CLOSING THE GAP OF MALWARE DETECTION Adaptive Defense
CLOSING THE GAP OF MALWARE DETECTION
Adaptive
Defense
04/05/2015Panda Adaptive Defense 2
Index
1. Adaptive Defense vs. Traditional
Antivirus Solutions
2. Adaptive Defense vs.
Whitelisting Solutions
3. Adaptive Defense vs. Other
Advanced Solutions
04/05/2015Panda Adaptive Defense 3
Adaptive Defense vs. Traditional
Antivirus Solutions
04/05/2015Panda Adaptive Defense 4
Detection GAP of traditional antivirus solutions
GAP/ Malware window of opportunity
Current malware is
increasingly sophisticated
Ev
olu
tio
n
1998 2014
1
2
3
Evolution of corporate IT
environments
Evolution of traditional
antivirus solutions
Comparing Adaptive Defense vs.
Top 25 Traditional Antivirus Solutions
* Viruses, Trojans, spyware and ransomware received on our Collective Intelligence platform. Hacking tools, PUPs and cookies not
included.
** The Universal Agent technology is included in the endpoint protection of all Panda Security solutions
New malware detection capacity*Traditional
Antivirus (25)Panda Adaptive Defense
Hardening Model Extended Model
Malware undetected in the first 24 hours 18% 1.2% 0%
Malware undetected in the first 7 days 7% 0% 0%
Malware undetected in the first 3 months 2% 0% 0%
Percentage of PAPS detections not detected by any antivirus 3.30%
Suspicious detections YES NO (there is no uncertainty)
File classificationUniversal Agent **
Panda Adaptive Defense
Files automatically classified 60.25% 99.56%
Classification trust level 99.928%99.9991%
< 1 mistake / 100,000 files
Programs installed
Concept Traditional antivirus solutions Adaptive Defense
DetectionKnown malware and suspicious files
Classifies 100% of applications
Detection mechanismsSignature file, heuristics (false positives)
and cloudConstant monitoring and classification of applications. Does not require signature
files
Detection technologies System hooks monitoring disk operations: 5-15% impact on performance
Monitoring of the events in programs running. 2% impact on performance
Programs installed
Differences between Adaptive Defense
and Traditional Antivirus Solutions
5/4/2015Panda Adaptive Defense 7
Panda Adaptive vs.
Whitelisting Solutions
Adaptive Defense vs. Whitelisting solutions
Advantages of Adaptive Defense vs. Whitelisting Solutions:
PAPS is a 100% managed service, transparent to admins and users
PAPS ensures trustability of ALL applications running with maximum convenienceand transparency for users
Whitelisting solutions require a lot of work from administrators, who must createwhitelists, maintain them, handle exceptions, etc.
Adaptive Defense does not require complex deployments
Whitelisting solutions Adaptive Defense
Default action Deny Managed by Panda
App. profiling Admin Managed by Panda
Exception handling Admin (high) Managed by Panda
Approval process Admin (Days/Weeks) Managed by Panda
Implem. costs High (Mgmt. servers) Very low (no mgmt.servers)
Data, OS, app. hardening No Yes
Protection against vulnerabilities No Yes
Comparing Adaptive Defense and Whitelisting Solutions
5/4/2015Panda Adaptive Defense 9
Adaptive Defense vs. Whitelisting solutions
Traditional Antivirus(AV Blacklists)
Whitelistingsolutions
Security Assurance
Co
nv
en
ien
ce
Maximum
Maximum
Adaptive Defense
04/05/2015Panda Adaptive Defense 10
Adaptive Defense vs. Other
Advanced Solutions
5/4/2015Panda Adaptive Defense 11
Adaptive Defense vs. Other advanced
perimeter solutions
ConceptPerimeter solutions with advanced
threatsAdaptive Defense
Detection coverageThe perimeter. Does not cover
applications entering from the computer (USBs, CDs, etc.)
Classifies100% of applications
Detection mechanismsUses sandboxing techniques.
Attacks hide in sandboxing environments in order to avoid detection
Constant monitoring and classification of applications in the real environment
Protection against attacksUnprotected against threats previously installed on the computers. Protects the
perimeter onlyBlocks attacks before they run on the
computer
Remove / Disinfect attacks already run on my network
Does not include options to Remove / Disinfect attacked computers
Tools to Remove / Disinfect, both on-demand and automatically
04/05/2015Panda Adaptive Defense 12
Adaptive Defense vs. Other advanced
endpoint solutions
Concept Endpoint solutions with advanced threats Adaptive Defense
Detection coverageNo vendor classifies 100% of applications
Classifies 100% of applications
Detection mechanisms Whitelisting techniques and other proactive techniques, depending on the vendor
Constant monitoring and classification of applications in the real environment
+ Big Data environments with Machine
Learning algorithms for automatic classification
+Experts for manual classification
Remove / Disinfect attacks already run on my network
Does not include options to Remove / Disinfect attacked computers
Tools to Remove / Disinfect, both on-demand and automatically
Thank you!