Panda Security provides unified malware protection technologies through products like TruPrevent host-based intrusion prevention system and Collective Intelligence. TruPrevent uses behavioral analysis and deep packet inspection to detect and block unknown threats while Collective Intelligence automates malware analysis through a global network of sensors to consistently deliver fast responses. Panda also offers security appliances and services like MalwareRadar, TrustLayer Mail, and solutions for mobile operators and enterprises to provide comprehensive protection.

1. Panda Security Building a safer digital world Name: TS Wong Position: Country Manager Date: October 2007

2. Agenda Who is Panda Security? Our Customers Malware Landscape Commercial Comparisons Why Panda Security? Innovations* Collective Intelligence TruPrevent (HIPS) NanoScan Gartner 2007 Case Studies: PDRM Case Studies: Syabas Our Solutions MalwareRadar TrustLayer Mail Security Appliances GateDefender Performa GateDefender Integra PandaSecurity for Mobile Operators PandaSecurity for Enterprise PandaSecurity for Internet Transactions

3. Who is Panda Security? Protection Technology Leader. 4 th antivirus vendor worldwide.

4. Who we are Founded in 1990 Leading European company in security, and the fourth worldwide company in the sector [Gartner] Solid financial situation with the participation of important private equity firms: 55% growth in 2004 Offices in more than 50 countries Product available in 23 languages Investing in R&D more than 25% of the annual revenue Leader in protection technologies against unknown threats [Gartner]

5. Who we are Presence in 54 countries with 1,500 people 2.5 Million customers worldwide 140,000 corporate costumers

6. Busiest Antivirus Vendor Introduction of products TruPrevent (HIPS) GateDefender Performa GateDefender Integra Desktop for Linux MalwareRadar NanoScan TrustLayer PreScan 1990 STARTED BILBOA SPAIN 2008 LEADERSHIP IN MALWARE PROTECTION TECHNOLOGY 2004 GATE DEFENDER & WEBADMIN 2005 TRUPREVENT 2006 WORLD NO. 4 INTEGRA 2007 NanoScan MalwareRadar TrustLayer MegaDetection <rebranding> Protection technologies incorporated into our products includes: Integrated Spyware Rootkit Detection Centralized Quarantine SDK IIS Integration for Updates PandaLabs 2007 DDoS of samples Revamped Automated by 100s of server MegaDetection!

7. Our Customers Providing protection to government agencies and corporations.

8. Some of our customers Government PDRM Mindef Jabatan Pertanian SIRIM Lembaga Kemajuan Pertanian Muda LKIM MTIB JAKIM Malaysia Tourism Promotion Board SUK Negeri Sembilan SUK Selangor Tekun NISER JHEOA Kastam KKLW MPSJ JAIWP PTGWP Suruhanjaya Perkhidmatan Pelajaran JASA JPA Corporate EuroMobil Touch N’ Go Alam Flora MPH MUI Group Prostaco Group Classita Privasia OSIM Elken NasionCom Sin Chew Jit Poh Syabas Hyundai Ingress NAZA Metro Parking Genting ISS Consulting Banking Bank Pembangunan & Infrastruktur EXIM Bank

9. Some of our customers Penang (northern region) Malayawata Classita IQ Group Brusia Engineering Boon Siew The City Bayview Hotel CMT Advanced Ceramics Technology UltraSonic MADA Kulim Hi-Tech Park NAZA Toyo Memory Chemical Industries Rubberex Healthcare Hospital Besar Melaka Hospital Pantai Mutiara Queen Elizabeth Hospital Education Universiti Perguruan Sultan Idris Universiti Putra Malaysia INSTUN TARC Terengganu Advanced Technical Institute Institut Teknologi Tinggi Kulim Politeknik Ipoh KISMEC GMI Akademi Sains Malaysia

10. Some of our customers

11. Commercial Comparisons Frequencies, consistencies and qualities.

12. Oct 2005 – PC World Only one able to eliminate 100% running processes of spyware. Better than specific anti-spyware solutions such as McAfee AntiSpyware 2006 Trend Micro Anti-Spyware 3.0 Panda Platinum Internet Security eliminated 100% of BHOs (browser helper objects) and unwanted toolbars, components frequently used to hijack browsers.

13. May 2006 – PC World Of the Internet Security suites analyzed, Panda detected the most unknown viruses and completed the full scan of the computer the fastest. USA - May 2006 * Comparative review published in PC World USA May 2006 with 2006 versions of security suites. This slide will be updated with the 2007 versions, as soon as an updated comparative review is published. Heuristic detection 91% 74% 65% 41% Detection of malware within file archives 100% 96% 78% 87% Detection of malware embedded in Microsoft Office OLE objects 100% 100% 86% 90% Scan speed (minutes) 6.65 10.47 17.34 13.31 7.

14. May 2007 – PC Magazine Panda Anti-Rootkit REVIEW DATE: 04.20.07 Panda Anti-Rootkit digs deeper than any other anti-rootkit tool I've seen, telling you exactly what it found. For safety it won't delete files digitally signed by Microsoft—smart! And it wiped out every one of my test rootkits. Detects rootkit activity in file system, Registry, processes, drivers, and Alternate Data Streams. Offers very detailed reports. Eliminates known and unknown rootkits. Basic results list is cramped in a non-resizable window.

15. GCN Lab Review - 2007 Panda Internet Security 2008 Vicious panda: The Panda software viciously tracks down viruses and cookies. Functionality: A+ Ease of use: A Speed: A- Value: B+ Pros: Gives users a lot of info, deletes anything remotely suspicious. Cons: Does a few things without asking. When Panda software wanted to submit a beta of its 2008 antivirus software, we were a little skeptical; we put betas through the same rigorous testing as released software. But Panda representatives insisted. Panda Internet Security 2008 more than lived up to our expectations. Installing the software was simple and easy, taking 4 minutes, 52 seconds, plus a reboot. It was the only program to find all 10 of the cookies we put on the test system, and it did it before it was even installed. During the install process, the program runs an anti-spyware scan. During this scan, it found all 10 cookies and automatically deleted them. The bad part about this was that seven of the cookies were not malicious, and we were given no choice as to their fate. The software just killed them without prompting and then finished the install. Once installed, the Panda software was no less vicious in tracking down and eliminating all the viruses we had put on the system, in addition to others we tried to implant through various means. One nice feature is that the software constantly scans all active connections into or out of a system for anything suspicious. One screen shows you each and every port that is open on a system, what programs are using them and where the programs are located. This makes it impossible for any program that tries to get to the outside world to do so without detection. A separate screen monitors wireless access to a system, so you are protected from that angle, too. About GCN Government Computer News is the leading publication in the $90 billion government technology market. The magazine, published 34 times per year, serves more than 100,000 readers in federal government, state, county and municipal governments in the U.S. Now in its 24th year of publication, Government Computer News is well respected for its insightful coverage of breaking news and in-depth analysis of how technology is changing and challenging the public sector. Founded in 1982, it is published by PostNewsweek Tech Media, a division of the Washington Post Company.

16. Malware Landscape Outbreak in almost every organization.

17. Malware 2.0 Targeted Attacks Many variants Distribute few copies Quality Control Submit to online scanning Customized tools Rootkits Low level entry point Growing momentum Runtime Packers Changes executable to different form but does exactly the same thing. Botnets Cyber criminals Remote control via IRC/HTTP/P2P Stage Infection Vectors Two-staged attackes Exploits Downloaders Exponential increase to DDoS against AV Labs

18. Statistics DDoS against AV vendor Malware identified in 2006 > all identified since 1990 Neither we at PandaLabs nor anyone can cope August 2007: we are adding > 4,000 detections per day Number of samples Average daily detection added By PandaLabs

19. Antivirus Vendor Not Ready Situation changed, problems changed, customers need to change. Source: Gartner, Market Trends: Security Markets,Worldwide, 2005-2010

20. Summary Odds stacked against AV vendors and users. AV vendors must provide a definitive solution.

21. Background All vendors has only a subset of each other. Viruses increases faster than signature. Law of nature for reactive solution. Vendor A: Signature New Viruses or Unknown Vendor B: Signature or Known Viruses

22. Why Panda Security? Unified Technologies delivers Unified Protection.

23. Unified Technologies One developer for all technologies layer Protection Technologies Kernel Transport Malware Labs

24. Unified Malware Protection We cover all types of malware Known + Unknown Threats Protection Any type of malware: Virus Spyware Adware Phishing ActiveX Javascript Applet Zero Day Threats New Security Solutions

25. Proactive Technologies

26. PandaLabs Collective Intelligence Automated analysis of samples Automated development of signature To consistently deliver fast response time Critical Success Factors Good heuristics Proactive detections to collect suspicious samples.

27. Collective Intelligence Revamping and Automating PandaLabs

28. Objective of Collective Intelligence Confront the “Malware 2.0” problem Detect 10 times more with 10 times less effort Maximize detection capacity Minimize costs (CPU/RAM resource and bandwidth) Focus on convenience and universality of solution.

29. Definition What is the Collective Intelligence? Threat management system “from the cloud”. Based on the aggregated knowledge of the community. Based on process automation and on the correlation of information, at our infrastructure.

30. How do we do it? Intelligence in the cloud Global visibility Continuous correlation Automatic classification Malware, Goodware Transparent to the user <Program ID:XXXXX Status:unknown. Behavioral traces:log1,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:unknown. Behavioral traces: log2,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:Malware W32/XY . Behavioral traces:log1,… Date/time of appearance: HHMMDDMMYY … <Program ID:XXXXX Status:Malware W32/XY . Behavioral traces:log2,… Date/time of appearance: HHMMDDMMYY … Collection Process signatures Inbound filters Prioritization Unique samples No. of times seen Receipt Processing Identifiers with multi-scanner Check for goodware Decompression Emulation Heuristic Sandboxing Behavioral analysis Classification By genetic family By analysis of similarity By neural networks By positive identification By negative identification Manual analysis Remedy Immediate response Exclusions 'Express‘ sigs Automatic generation of the sig file Generation of the sig file (PandaLabs)

31. Panda TruPrevent Host-based Intrusion Prevention System

32. Architecture DETECTION OF MALWARE USING BEHAVIORAL ANALYSIS Scanning and disinfection of malware detected Detection of network viruses and attacks DETECTION OF MALICIOUS NETWORK PACKETS PROTECTION AGAINST BUFFER OVERFLOWS DEFINITION OF SECURITY POLICIES SOFTWARE UPGRADES SIGNATURE AND PATTERN UPDATES ASSOCIATED SERVICES TECHNOLOGIES Event correlation Behavioral analysis of processes Deep packet inspection

33. What is TruPrevent TruPrevent technologies automatically detect and block unknown threats, zero-day attackes and intrusions. Key objectives: Without user intervention Avoid propogation of new threats via network Most advanced HIPS: Deep packet inspection firewall Behavorial Analysis Genetic Heuristic Analysis User Application Rules OS Kernel Rules Rules for OS Kernel Rules for Users and Applications Behavioral Analysis Genetic Heuristic Scan Malware Identifiers Advanced Firewall Intrusion Prevention NetworkSecure

34. The same engine and identifier for different types of malware Viruses, worms, Trojans, spyware, adware, hacking tools, etc. Decompresses most packers. Emulation of code for detecting polymorphic viruses. Detection of rootkits v1.0 (v1.1 low-level HDD access). SmartClean for restoring the system to the status it had before infection (hosts, registry, modules loaded, …). Malware signature engine Panda Technologies

35. Bidirectional firewall. TDI filter: controls which applications have access (Internet Explorer, IM, P2P, …). NDIS filter: controls ports and addresses. Secure restart of the PC. Centralized management of desktop firewalls Distributed firewall Panda Technologies

36. Computer “health” management. Detects security products and the update status. Auto-checks Authorizes or denies communication depending on the status of the workstation Endpoint Security Enforcement Protocol Control over PC access based on security policies. Integrates with Network Access Control (NAC). NetworkSecure Panda Technologies

37. Identifiers of network attacks. Scans the content and behavior of TCP/IP packets (buffer overflows). Detects Syn Flood, port scanning, spoofing, denial of services (DoS). Active response (blocks attacking IP). Intrusion prevention Panda Technologies

38. Correlation of genetic similarity without false positives to determine &quot;malware family” : Location Format Form Properties Content etc. “ The Magic” : calculates, correlates and diagnosis. GHE available for file systems, http, smtp, httpmail, pop3, nntp, mapi and IM Genetic Heuristic Engine: Panda Technologies

39. Security policies for systems (OS policies). Outsourced security managed by Panda: Rules for rapid patching of vulnerabilities Preventive rules for malware detection Rules for blocking suspicious OS actions Specific rules for servers (databases, web, file servers) Can be activated and applied to different users. OS kernel rules Panda Technologies

40. Security policies for users and applications. Controlled by the system administrator: Control over access to files Control over access to user accounts Control over access to the Registry Control over access to COM components Control over access to services Control over network access System rules Rules for applications IDS rules Rules for users and applications Panda Technologies

41. Monitors execution of processes and guarding data areas at all times. Capable of generating a signature identifier and send to network virus detection level to block subsequent attacks at firewall level. Buffer Overflow Protection Panda Technologies

42. We classify a process on the basis of all its interactions with the user and the system over time, and not simply looking at the file Form, format, content, location, etc. of the file. Changes and system behavior Modules and resources loaded Ports accessed More than 5 million sensors distributed around the globe. High level of detection Low false positive ratio Transparent to the user Behavioral analysis Panda Technologies

43. Screenshots

44. Sample Rules Rule 1001: This rule prevents loading and viewing, by Internet Explorer and the Explorer.exe file, of the Browser Helper Object (BHO) associated with spyware and which are normally used once installed. Rule 1002: In order to protect against certain malware, command interpreters and user applications that require user intervention cannot be executed by specific programs : mail clients, instant messengers, Office programs, text editors, multimedia applications, system applications, etc. Rule 1003: This rule prevents the installation, by any application, of the Browser Helper Object (BHO) associated with spyware and which are normally used once installed. Rule 1004: If the file C:\explorer.exe exists, it is run instead of the file of the same name stored in the Windows directory. To prevent malware from modifying it, this rule blocks any attempt to create, modify or run a file called explorer.exe stored in C:\.

45. Gartner 2007 Host-Based Intrusion Prevention Systems (HIPS) Update: Why Antivirus and Personal Firewall Technologies Aren't Enough

48. TruPrevent “ The best example of a vendor that has taken the visionary step of delivering a single client with a full complement of host-based intrusion prevention technologies is Panda Software, with its ClientShield product, which is priced as a single solution and provides protection across eight of the nine protection styles outlined in our HIPS research” http://www.gartner.com/teleconferences/attributes/attr_165281_115.pdf KRE KRE Behavioral analysis NetworkSecure Panda AV GHE Distributed firewall IDS/IPS IPS

50. Panda Security Solutions Our solution suite to provide protection for every organizations

51. Panda’s Solutions

52. Malware Radar It is an automated audit service of the whole network Specialized in detecting and disinfecting malware and other security problems not detected by resident security systems Complements and reinforces traditional protection systems that are insufficient to combat the new malware dynamic Key features On-demand It can be run locally or remotely It does not require local installation or uninstallation of current security software

53. TrustLayer Mail TrustLayer Mail is a managed security service designed to guarantee email security providing 100% virus-free mail backed by a service level agreement. Helps organizations optimize investment in network infrastructure.

54. TrustLayer Mail – Key Features GNOC VPN secure communication Monitoring tools: status, warnings, alarm, load Remote HW management Daily and ad-hoc update of filtering rules Protection against attacks (DoS...) PandaLabs Automatic sending and encryption of files detected as suspicious Analysis and action on quarantined messages Commitment to resolve the situation in under 24 hours Average resolution time of four hours

55. Security appliances - Performa GateDefender: Protecting the perimeter Anti-malware Anti-spam Content Filter Web Filter Blocking of P2P and IM

56. Security appliances - Integra GateDefender: Protecting the perimeter Anti-malware Anti-spam Content Filter Web Filter Firewall VPN IPS

57. PandaSecurity for Mobile Operators Unified protection for all: Devices: Symbian, Windows Mobile, J2ME… Services: Multimedia messaging, Wap browsing, Mobile E-mail, HTTP Push… Protocols: MM1-MM7, WAP, I-Mode, HTTP, SMTP, Protection against any kind of threats: Mobile malware: Disco.mid, RedBrowser, RomRide Threats for PCs with GPRS and UMTS cards, …. Virus (polimórphic, etc.), phishing, trojans, hacking-tools... Anti-malware Anti-spam Content Filtering Web Filtering

58. Corporate Solutions Centralized management solution for corporate environments. Maximum protection against malware with the highest simplicity Advanced protection Layered security Integration of advanced anti-malware technologies Easy management The centralized management console AdminSecure allows you to: - install, uninstall and update all protections - control the protections activity - monitor the risks and act in real time

59. Solutions for financial market Solutions for the financial market Giving financial organizations the guarantee that their users will be making online transactions free from malware The client organization will have a control panel that lets them decide what action to take in each case Targeted Attacks Alert Service A service provided by PandaLabs to monitor and alert of any new malware affecting a specific financial entity

60. Case Studies Our solution suite to provide protection for every organizations

61. Polis Diraja Malaysia > 10,000 PCs Challenges Replaced Trend Micro. No anti-spyware module. High outbreak and infection incidents Details Completed installation in Bukit Aman. No outbreak incidents. Next deployment Sabah/Sarawak, etc. Problems Some PCs with resource issues.

62. Syabas > 1,500 PCs Challenges Multiple AV Mutliple locations Frequent outbreak Network congestion due to network viruses Details 15 locations throughout Selangor. Problems Virus (Brontok and Korgo) infected a few PCs without TruPrevent.

63. Sin Chew Jit Poh 1,000 PCs Previous antivirus: Symantec Challenges: Outbreak of network viruses Details Purchased Nov 2005 bef expiry of existing AV 1,000 licenses of EnterpriSecure 2 x units of GateDefender Network Antivirus Anti-Spam Web Filtering

64. Panda Security Solutions Our solution suite to provide protection for every organizations

65. Summary Fourth worldwide company in the sector Leaders on protection and technology First in Services from the Cloud and Collective Intelligence Our solutions cover all layers From the endpoint To the cloud Certifications and Recognitions from the industry

66. thank you!