How to protect your company - Amazon Web...

© Panda Security 2010

How to protect your company against Internet threats,and make time four business

Contents

1. Can companies achieve real peace of mind in the face of increasing amounts of malware?1.1. A vast avalanche of malware1.2. New infection trends1.3. Current trends in figures1.4. What risks does this situation present for companies?

2. Common infection channels2.1. Attacks or infections via email2.2. Infections via the Internet2.3. Infections from users’ PCs

3. The problem of Web traffic security3.1. Social engineering3.2. Targeted advertising: SEO3.3. BOTNETS3.4. Vulnerabilities

4. And what do companies say?

5. How to achieve true peace of mind against malware and hackers

6. Our technological vision6.1. Collective Intelligence6.2. Nano Architecture6.3. SaaS Model

7. Global Business Protection: Security Solutions for Web Traffic7.1. Hosted protection7.2. On-premise protection

8. What our clients say about us...

9. References

http://www.pandasecurity.com




1. Can companies achieve real peace of mind in the face of increasing amounts of malware?

It has been some time now since we saw regular widespread epidemics hitting the headlines, or mainstream news channels reporting infections such as ILoveYou or Sircam. Back then, hackers were after notoriety; they wanted to outstrip the achievements of others, infecting more computers as quickly as possible.

Now, in the 21st Century, the situation is different. Security firms have been warning for some time of the level of professionalization among hackers, and how they are now purely focused on profiting from their activity. They achieve this using a range of techniques aimed at tricking users, whether individuals or companies.

On the one hand, companies have seen how their attempts to safeguard their business have been less than successful. On the other, as security companies we have had to adapt our security model to face up to the current threat scenario.

1.1. A vast avalanche of malware

In recent years, the amount of malware in circulation has risen dramatically and has become significantly more sophisticated. The graph below illustrates the evolution of malware between 2003 and 2006, a period in which the amount of malware in circulation doubled every year.

About five years ago, there were just 92,000 strains of malware, yet by the end of 2008 there were some 15 million. In July 2009, PandaLabs had already detected more than 30 million strains of malware, and by the end of the year this figure topped 40 million.

The reason for this spectacular increase is clear: profit. In 2003 we started to witness the use of banker Trojans, malicious code designed to steal login credentials for online banking services. Now, thanks to the way in which they have evolved, these Trojans are one of the most common threats.

And the capacity to adapt continues as every day new, more advanced variants appear, designed to evade the security mechanisms put in place by banks.

To counteract the activities of cyber-criminals, organizations such as the Anti-Phishing Working Group (www.antiphishing.org) have tried to bring together members of the IT security industry. It is a long, hard struggle however, and it is not yet clear that it is one we can win.

Fig 1. Evolution of malware 2003-2006.

Fig 2. Evolution of malware 2003-July 2009.





In general, the reason that more banker Trojans, keyloggers and bots are created than other types of malware is that they are more useful for identity theft. The statistics don’t lie. In 2005, almost half of new malicious codes were Trojans.

Now the situation is worse still, with Trojans accounting for 66 percent of new malware.

In second place comes adware with 17.62%, which includes rogueware or fake antivirus programs, to which we dedicate a specific section below.

It is interesting to note that viruses (6.61%) are in third place, as this category of malware has made a notable comeback with new versions of old threats such as Virutas and Sality.

And finally in the ranking we have spyware, with 5.70%, and worms, accounting for just 3.42% of the total. But don’t underestimate these last threats, because despite this low percentage, one of these worms, Conficker, has caused major headaches over the last year for users and businesses alike. And it still continues to infect computers.

As with any other business, cyber-criminals seek to optimize efficiency. That’s why the creators of Trojans take time to analyze which platforms their creations will target and how many potential victims there are. Consequently Windows, with its vast market share, is the platform targeted in more than 99 percent of cases.

As we have seen, banker Trojans are the ideal tool for extracting information about user names and passwords, but this information still has to be used to achieve the ultimate objective of the cyber-criminals: profit. To this end, a number of increasingly sophisticated techniques are used.

Fig 3. New malware per type - 2005.

Fig 4. New malware per type - Q2 2009.





1.2. New infection trends

As security companies become more adept at detecting avalanches of new threats and covering more infection fronts, hackers are busy discovering and exploiting others.

The dangers of infection from the Internet are well known: accessing dubious websites through which users are infected without their knowledge, downloading content from unreliable sources, etc.

Yet ultimately, the major trend in infection techniques has been the use of a method known as ‘BlackHat SEO’.

BlackHat SEO techniques are not new, although we have seen a major increase in their use over the second quarter of 2009. SEO stands for Search Engine Optimization and basically refers to the techniques used to improve the ranking of websites in search engines (Yahoo, Google, etc.). BlackHat SEO refers specifically to the use of SEO techniques by cyber-criminals to promote their Web pages.

To illustrate this situation, on June 1, 2009 Microsoft announced in E3 it’s Project Natal, the new system which allows interaction with Xbox 360 without the need for manual controls. This was a widely covered story. Less than 24 hours later, when searching Google with the words “Youtube Natal”, the first result returned was a malicious Web page. When searching for malicious pages created by the same cyber-criminals, we found the following pages with the corresponding subjects:

16,000 links “TV Online”16,000 links “YouTube”10,500 links “France” (Airline Crash) 8,930 links “Microsoft” (Project Natal) 3,380 links “E3” 2,900 links “Eminem” (MTV Awards /Bruno Incident) 2,850 links “Sony”

If that weren’t enough, other new tactics used to infect users have taken advantage of the popularity of YouTube. Basically, YouTube lets registered users add comments to the pages displaying the videos. In this case, cyber-criminals created accounts and then inserted a series of comments automatically. These comments included links to malicious websites designed to infect users. In total, more than 30,000 comments with malicious links were generated, which gives an idea of the potential infection capacity.

As has been mentioned, the imagination and innovation of cyber-criminals knows no bounds, and they rapidly adapt to popular new applications and platforms, as is the case with social networks (Twitter and Facebook) and Web 2.0 communities.

In the case of Twitter, a worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. The worm also infected the visiting user’s profile and continued to spread. Shortly after, new variants appeared, created by one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using BlackHat SEO techniques, adapted specifically to users of Twitter. This technique exploited a Twitter feature known as a “Twitter Trends”, which is essentially a list of the most popular issues on Twitter.

When users select a topic through this feature, they will see all ‘tweets’ published related to this issue. These topics included in Twitter Trends are among the most frequently read by users, making it a perfect channel for infections. In this case, cyber-criminals were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. Although at first the attack focused on just one of the issues, some days later cyber-criminals extended the scope of the attack to include malicious links in all Twitter Trend topics.





One such example was the news of the death of the actor David Carradine. In just a few hours there were hundreds of malicious tweets relating to this story. And currently, this is practically standard with all the most popular issues on Twitter.

1.3. Current trends in figures

By taking a look at some figures we can get a global perspective of the threat we are facing.

• 50,000 files are received every day, of which 37,000 are new malware samples. 99.4% of the files are automatically processed by Collective Intelligence, taking an average of six minutes per case.

• 52% of the new malware processed by Collective Intelligence exists for just 24 hours.

• In the first quarter of 2009, Collective Intelligence processed 4,474,350 files.

• To do this manually would require 1,898 and 926,347 hours of work.

• The Collective Intelligence database occupies more than 18,000 GB.

• If this amount of information were in text format, it would be equivalent to 727,373 volumes of the Encyclopedia Britannica, with almost 33 billion pages.

• Laid end-to-end, these printed pages would stretch for over 9 million kilometers, the equivalent of going to the moon and back twelve times.

• And if we had to send this information across a standard ADSL connection, it would take 1,045 days.

Traditional viruses are history. Cyber-criminals now look to profit from their efforts, saturating security laboratories with new strains of malware.

Trojans and malware designed for identity theft are the most common types. With respect to distribution methods, there are two clear trends:

Firstly, the use of bait on social networks, exploiting these massively used platforms to increase the potential infection capacity of their creations; and secondly, the use of search engine optimization techniques to trick potential victims.





1.4. What risks does this situation present for companies?

All too often, the risks are seen as distant and hypothetical, and businesses rarely think about the real impact they might have.

However the list of risks is long. Many obvious ones readily spring to mind, yet there are others whose effects on a company’s finances are impossible to predict.

What are these risks?

Evidently, all of them ultimately entail financial loss whether it be through having to shut down systems, losing employee productivity, or cyber-criminals directly accessing the information needed to steal money.

But what about the impact of clients losing faith in a company?

Imagine the effects of an attack that exposes your client database, or your computers sending spam or phishing without your knowledge, or anyone who buys from your website having their details stolen by a banker Trojan...

The bigger the company, the greater the risks...

Some things that might be just a headache for a small company could be a real nightmare for larger organizations... Imagine if data on prototypes goes missing from a company that works with patents.

The usual reaction is to think “it won’t happen to me”, as there is no widespread media coverage of the problem.

Only the most spectacular cases are reported. Have you ever stopped to wonder

how many companies are infected every day? And whether they even realize?

So let’s take a look at some real examples:Incidents reported in online media. References in the final chapter.

May 2009: Three Spanish hospitals and the 112 emergency services are paralyzed by a virus.

November 2008: Three British hospitals –protected by McAfee– are infected by a virus dating back to 2005 and are brought to a standstill.

February 2009: The Houston Justice Department is paralyzed by the Conficker virus.

May 2009: The FBI and US Marshalls’ communications are brought to a standstill due to a virus.

February 2009: The British Ministry of Defense aborts the landing of an aircraft as its Windows systems are affected by a ‘global virus’.

February 2009: IT systems of the British Ministry of Defense and the French and German armies are crippled for several days by a virus.

February 2009: 75% of French naval vessels are left without communication as systems are brought down by malware.





2. Common infection channels

It is not easy to get an idea of the vast amount of threats that we face every day. They come in all shapes and sizes, depending on what the creator is aiming for, how they are distributed, how they reach victims, etc.

It would take a long time to explain them all in detail. But we can simplify the classification by looking at the three most frequently used infection channels.

• Attacks or infections via email.

• Infections over the Internet.

• Infections from users’ PCs.

2.1. Attacks or infections via email

Email is now an essential channel of communication for all companies. It is simple, efficient and quick. It is also however the principal channel for spam and phishing along with other types of malware, such as viruses, worms and Trojans.

Not only do employees waste time deleting these threats from mailboxes –with the consequent financial impact for the company–, but there is also the risk that users are not sufficiently aware of how to detect messages that could pose a threat.

It is therefore essential that there is protection at server level as well as at the level of the individual mail client to ensure the responsibility for threat prevention does not fall entirely on individual users.

2.2. Infections via the Internet

Internet-borne threats are becoming much more common. One of the main risks is when malicious content is disguised in order to get users to download –knowingly or unknowingly– files that could be infected.

Typical cases include, for example, plugins to watch certain videos, apparently genuine program files, pdf documents hiding malware, etc.

In fact, the risk is greater still given that cyber-criminals, as we’ve mentioned before, have become more professional when it comes to designing imitation websites. The level of accuracy is such that you could easily believe you are entering your details in your bank’s online portal when in fact you are on a spoof Web page created by cyber-criminals.

2.3. Infections from users’ PCs

Another major risk comes from the security of users’ individual computers. There are many possible factors that play a part in allowing a virus to infiltrate an organization:

• Not following basic corporate security policies (e.g. not using strong passwords).

• Regular security patches for Microsoft Windows have not been applied.

• No security protection is installed; the product is inadequate and doesn’t cover all threats or has simply not been updated.

• Remote users are connecting from anywhere without adequate security policies or monitoring, etc.





Any of the above cases could present a serious risk to the integrity of a company’s systems.

Moreover, it’s not just a question of unwitting users simply downloading potentially dangerous files from the Internet, there are also risks in social networks and communities, with no controls over the links that users click on, the sites they visit or services they subscribe to.

It has also become increasingly popular to share information through removable drives, such as USB memories, and these are also being used to distribute malware.

The three main malware infection vectors are:

• Via email.

• Internet browsing.

• Through the user’s individual PC.





3. The problem of Web traffic security

The impact and frequency of Internet-borne threats are continually increasing. Junk mail causes serious problems for companies, either through compromised security, excessive use of bandwidth or reduced user productivity (having to sift through avalanches of spam).

The most dangerous Internet-borne threats are targeted at companies. These threats, generally, have a political or financial motive.

A story covered by BBC News dramatically illustrated this trend. An unprotected computer with Windows XP was connected to the Internet, with no antivirus or firewall, in order to see how long it would take before it was hit by Web-borne threats. In just 8 seconds this unprotected computer had been hit by Sasser, one of the fastest-spreading worms on the Internet.

3.1. Social engineering

Much of the malware that is installed on victims’ computers uses social engineering.

Social engineering, in this context, involves trying to obtain confidential information from users by tricking them into doing things that their security policy would otherwise prevent them from doing.

Cyber-crime and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.

Email messages using social engineering continue to be one of the main entry points into users’ computers. Typically, malware is concealed in a message attachment, passed off as an inoffensive document: images, Word or Excel files...

However, not all malware families are distributed in email attachments. Such is the case with Waledac, which has been highly active during the first half of the year. This malware family uses a wide range of message subjects to propagate through emails containing links to Web pages from which the worm is downloaded.

This technique, in fact, made it different to other previous malware families which would use attached files to spread. Creators of this type of malware use this technique to make detection by antivirus companies as difficult as possible. Previously, it was enough to detect the attached file in order to block the malware. However, today it is necessary to monitor and carry out an in-depth analysis of the links they use, as the malware they host changes depending on various parameters: the time when they are accessed, the browser used, the origin, etc.

Cyber-crooks have realized that trying to spread a single strain of malware is not sufficiently effective, and have turned to this technique instead.

For years, social engineering has been a technique favored by cyber-criminals for infecting users, and 2009 was no different. In fact, the popularity of social networks has seen a resurgence in attacks that use these types of techniques. Let’s not forget the scale on which these social networks are used; Facebook has over 350 million users, and Twitter continues to grow, with more than 15 million users in the United States alone.

It is increasingly common for people to use these networks to communicate with friends instead of, say, email. And cyber-crooks are well aware of this.





In addition to social networks, there are myriad online services that adhere to the concept of Web 2.0, many of which have also become targets for cyber-crime. Recently, YouTube, the most popular video hosting site on the Internet, was the victim of an attack. YouTube lets registered users add comments to the pages displaying the videos. In this case, criminals created accounts and then generated a series of comments automatically. These comments included links to malicious websites designed to infect users. In total, more than 30,000 such malicious comments were created.

3.2. Targeted advertising: SEO

SEO (Search Engine Optimization) refers to the techniques used to improve the positioning of Web pages in the results returned by search engines such as Yahoo, Google, etc. BlackHat SEO refers specifically to the use of SEO techniques by cyber-criminals to promote their Web pages.

Although BlackHat SEO attacks are nothing new, we have witnessed a significant increase in 2009. In April, we uncovered one of the largest BlackHat SEO attacks to date. Cyber-criminals created more than one million links in order to direct users performing searches with terms related to Ford to malicious Web pages. After we reported this attack, the campaign was changed to focus on searches for Nissan and Renault. Both cases operated in the same way: once users reached the malicious Web page, they were asked to install a codec to view a video; the codec however was really a fake antivirus called MSAntiSpyware2009.

3.3. BOTNETS

The term ‘bot’ is a contraction of the word ‘robot’. Bots are small programs that are inserted on computers, typically while users browse the Web, open emails or download from P2P networks. Once installed, they await instructions from the bot ‘herder’.

When several computers are infected, they are brought together as a botnet, i.e. a network of zombies controlled remotely by the herder. This person can then send commands which include updating the bot, downloading a new threat, displaying advertising, sending spam or launching denial of service attacks. One such example is the notorious Conficker.

Some botnets can include tens of thousands of zombies. These networks are often used as part of a highly-profitable cyber-crime business model, by harnessing a network to send spam, distributing phishing, etc. The owners effectively rent out the botnet for these purposes, using victims’ computers without leaving any trace of their malicious activity.

Many such malicious programs work on IRC (Internet Relay Chat). In fact, there are botnet communities on IRC networks where hackers collaborate with one another or, conversely, try to take control of other hackers’ zombie networks.

Fig 5. Botnet.



Panda Security: Closing down the Mariposa botnet

One of the most recent botnets was brought to light in the Mariposa Case. Investigations by Panda Security, in collaboration with the FBI and Spanish law enforcement agencies, enabled this network of more than 13 million zombie computers to be dismantled.

The capacity of the network was so great that it contained personal information from more than 800,000 users, and the damage it could have caused if used in massive attacks or exploited by cyber-terrorists would have been immeasurable.

Spamming - the most common use of botnets

Spam is still a problem nowadays, and in many countries its distributions is considered a crime. According to PandaLabs (our research laboratory) over 90% of junk mail comes from networks of zombie computers.

If the spam came from a single, centralized source, it would be fairly easy to track down and ask the corresponding Internet service provider to block the Internet connection. The problem would then be resolved and apprehending the culprits would be relatively easy.

In fact, that’s why cyber-criminals use these networks. The zombie computer becomes a proxy, and allows hackers to distance themselves from the source of the spam. This way, a hacker with a large botnet can send millions of messages every day from a safe, ‘hidden’ location.

Denial of service attacks

Sometimes hackers use networks with zombie computers to sabotage specific websites or Internet servers. The process is quite simple: – a hacker commands all computers in the botnet to make continuous attempts to contact a specific website or server. This increased traffic overloads the website or the server and prevents it from operating correctly. Sometimes it can even bring down the website. These are called denial of service attacks, or DDoS.

Another type of DDoS involves using ‘clean’ computers. Here’s how it works: Hackers launch the command for their zombie army to begin the attack. Each computer sends a connection request to an innocent computer, known as a reflector, which interprets the request to have been sent from the intended victim. So, when the reflectors send information to the victim’s system, it cannot handle the avalanche of requests and their corresponding replies, and consequently crashes.

From the victim’s perspective, it seems that the reflectors have been responsible for the attacks. Meanwhile, the zombies remain hidden and the hackers remain anonymous.

There have been countless victims of this type of DDoS, including companies such as Microsoft, which was the target of an attack using malware like Blaster or Mydoom. Amazon, eBay, CNN or Yahoo have also suffered DDoS attacks.



http://cybercrime.pandasecurity.com/mariposa/



Today there are various types of DDoS attacks which have earned specific names due to their characteristics, some of these might seem familiar:

• Ping of death: Bots create large data packets and send them to the victim.

• Mailbomb: Bots send large amounts of emails to crash mail servers.

• Smurf attack: Bots send messages with ICMP packets to the reflectors, which then send the packets to the victim.

• Teardrop: Bots send parts of malformed packets to the victim. The victim’s system tries to reassemble the parts into a single packet, which causes it to crash.

Pay-per-click fraud

Another way of using a botnet is through click fraud.

Pay-per-click is a system through which advertisers pay for the placement of banners on websites in accordance with the number of click visitors make on them.

Click fraud entails hackers configuring a botnet to launch repeated clicks on a banner, often posted on the hacker’s own page. This means that the hackers profit directly from the fraudulent clicks.

Perhaps the most concerning thing about zombie computer networks is that you could fall victim to identity theft or be complicit in an attack on a Web page without knowing it. That’s why it is important to be protected against possible threats and also to detect when your computers’ security is compromised.

The figures speak for themselves...

According to PandaLabs’, approximately 400,000 new zombies (infected computers awaiting instructions) are created every day. As their life-cycle is short, hackers are constantly recruiting new ‘soldiers’ into their armies.

And the figure is growing. More malware is created every day (PandaLabs receives more than 37,000 new samples a day) and it has to be distributed.

According to the Commtouch quarterly report, 17.5 percent of the global traffic originated by zombies comes from the following ISPs (in order):

1 telesp.net.br 2 veloxzon.com.br 3 ttnet.net.tr 4 tpnet.pl 5 airtelbroadband.in 6 brasiltelecom.net.br 7 asianet.co.th 8 ukrtel.net 9 telecomitalia.it10 verizon.net

Fig 6. Q2 2009 newly active zombies.





How could they affect your company?

Infected corporate computers can cause costly damages to businesses, as well as to their clients and suppliers.

Some of the consequences include:

• Problems with the internal network and corporate communications.

• Excessive charges on network traffic (pay-per-use models).

• Productivity losses, due to employees’ inability to use computers and office tools.

• Damage to brand and corporate image. (Imagine clients receiving Trojans or spam advertising Viagra from your company!).

• Legal consequences ranging from simple administrative sanctions to imprisonment, depending on the activity the botnet –of which you are part– has been used for.

• Negative publicity if problems reach the media.

• Etc.

And the worst is that the victims are often unwitting parties to the crimes being committed.

Prevention is better than cure.

Preventive action against botnets

What can you do to ensure your network does not become part of a botnet? How can you prevent it? It is essential to bear in mind that prevention is a continuous process; it requires the application of a series of measures:

• Install good anti-malware software and keep it up-to-date to protect the entire network.

• If the anti-malware protection does not include a firewall, you should install one on your workstations and servers.

• Create strong passwords (don’t just write your company name).

• Carry out frequent, in-depth security audits.

• Protect the network perimeter to ensure security on employees’ computers is not compromised when using the Internet.

• Apply all the security patches released by software developers (Microsoft, Adobe, etc.).

• Stay up-to-date on security news and the new methods and techniques used by cyber-criminals.

3.4 Vulnerabilities

Vulnerabilities are the Achilles’ heels of computer security systems. A vulnerability is a flaw in the programming of an application that can be exploited to enter a computer with the program installed.

Generally speaking, these security holes involve operations that cause the application to function abnormally. These situations can be provoked artificially by hackers in order to infiltrate uses computers. Sometimes this could be simply when a user opens a specially-crafted file.

This opens up a wide range of possibilities for malicious users, including running or deleting files, inserting viruses, accessing information, etc.

Although the most well known vulnerabilities are associated with operating systems, Internet browsers and email programs, any program can contain a vulnerability.

For this reason it is highly advisable to stay informed about vulnerabilities discovered in the programs installed on your computers and apply security patches provided by developers and accessible through their websites.





4. And what do companies say?

The results of an international security survey by Panda Security (available at www.pandasecurity.com) reveal that malware really is a problem for people in business today, and is a concern that affects their everyday work.

Some of the most revealing data includes:

• Some 58% of companies have been infected at some time by malware.

• Malware infections have caused 30% of businesses in Europe to shut down their business activity. In addition, and for the same reason, 36% SMBs lost productivity and 15% lost important information.

• These infections occurred despite 93% of European SMBs having some type of security system installed.

• With respect to the type of protection installed, 27% of those with a security system have a free software solution.

• When companies were asked about the reason for not having a security system installed, a third of them answered that protection systems were too expensive. Also, 8% replied that it was not necessary to have any protection installed.

• In Europe, 55% of companies believed that security played a very important role in their activity. However, only 64% have someone dedicated exclusively to security.

If companies protect themselves and are aware of the problem... what is causing these security holes?

While traditional security solutions are critical as a first line of defense, companies of all sizes still face the risk of numerous security holes which are exploited by modern malware techniques. Today malware silently infiltrates corporate networks for several reasons:

• There is no security strategy to cover the main infection vectors.

• Companies allow remote users or offices to connect to the main network with devices that could be infected.

• Inadequate management of remote offices.

• There is no serious training or information about the latest infection techniques or ruses used by hackers. This means that easily exploited technologies, such as file sharing, multimedia and instant messaging, pose a serious threat to network integrity.

• Too many computers are inadequately maintained, laptops of contractors or collaborators, sharing of files through USB drives, etc.



http://www.pandasecurity.com/



5. How to achieve true peace of mind against malware and hackers

With this situation, the only way to achieve real peace of mind is to opt for protection from the best security service provider:

• Leading-edge technology capable of combating any potential problems.

• Solutions specifically designed to achieve maximum security for your business.

• Effective technical support, delivered by professionals able to safeguard the security of your company, allowing you to focus on your core business.





6. Our technological vision

Panda Security has always been in the vanguard of security technology, providing groundbreaking anti-malware security solutions. As a visionary company, Panda Security’s innovations have always been two years or more ahead of competitors in the IT security sector.

Such was the case with the TruPrevent proactive detection technologies, which could detect malware even without prior identification. Panda Security first launched this innovation in 2005, yet similar technologies have only recently been implemented in competitors’ products.

Looking at the 20-year history of the company (link al pdf interactivo), it is clear that this is more than just an isolated example. There has been continuous reinvestment of 30% of turnover in R&D&i to ensure we always offer cutting-edge technologies.

Panda Security’s current technological vision for protection is based principally on a system for automatically analyzing, classifying and disinfecting malware, called Collective Intelligence. It is also based on offering products under Nano architecture with a minimal impact on global resources and delivering SaaS (Software-as-a-Service) solutions.

6.1. Collective Intelligence

In 2006, the dramatic increase in the amount of malware in circulation took the security industry by surprise. This situation, detected by Panda Security, gave rise to the need for a new methodology in processes for detecting and neutralizing malware. A radical change was required in order to continue offering maximum protection to clients.

Antivirus laboratories normally follow a set procedure in dealing with malware: the samples are received (a new virus, worm, Trojan...), analyzed by a technician and a corresponding vaccine is created. This is then published across the Internet, so that users can update their local signature file and thus be protected against the new virus.

This model, which had functioned adequately in the past, became useless when laboratories went from receiving 100 samples a day to an average of 37,000.

This would require a whole army of technicians working against the clock to process all the new examples of malware received.

At Panda Security, aware of the situation, we began to develop a series of technologies based on artificial intelligence –called Collective Intelligence– in 2006. These technologies can automatically analyze, classify and disinfect 99.5% of the new malware we receive every day at PandaLabs, keeping our clients protected almost in real time.

At the same time, lab technicians deal with the task of processing the remaining 0.5% of malware, which is more technically complex and consequently Collective Intelligence cannot determine whether it is malicious code.

We first released these technologies in 2007 and currently all our solutions benefit from this vast knowledge base, offering protection ratios way above the market average.



http://cde.bluevista.es/pandasecurity20aniversario/1X4a37ba16d3bfb012.cde

http://www.pandasecurity.com/enterprise/solutions/collective-intelligence/

http://www.pandasecurity.com/enterprise/solutions/collective-intelligence/



6.2. Nano Architecture

Our philosophy of offering maximum protection to clients with Nano architecture aims to minimize the impact of our solutions on system performance.

Inextricably linked to the concept of Collective Intelligence, these solutions look to shift the operation of our applications to the cloud. This emphasis on Web-based protection requires that only the most basic actions need to be carried out on our clients’ infrastructure.

To explain this more clearly, we can first look at the traditional model. In order for a traditional security solution to be able to block a threat, it must first recognize it. This not only implies work in the laboratory, but also that this knowledge must somehow be available in the security solution installed.

Traditional security solutions operate with local signature files and sometimes a set of proactive detection technologies. This means that the entire malware database must be stored on the server or local computer. If there is a database of 30 million unique malware entries, this implies that all of this knowledge must be on the computer.

The problem that this entails is that every time an email is received, for example, the antivirus checks the information against the entire database, consuming resources and slowing down the computer.

With solutions based on Nano architecture, this problem is resolved by shifting these operations to the cloud; there is no need for a local database and there is no excessive drain on local resources.

This translates into greater speed and greater availability of memory resources as certain processes are run somewhere other than the computer CPU, i.e. in the cloud.

Many Panda Security solutions already function in this way, and all the rest of the traditional solutions are adapting to this architecture model.

6.3. SaaS Model

Finally, offering SaaS (Software-as-a-Service or Security-as-a-Service) security solutions is another competitive advantage. These Web-hosted solutions providing services from the cloud offer the additional advantage of considerable savings for clients on infrastructure, and greatly simplify security management, including the option to delegate it to third parties (partner, reseller, consultant, etc.).





7. Global Business Protection: Security Solutions for Web Traffic

Whatever the size of your company, Today’s malware is designed for profit, and hackers attack small and large companies alike.

Panda Security’s Global Business Protection solutions offer a personalized service to provide global security for Web traffic aimed at the specific needs of your company.

7.1. Hosted protection

Panda Cloud Internet Protection is a cloud-based solution that guarantees secure, managed Internet access, with no need to manage hardware, software or other resources.

Panda Cloud Internet Protection ensures protection against 2.0 threats, allowing you to assign security policies according to each type of user and providing complete, real-time reports.

7.2. On-premise protection

Panda GateDefender is a family of appliances that provide perimeter protection adapting perfectly to the needs of your network.

This robust solution guarantees complete control over Web policies and delivers detailed traffic reports.

The combination of robust technology and integrated protection offered by Panda Global Business Protection, along with 24x7 support, gives you the peace of mind you need to dedicate your time to your core business, without compromising the security of your company.





EADS“After running trials of several security products (Norton, Avast, Kaspersky and Panda Security), Panda proved to be the solution that best met our expectations, particularly through its low resource consumption, centralized management and easy deployment.”Jean-YvesAndreoletti.Directorofsystemsandnetwork integrationplatforms /PMRVerification.EADSDefence&Security.France.

AMPER “Since 1995, when we first implemented Panda Antivirus in Grupo Amper, we have witnessed year after year just how shrewd that initial decision was.”ManuelFernández.ITDirector.GrupoAmper.

ESCUELAS PÍAS “One of the main benefits of Panda Managed Office Protection is cost savings, as well as the peace of mind derived from knowing we are protected against all types of threats.”JoséMaríaDomínguez.LaProvinciaEmaúsITDepartment.EscuelasPíasProvinciaEmaús.Spain.

8. What our clients say about us...

Our security solutions are designed especially for your peace of mind, so you can focus on what is truly important to you, and leave your security in the hands of real experts.

PANDACLOUDINTERNETPROTECTION NEW!

PANDACLOUDEMAILPROTECTION

PANDACLOUDOFFICEPROTECTION

SIN CHEW DAILY“Panda GateDefender is capable of stopping threats at the perimeter. It can detect malware in inbound and outbound traffic.”Mr.Ong.CorporateNetworkManager.SinChewDaily.Malaysia.

MATCHFRAME VIDEO “Thanks to GateDefender’s Web filtering capability, we’ve been able to increase our employee productivity.”MikeVanFleet.ITAdministrador.MatchframeVideo.USA.

ORDISMATIC“Panda Managed Email Protection has provided our clients with a crucial solution for spam management, freeing them from routine tasks such as mail filtering and removal. After just 7 days using it, they rated it 10 out of 10.”JoanVila.ManagingDirector.Ordismatic(ChannelPartner).Spain.



9. References

http://pandalabs.pandasecurity.com

http://www.fayerwayer.com/2008/11/impresentable-hospitales-de-londres-se-contagian-con-virus-informatico/

http://www.theregister.co.uk/2009/02/02/nhs_worm_infection_aftermath/

http://www.theregister.co.uk/2009/03/09/scot_hostpitals_malware_infection/

http://www.theregister.co.uk/2009/02/09/houston_malware_infection/

http://www.madboxpc.com/conficker-el-virus-que-tiene-revolucionado-a-redmond/

http://www.idg.es/pcworld/Conficker-ha-creado-la-mayor-red-bot-del-mundo/doc79409-Seguridad.htm

http://www.eweek.com/c/a/Security/Conficker-Attacks-700-University-of-Utah-PCs-835179/?kc=rss

http://ecodiario.eleconomista.es/noticias/noticias/878925/11/08/Algunos-ordenadores-del-Pentagono-estan-infectadas-por-un-virus.html

http://www.kriptopolis.org/cazas-franceses-en-tierra-por-virus-conficker

http://www.telegraph.co.uk/news/worldnews/europe/france/4547649/French-fighter-planes-grounded-by-computer-virus.html

http://www.kriptopolis.org/virus-colapsa-armada-britanica

http://www.itwire.com/index.php?option=com_content&task=view&id=22716&Itemid=53

http://www.elpais.com/articulo/madrid/virus/cuela/ordenadores/Sanidad/elpepiespmad/20090512elpmad_1/Tes

http://www.theregister.co.uk/2009/05/22/fbi_mystery_viral_infection/

http://www.elmundo.es/elmundo/2009/05/22/navegante/1242982288.html

http://www.cronica.com.mx/nota.php?idc=154655

http://www.elconfidencialdigital.com/Articulo.aspx?IdObjeto=16025

http://terranoticias.terra.es/nacional/articulo/ejercito-virus-ataco-centenares-ordenadores-3074699.htm

http://www.pandasecurity.com/spain/homeusers/media/press-releases/viewnews?noticia=9702

http://www.pandasecurity.com/spain/homeusers/security-info/tools/reports/

http://www.pandasecurity.com/spain/homeusers/media/press-releases/viewnews?noticia=10084



www.pandasecurity.com

© Panda Security 2010. All rights reserved. 0410-WP-GBP-EN-01

PANDA SECURITY

EUROPERonda de Poniente, 1728760 Tres Cantos. Madrid. SPAIN

Phone: +34 91 806 37 00

902 24 36 54www.pandasecurity.com

USA230 N. Maryland, Suite 303P.O. Box 10578. Glendale, CA 91209 - USA

Phone: +1 (818) 5436 901

How to protect your company - Amazon Web...

Documents

Transcript of How to protect your company - Amazon Web...