retain previous server hostname and IP address

Easy migration for AdminSecure / console

Wizard base guide

Reason

OS version upgrade

Software Upgrade

Hardware / Software failure

Network changes

Hardware upgrade

AdminSecure

Deployment Strategy Deployment Architecture

Architecture Overview Components: AdminSecure Server Repository Secondary AdminSecure Microsoft IIS Primary AdminSecure Secondary AdminSecure IIS IIS Repository Repository User PC User PC User PC

Components:

AdminSecure Server

Repository

Secondary AdminSecure

Microsoft IIS

Simple Deployment HQ Office (500 Users) Internet Internal Network Panda Update Server Panda AdminSecure IIS

Medium Size Corporate Deployment HQ Office (1000 Users) Internal Network Branch A (500 Users) 1 st Floor (500 Users) Intranet Panda Update Server Panda AdminSecure Repository Repository IIS Internet

Large Size Corporate Deployment Internet DMZ Internal Network HQ Office (1500 Users) 1 st Floor (1000 Users) 2 nd Floor (1500 Users) Branch A (1000 Users) Intranet Panda Update Server Active Directory NTLM Panda Roaming Server Panda AdminSecure Secondary AdminSecure Repository Repository IIS IIS

Self-Repair Capability Repairs incomplete installations and updates automatically

Total Cost of Ownership Upgrade/Migrate AdminSecure Server 3 method to deploy communication agent Manage Optimize Deploy Microsoft IIS integration Additional AdminServer Additional Repository Self-repair Reporting Real-time network protections information update Higher signature update availability Protection & Detection Audit & Advance Reporting No need to retain previous server hostname and IP address Easy migration for AdminSecure / console Wizard base guide Highest Cost Malware Radar TruPrevent

AdminSecure Server

3 method to deploy communication

agent

Microsoft IIS integration

Additional AdminServer

Additional Repository

Self-repair

Reporting

Real-time network protections information update

Higher signature update availability

No need to retain previous server hostname and IP address

Easy migration for AdminSecure / console

Wizard base guide

Background Problems Users shutdown or restart PCs during installation Updates problems These situation increases administrator workload as it requires manual action to repair. Main cause of customer dissatisfaction. Solution Mechanism included to detect incomplete installation Repair will be automatically launched Feature has been implemented for: Panda for Desktops Panda for File Servers Signature not updated Protection error Communication agent error Problem with console Installation error PC problems Network problems

Problems

Users shutdown or restart PCs during installation

Updates problems

These situation increases administrator workload as it requires manual action to repair.

Main cause of customer dissatisfaction.

Solution

Mechanism included to detect incomplete installation

Repair will be automatically launched

Feature has been implemented for:

Panda for Desktops

Panda for File Servers

Signature not updated

Protection error

Communication agent error

Problem with console

Installation error

PC problems

Network problems

Self-Repair Capability In many cases these errors were due to incomplete installations that had to be resolved manually.

Easy Migration of AdminSecure Eliminate the need for total configuration during server migration

Upgrade/Migrate AdminSecure Server 3 method to deploy communication agent Manage Optimize Deploy Microsoft IIS integration Additional AdminServer Additional Repository Self-repair Reporting Real-time network protections information update Higher signature update availability Protection & Detection Audit & Advance Reporting No need to retain previous server hostname and IP address Easy migration for AdminSecure / console Wizard base guide Highest Cost Malware Radar TruPrevent

AdminSecure Server

3 method to deploy communication

agent

Microsoft IIS integration

Additional AdminServer

Additional Repository

Self-repair

Reporting

Real-time network protections information update

Higher signature update availability

No need to retain previous server hostname and IP address

Easy migration for AdminSecure / console

Wizard base guide

Easy Migration Install new AdminSecure Server 1 Launch the troubleshooting wizard 2 Insert IP address range & admin right 3 Wait for AdminSecure to reconnect agent 4 Successful migration 5 Internal Network 1000 PC 2000 PC New AdminSecure 1 IIS Current AdminSecure IIS Internal Network 1000 PC 2000 PC Reason for Migration / update OS version upgrade Software Upgrade Hardware / Software failure Network changes Hardware upgrade

Reason for

Migration / update

OS version upgrade

Software Upgrade

Hardware / Software failure

Network changes

Hardware upgrade

Higher signature update availability

Upgrade/Migrate AdminSecure Server 3 method to deploy communication agent Manage Optimize Deploy Microsoft IIS integration Additional AdminServer Additional Repository Self-repair Reporting Real-time network protections information update Higher signature update availability Protection & Detection Audit & Advance Reporting No need to retain previous server hostname and IP address Easy migration for AdminSecure / console Wizard base guide Highest Cost Malware Radar TruPrevent

AdminSecure Server

3 method to deploy communication

agent

Microsoft IIS integration

Additional AdminServer

Additional Repository

Self-repair

Reporting

Real-time network protections information update

Higher signature update availability

No need to retain previous server hostname and IP address

Easy migration for AdminSecure / console

Wizard base guide

Higher signature update availability Panda Update Server Workstations Roaming Server AdminSecure Server

Infrastructure Resilience Internet DMZ Internal Network 1 2 3 4 Panda Update Server Panda Roaming Server Panda AdminSecure Repository

MalwareRadar On-demand audit service

Sample report

Integration with Microsoft IIS Support more connection for AdminSecure Server and Repository 5 Simple Steps

Upgrade/Migrate AdminSecure Server 3 method to deploy communication agent Manage Optimize Deploy Microsoft IIS integration Additional AdminServer Additional Repository Self-repair Reporting Real-time network protections information update Higher signature update availability Protection & Detection Audit & Advance Reporting No need to retain previous server hostname and IP address Easy migration for AdminSecure / console Wizard base guide Highest Cost Malware Radar TruPrevent

AdminSecure Server

3 method to deploy communication

agent

Microsoft IIS integration

Additional AdminServer

Additional Repository

Self-repair

Reporting

Real-time network protections information update

Higher signature update availability

No need to retain previous server hostname and IP address

Easy migration for AdminSecure / console

Wizard base guide

Integration with Microsoft IIS Benefits: Increases concurrent connection Faster updates Same infra More PCs Same infra More Tasks IIS integrates with: AdminSecure Repository Connections 3,000 Connections Without IIS With IIS 24,000 Connections

Benefits:

Increases concurrent connection

Faster updates

Same infra More PCs

Same infra More Tasks

IIS integrates with:

AdminSecure

Repository

Microsoft IIS Integration Internet Panda Update Server DMZ Internal Network HQ Office (1500 Users) 1 st Floor (1000 Users) 2 nd Floor (1500 Users) 3 rd Floor (1000 Users) Active Directory NTLM Panda Roaming Server Panda AdminSecure Secondary Repository Panda AdminSecure Secondary Repository Integrate IIS for more connection Integrate IIS for more connection IIS IIS IIS

Vast Improvements AdminSecure continuously look to forward to reducing cost of managing antivirus in every organizations.

Scheduled report sent Via Email This new feature let the administrator to configure and to scheduled the AdminSecure server to sent the latest malware report to administrator via using e-mail.

This new feature let the administrator to configure and to scheduled the AdminSecure server to sent the latest malware report to administrator via using

e-mail.

Reports available in many type Many type of report definition options Many type of report options

Information on the progress of detection in computers This feature enable administrator to know the latest information about their network, the information will update from time to time.

This feature enable

administrator to know the

latest information about

their network, the

information will update

from time to time.

Eliminates Two Restart During Installation Problem On some occasions, to update protection in a computer it was necessary to restart the machine twice (manual restart) Annoying and interfering Solution Modified update process for workstation and server. Where possible, operations are carried out without restarts. When not possible, the operation will be pending for the next restart. On updating the protection, the version installed continues to be 100% operative. After the restart, the new version of the protection will be run.

Problem

On some occasions, to update protection in a computer it was necessary to restart the machine twice (manual restart)

Annoying and interfering

Solution

Modified update process for workstation and server.

Where possible, operations are carried out without restarts.

When not possible, the operation will be pending for the next restart.

On updating the protection, the version installed continues to be 100% operative.

After the restart, the new version of the protection will be run.

thank you!