The result is a continuous process of innovation, perfectly reflected in the launch of our intelligent TruPrevent Technologies, the development of a converged HIPS and our new security focus: “Collective Intelligence”.
Thanks to its behavioral analysis, application control and heuristic modules, TruPrevent technologies have become the most advanced intrusion prevention system (HIPS) on the market (Gartner, January 2007).
The module includes a ‘correlation unit’ that determines whether behavior is legitimate or suspicious based on a series of factors A typical example would be a program trying to send email messages, which, although this is not a characteristic that could determine whether or not there is malware, it is in itself suspicious
- Application monitoring module. This allows security policies, such as denying access to key system resources, to be established in all computers on the network.
- Genetic Heuristic Engine. This is a new generation of heuristic detection to determine malware presence through so-called ‘genetic scanning’. Compared to Panda’s traditional heuristics, genetic heuristics look at many more aspects to determine whether a file contains malware or not with maximum precision. It involves obtaining the genetic profile of every file, through deep code inspection of scanned items.
CONVERGED HIPS
At Panda Security we have stayed one step ahead of Internet threats with the development of a transparent HIPS (Host Based Intrusion Prevention System) for both home users and companies. Unlike other HIPS, ours does not ask users or the administrator questions or force them to make decisions.
The technologies integrated in Panda Security PIPs are:
- Reactive technologies (signature-based antivirus engine)
- Proactive TruPrevent technologies
- Genetic Heuristic Engine (GHE)
- Firewall/DPI technology
The combination of different technologies makes an effective defense against different types of threats. For example, a known virus will be detected through the signature file, whereas if it is unknown it will be detected proactively by the behavioral analysis or the GHE.
COLLECTIVE INTELLIGENCE
The Collective Intelligence focus has been developed by Panda Research and is housed in a network of data centers. The pillars of this new system are:
1) Collection of data from the Web community. The system centrally collects and stores behavioral patterns of programs, file traces, new malware samples, etc. This data comes from Panda users, and from other companies and collaborators. This extensive capacity to collect information provides greater visibility of active Internet threats.
2) Automatic leverage of data. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the user community with PandaLab’s extensive malware knowledge base. The system automatically returns verdicts (malware or goodware) on the new files received, thereby drastically reducing the manual workload at PandaLabs.
3) Making the knowledge available. This knowledge is delivered to users as Web services or through signature file updates.