Your SlideShare is downloading. ×
0
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Panda Security2008
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Panda Security2008

1,143

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,143
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Panda Security Building a safer digital world Name: TS Wong Position: Country Manager Date: October 2007
  • 2. Agenda
      • Who is Panda Security?
      • Our Customers
      • Malware Landscape
      • Commercial Comparisons
      • Why Panda Security?
      • Innovations*
        • Collective Intelligence
        • TruPrevent (HIPS)
        • NanoScan
      • Gartner 2007
      • Case Studies: PDRM
      • Case Studies: Syabas
      • Our Solutions
        • MalwareRadar
        • TrustLayer Mail
        • Security Appliances
          • GateDefender Performa
          • GateDefender Integra
        • PandaSecurity for Mobile Operators
        • PandaSecurity for Enterprise
        • PandaSecurity for Internet Transactions
  • 3. Who is Panda Security? Protection Technology Leader. 4 th antivirus vendor worldwide.
  • 4. Who we are
    • Founded in 1990
    • Leading European company in security, and the fourth worldwide company in the sector [Gartner]
    • Solid financial situation with the participation of important private equity firms:
      • 55% growth in 2004
      • Offices in more than 50 countries
      • Product available in 23 languages
    • Investing in R&D more than 25% of the annual revenue
    • Leader in protection technologies against unknown threats [Gartner]
  • 5. Who we are
    • Presence in 54 countries with 1,500 people
    • 2.5 Million customers worldwide
    • 140,000 corporate costumers
  • 6. Busiest Antivirus Vendor
    • Introduction of products
      • TruPrevent (HIPS)
      • GateDefender Performa
      • GateDefender Integra
      • Desktop for Linux
      • MalwareRadar
      • NanoScan
      • TrustLayer
      • PreScan
    1990 STARTED BILBOA SPAIN 2008 LEADERSHIP IN MALWARE PROTECTION TECHNOLOGY 2004 GATE DEFENDER & WEBADMIN 2005 TRUPREVENT 2006 WORLD NO. 4 INTEGRA 2007 NanoScan MalwareRadar TrustLayer MegaDetection <rebranding>
    • Protection technologies incorporated into our products includes:
      • Integrated Spyware
      • Rootkit Detection
      • Centralized Quarantine
      • SDK
      • IIS Integration for Updates
    • PandaLabs 2007
      • DDoS of samples
      • Revamped
      • Automated by 100s of server
      • MegaDetection!
  • 7. Our Customers Providing protection to government agencies and corporations.
  • 8. Some of our customers
    • Government
        • PDRM
        • Mindef
        • Jabatan Pertanian
        • SIRIM
        • Lembaga Kemajuan Pertanian Muda
        • LKIM
        • MTIB
        • JAKIM
        • Malaysia Tourism Promotion Board
        • SUK Negeri Sembilan
        • SUK Selangor
        • Tekun
        • NISER
        • JHEOA
        • Kastam
        • KKLW
        • MPSJ
        • JAIWP
        • PTGWP
        • Suruhanjaya Perkhidmatan Pelajaran
        • JASA
        • JPA
    • Corporate
        • EuroMobil
        • Touch N’ Go
        • Alam Flora
        • MPH
        • MUI Group
        • Prostaco Group
        • Classita
        • Privasia
        • OSIM
        • Elken
        • NasionCom
        • Sin Chew Jit Poh
        • Syabas
        • Hyundai
        • Ingress
        • NAZA
        • Metro Parking
        • Genting
        • ISS Consulting
    • Banking
        • Bank Pembangunan & Infrastruktur
        • EXIM Bank
  • 9. Some of our customers
    • Penang (northern region)
        • Malayawata
        • Classita
        • IQ Group
        • Brusia Engineering
        • Boon Siew
        • The City Bayview Hotel
        • CMT
        • Advanced Ceramics Technology
        • UltraSonic
        • MADA
        • Kulim Hi-Tech Park
        • NAZA
        • Toyo Memory
        • Chemical Industries
        • Rubberex
    • Healthcare
        • Hospital Besar Melaka
        • Hospital Pantai Mutiara
        • Queen Elizabeth Hospital
    • Education
        • Universiti Perguruan Sultan Idris
        • Universiti Putra Malaysia
        • INSTUN
        • TARC
        • Terengganu Advanced Technical Institute
        • Institut Teknologi Tinggi Kulim
        • Politeknik Ipoh
        • KISMEC
        • GMI
        • Akademi Sains Malaysia
  • 10. Some of our customers
  • 11. Commercial Comparisons Frequencies, consistencies and qualities.
  • 12. Oct 2005 – PC World
    • Only one able to eliminate 100% running processes of spyware.
    • Better than specific anti-spyware solutions such as
      • McAfee AntiSpyware 2006
      • Trend Micro Anti-Spyware 3.0
    • Panda Platinum Internet Security eliminated 100% of BHOs (browser helper objects) and unwanted toolbars, components frequently used to hijack browsers.
  • 13. May 2006 – PC World
    • Of the Internet Security suites analyzed, Panda detected the most unknown viruses and completed the full scan of the computer the fastest.
    USA - May 2006 * Comparative review published in PC World USA May 2006 with 2006 versions of security suites. This slide will be updated with the 2007 versions, as soon as an updated comparative review is published. Heuristic detection 91% 74% 65% 41% Detection of malware within file archives 100% 96% 78% 87% Detection of malware embedded in Microsoft Office OLE objects 100% 100% 86% 90% Scan speed (minutes) 6.65 10.47 17.34 13.31 7.
  • 14. May 2007 – PC Magazine Panda Anti-Rootkit REVIEW DATE:   04.20.07     Panda Anti-Rootkit digs deeper than any other anti-rootkit tool I've seen, telling you exactly what it found. For safety it won't delete files digitally signed by Microsoft—smart! And it wiped out every one of my test rootkits. Detects rootkit activity in file system, Registry, processes, drivers, and Alternate Data Streams. Offers very detailed reports. Eliminates known and unknown rootkits. Basic results list is cramped in a non-resizable window.
  • 15. GCN Lab Review - 2007
    • Panda Internet Security 2008 Vicious panda: The Panda software viciously tracks down viruses and cookies. Functionality: A+ Ease of use: A Speed: A- Value: B+ Pros: Gives users a lot of info, deletes anything remotely suspicious. Cons: Does a few things without asking. When Panda software wanted to submit a beta of its 2008 antivirus software, we were a little skeptical; we put betas through the same rigorous testing as released software. But Panda representatives insisted. Panda Internet Security 2008 more than lived up to our expectations. Installing the software was simple and easy, taking 4 minutes, 52 seconds, plus a reboot. It was the only program to find all 10 of the cookies we put on the test system, and it did it before it was even installed. During the install process, the program runs an anti-spyware scan. During this scan, it found all 10 cookies and automatically deleted them. The bad part about this was that seven of the cookies were not malicious, and we were given no choice as to their fate. The software just killed them without prompting and then finished the install. Once installed, the Panda software was no less vicious in tracking down and eliminating all the viruses we had put on the system, in addition to others we tried to implant through various means. One nice feature is that the software constantly scans all active connections into or out of a system for anything suspicious. One screen shows you each and every port that is open on a system, what programs are using them and where the programs are located. This makes it impossible for any program that tries to get to the outside world to do so without detection. A separate screen monitors wireless access to a system, so you are protected from that angle, too.
    About GCN Government Computer News is the leading publication in the $90 billion government technology market. The magazine, published 34 times per year, serves more than 100,000 readers in federal government, state, county and municipal governments in the U.S. Now in its 24th year of publication, Government Computer News is well respected for its insightful coverage of breaking news and in-depth analysis of how technology is changing and challenging the public sector. Founded in 1982, it is published by PostNewsweek Tech Media, a division of the Washington Post Company.
  • 16. Malware Landscape Outbreak in almost every organization.
  • 17. Malware 2.0
    • Targeted Attacks
      • Many variants
      • Distribute few copies
    • Quality Control
      • Submit to online scanning
      • Customized tools
    • Rootkits
      • Low level entry point
      • Growing momentum
    • Runtime Packers
      • Changes executable to different form but does exactly the same thing.
    • Botnets
      • Cyber criminals
      • Remote control via IRC/HTTP/P2P
    • Stage Infection Vectors
      • Two-staged attackes
      • Exploits
      • Downloaders
    • Exponential increase to DDoS against AV Labs
  • 18. Statistics
    • DDoS against AV vendor
      • Malware identified in 2006 > all identified since 1990
      • Neither we at PandaLabs nor anyone can cope
    • August 2007: we are adding > 4,000 detections per day
    Number of samples Average daily detection added By PandaLabs
  • 19. Antivirus Vendor Not Ready
    • Situation changed, problems changed, customers need to change.
    Source: Gartner, Market Trends: Security Markets,Worldwide, 2005-2010
  • 20. Summary
    • Odds stacked against AV vendors and users.
    • AV vendors must provide a definitive solution.
  • 21. Background
    • All vendors has only a subset of each other.
    • Viruses increases faster than signature.
    • Law of nature for reactive solution.
    Vendor A: Signature New Viruses or Unknown Vendor B: Signature or Known Viruses
  • 22. Why Panda Security? Unified Technologies delivers Unified Protection.
  • 23. Unified Technologies
    • One developer for all technologies layer
        • Protection Technologies
        • Kernel
        • Transport
        • Malware Labs
  • 24. Unified Malware Protection
    • We cover all types of malware
    • Known + Unknown Threats Protection
    • Any type of malware:
        • Virus
        • Spyware
        • Adware
        • Phishing
        • ActiveX
        • Javascript
        • Applet
        • Zero Day Threats
    New Security Solutions
  • 25. Proactive Technologies
  • 26. PandaLabs
    • Collective Intelligence
      • Automated analysis of samples
      • Automated development of signature
      • To consistently deliver fast response time
    • Critical Success Factors
      • Good heuristics
      • Proactive detections to collect suspicious samples.
  • 27. Collective Intelligence Revamping and Automating PandaLabs
  • 28. Objective of Collective Intelligence
    • Confront the “Malware 2.0” problem
    • Detect 10 times more with 10 times less effort
    • Maximize detection capacity
    • Minimize costs (CPU/RAM resource and bandwidth)
    • Focus on convenience and universality of solution.
  • 29. Definition
    • What is the Collective Intelligence?
      • Threat management system “from the cloud”.
      • Based on the aggregated knowledge of the community.
      • Based on process automation and on the correlation of information, at our infrastructure.
  • 30. How do we do it?
        • Intelligence in the cloud
        • Global visibility
        • Continuous correlation
        • Automatic classification
        • Malware, Goodware
        • Transparent to the user
    <Program ID:XXXXX Status:unknown. Behavioral traces:log1,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:unknown. Behavioral traces: log2,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:Malware W32/XY . Behavioral traces:log1,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:Malware W32/XY . Behavioral traces:log2,… Date/time of appearance: HHMMDDMMYY …
    • Collection
    • Process signatures
    • Inbound filters
    • Prioritization
    • Unique samples
    • No. of times seen
    • Receipt
    • Processing
    • Identifiers with multi-scanner
    • Check for goodware
    • Decompression
    • Emulation
    • Heuristic
    • Sandboxing
    • Behavioral analysis
    • Classification
    • By genetic family
    • By analysis of similarity
    • By neural networks
    • By positive identification
    • By negative identification
    • Manual analysis
    • Remedy
    • Immediate response
    • Exclusions
    • 'Express‘ sigs
    • Automatic generation of the sig file
    • Generation of the sig file (PandaLabs)
  • 31. Panda TruPrevent Host-based Intrusion Prevention System
  • 32. Architecture DETECTION OF MALWARE USING BEHAVIORAL ANALYSIS Scanning and disinfection of malware detected Detection of network viruses and attacks DETECTION OF MALICIOUS NETWORK PACKETS PROTECTION AGAINST BUFFER OVERFLOWS DEFINITION OF SECURITY POLICIES SOFTWARE UPGRADES SIGNATURE AND PATTERN UPDATES ASSOCIATED SERVICES TECHNOLOGIES Event correlation Behavioral analysis of processes Deep packet inspection
  • 33. What is TruPrevent
    • TruPrevent technologies automatically detect and block unknown threats, zero-day attackes and intrusions.
    • Key objectives:
      • Without user intervention
      • Avoid propogation of new threats via network
      • Most advanced HIPS:
        • Deep packet inspection firewall
        • Behavorial Analysis
        • Genetic Heuristic Analysis
        • User Application Rules
        • OS Kernel Rules
    Rules for OS Kernel Rules for Users and Applications Behavioral Analysis Genetic Heuristic Scan Malware Identifiers Advanced Firewall Intrusion Prevention NetworkSecure
  • 34.
    • The same engine and identifier for different types of malware
      • Viruses, worms, Trojans, spyware, adware, hacking tools, etc.
    • Decompresses most packers.
    • Emulation of code for detecting polymorphic viruses.
    • Detection of rootkits v1.0 (v1.1 low-level HDD access).
    • SmartClean for restoring the system to the status it had before infection (hosts, registry, modules loaded, …).
    Malware signature engine Panda Technologies
  • 35.
    • Bidirectional firewall.
    • TDI filter: controls which applications have access (Internet Explorer, IM, P2P, …).
    • NDIS filter: controls ports and addresses.
    • Secure restart of the PC.
    • Centralized management of desktop firewalls
    Distributed firewall Panda Technologies
  • 36.
    • Computer “health” management.
    • Detects security products and the update status.
    • Auto-checks
      • Authorizes or denies communication depending on the status of the workstation
    • Endpoint Security Enforcement Protocol
      • Control over PC access based on security policies.
    • Integrates with Network Access Control (NAC).
    NetworkSecure Panda Technologies
  • 37.
    • Identifiers of network attacks.
    • Scans the content and behavior of TCP/IP packets (buffer overflows).
    • Detects Syn Flood, port scanning, spoofing, denial of services (DoS).
    • Active response (blocks attacking IP).
    Intrusion prevention Panda Technologies
  • 38.
    • Correlation of genetic similarity without false positives to determine &quot;malware family” :
      • Location
      • Format
      • Form
      • Properties
      • Content
      • etc.
    • “ The Magic” : calculates, correlates and diagnosis.
    • GHE available for file systems, http, smtp, httpmail, pop3, nntp, mapi and IM
    Genetic Heuristic Engine: Panda Technologies
  • 39.
    • Security policies for systems (OS policies).
    • Outsourced security managed by Panda:
      • Rules for rapid patching of vulnerabilities
      • Preventive rules for malware detection
      • Rules for blocking suspicious OS actions
      • Specific rules for servers (databases, web, file servers)
    • Can be activated and applied to different users.
    OS kernel rules Panda Technologies
  • 40.
    • Security policies for users and applications.
    • Controlled by the system administrator:
      • Control over access to files
      • Control over access to user accounts
      • Control over access to the Registry
      • Control over access to COM components
      • Control over access to services
      • Control over network access
        • System rules
        • Rules for applications
        • IDS rules
    Rules for users and applications Panda Technologies
  • 41.
    • Monitors execution of processes and guarding data areas at all times.
    • Capable of generating a signature identifier and send to network virus detection level to block subsequent attacks at firewall level.
    Buffer Overflow Protection Panda Technologies
  • 42.
    • We classify a process on the basis of all its interactions with the user and the system over time, and not simply looking at the file
      • Form, format, content, location, etc. of the file.
      • Changes and system behavior
      • Modules and resources loaded
      • Ports accessed
    • More than 5 million sensors distributed around the globe.
    • High level of detection
    • Low false positive ratio
    • Transparent to the user
    Behavioral analysis Panda Technologies
  • 43. Screenshots
  • 44. Sample Rules
    • Rule 1001: This rule prevents loading and viewing, by Internet Explorer and the Explorer.exe file, of the Browser Helper Object (BHO) associated with spyware and which are normally used once installed.
    • Rule 1002: In order to protect against certain malware, command interpreters and user applications that require user intervention cannot be executed by specific programs : mail clients, instant messengers, Office programs, text editors, multimedia applications, system applications, etc.
    • Rule 1003: This rule prevents the installation, by any application, of the Browser Helper Object (BHO) associated with spyware and which are normally used once installed.
    • Rule 1004: If the file C:explorer.exe exists, it is run instead of the file of the same name stored in the Windows directory. To prevent malware from modifying it, this rule blocks any attempt to create, modify or run a file called explorer.exe stored in C:.
  • 45. Gartner 2007 Host-Based Intrusion Prevention Systems (HIPS) Update: Why Antivirus and Personal Firewall Technologies Aren't Enough
  • 46.
  • 47.
  • 48. TruPrevent “ The best example of a vendor that has taken the visionary step of delivering a single client with a full complement of host-based intrusion prevention technologies is Panda Software, with its ClientShield product, which is priced as a single solution and provides protection across eight of the nine protection styles outlined in our HIPS research” http://www.gartner.com/teleconferences/attributes/attr_165281_115.pdf KRE KRE Behavioral analysis NetworkSecure Panda AV GHE Distributed firewall IDS/IPS IPS
  • 49.
  • 50. Panda Security Solutions Our solution suite to provide protection for every organizations
  • 51. Panda’s Solutions
  • 52. Malware Radar
    • It is an automated audit service of the whole network
      • Specialized in detecting and disinfecting malware and other security problems not detected by resident security systems
      • Complements and reinforces traditional protection systems that are insufficient to combat the new malware dynamic
    • Key features
      • On-demand
      • It can be run locally or remotely
      • It does not require local installation or uninstallation of current security software
  • 53. TrustLayer Mail TrustLayer Mail is a managed security service designed to guarantee email security providing 100% virus-free mail backed by a service level agreement. Helps organizations optimize investment in network infrastructure.
  • 54. TrustLayer Mail – Key Features GNOC VPN secure communication Monitoring tools: status, warnings, alarm, load Remote HW management Daily and ad-hoc update of filtering rules Protection against attacks (DoS...) PandaLabs Automatic sending and encryption of files detected as suspicious Analysis and action on quarantined messages Commitment to resolve the situation in under 24 hours Average resolution time of four hours
  • 55. Security appliances - Performa
    • GateDefender: Protecting the perimeter
    • Anti-malware
    • Anti-spam
    • Content Filter
    • Web Filter
    • Blocking of P2P and IM
  • 56. Security appliances - Integra GateDefender: Protecting the perimeter
    • Anti-malware
    • Anti-spam
    • Content Filter
    • Web Filter
    • Firewall
    • VPN
    • IPS
  • 57. PandaSecurity for Mobile Operators
    • Unified protection for all:
      • Devices: Symbian, Windows Mobile, J2ME…
      • Services: Multimedia messaging, Wap browsing, Mobile E-mail, HTTP Push…
      • Protocols: MM1-MM7, WAP, I-Mode, HTTP, SMTP,
    • Protection against any kind of threats:
      • Mobile malware: Disco.mid, RedBrowser, RomRide
      • Threats for PCs with GPRS and UMTS cards, ….
      • Virus (polimórphic, etc.), phishing, trojans, hacking-tools...
    • Anti-malware
    • Anti-spam
    • Content Filtering
    • Web Filtering
  • 58. Corporate Solutions Centralized management solution for corporate environments. Maximum protection against malware with the highest simplicity
      • Advanced protection
        • Layered security
        • Integration of advanced
        • anti-malware technologies
    • Easy management
      • The centralized management console AdminSecure allows you to:
          • - install, uninstall and update all protections
          • - control the protections activity
          • - monitor the risks and act in real time
  • 59. Solutions for financial market
    • Solutions for the financial market
      • Giving financial organizations the guarantee that their users will be making online transactions free from malware
      • The client organization will have a control panel that lets them decide what action to take in each case
    • Targeted Attacks Alert Service
      • A service provided by PandaLabs to monitor and alert of any new malware affecting a specific financial entity
  • 60. Case Studies Our solution suite to provide protection for every organizations
  • 61. Polis Diraja Malaysia
    • > 10,000 PCs
    • Challenges
      • Replaced Trend Micro.
      • No anti-spyware module.
      • High outbreak and infection incidents
    • Details
      • Completed installation in Bukit Aman.
      • No outbreak incidents.
      • Next deployment Sabah/Sarawak, etc.
    • Problems
      • Some PCs with resource issues.
  • 62. Syabas
    • > 1,500 PCs
    • Challenges
      • Multiple AV
      • Mutliple locations
      • Frequent outbreak
      • Network congestion due to network viruses
    • Details
      • 15 locations throughout Selangor.
    • Problems
      • Virus (Brontok and Korgo) infected a few PCs without TruPrevent.
  • 63. Sin Chew Jit Poh
    • 1,000 PCs
    • Previous antivirus: Symantec
    • Challenges:
      • Outbreak of network viruses
    • Details
      • Purchased Nov 2005 bef expiry of existing AV
      • 1,000 licenses of EnterpriSecure
      • 2 x units of GateDefender
        • Network Antivirus
        • Anti-Spam
        • Web Filtering
  • 64. Panda Security Solutions Our solution suite to provide protection for every organizations
  • 65. Summary
    • Fourth worldwide company in the sector
    • Leaders on protection and technology
    • First in Services from the Cloud and Collective Intelligence
    • Our solutions cover all layers
      • From the endpoint
      • To the cloud
    • Certifications and Recognitions from the industry
  • 66. thank you!

×