The advanced cybersecurity solution Panda Adaptive Defense is the only EDR (Endpoint Detection and Response) protection to achieve the EAL2+ certification in its evaluation for the Common Criteria standard published in the BOE (Official State Bulletin) for May.

The Common Criteria for Information Technology Security Evaluation (CC) is a set of evaluation criteria agreed to by the United States’ National Security Agency/National Institute of Standards and Technologies and equivalent bodies in 24 other countries. It was designed to resolve the technical and conceptual differences among existing standards for the evaluation of security systems and products. Certification to the Common Criteria requires in-depth analysis of product design and development methodology, backed by extensive testing. Common Criteria is currently recognized by the following countries: United States, Canada, Australia, New Zealand, Austria, The Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, Malaysia, The Netherlands, Norway, Republic of Korea, Singapore, Spain, Sweden, Turkey, and the United Kingdom.

The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely accepted within the international community. Further information is available at

“This certification further validates the ability of Panda Security and Panda Adaptive Defense to protect any organization with the guarantee of complying with the maximum security standards defined and verified by the Common Criteria organization. This certification is directly applicable in the 28 countries members of the Common Criteria Recognition Arrangement all around the world: USA, Europe, Asia and Oceania,” said Iratxe Vázquez, Product Marketing Manager at Panda.” The Common Criteria is a minimum requirement for many Government departments, with this certification Panda Security is well positioned to continue providing to customers in government departments with endpoint protection technology that complies with strict EAL2 + level of said certification”

Why get an IT product certified under the Common Criteria?

The Common Criteria certifications are recognized globally, and across multiple sectors. A Common Criteria certified product has a key element which makes it stand out in the area of security, since it has been evaluated by an independent third party, following a sound, well defined methodology.

In many cases, the Common Criteria is a final user demand. Government regulations in the USA (NSTISSP No. 11 – NIAP PCL List) or Europe (Spanish ENS, European eIDAS or Tachograph regulations) require that public agency purchases include third party assurance certificates (with Common Criteria being the most frequent one).

In some industries Common Criteria may be a market entry requirement (IC or ePassport) or a specific security assurance requirement in tenders (banks, mobile network operators).

Depending on the level, evaluation requirements can include:

  • Product evaluation: focused on mitigating risk vulnerabilities.
  • Evaluation of developer’s design: focused on assuring reliability of development process.
  • Development center audit: focused on assuring integrity and confidentiality of supply chain.

Common Criteria is a suitable option to demonstrate the level of trust in an IT product, and is a market hallmark for products such as commercial software, SaaS, cloud computing platforms, and hardware security modules.

Protection endorsed at a national level

Likewise, the Centro Criptológico Nacional (National Cryptology Center) has awarded Panda Adaptive Defense the “Qualified IT Security Product” stamp, joining the list of organizations that have recognized Panda’s IT security system with a high ENS (National Security Framework) classification. Secretary of State Director of the National Cryptology Center, Félix Sanz Roldán, has signed this certification in the category Security in use.

About Panda Adaptive Defense

Panda Adaptive Defense 360 is an endpoint security solution that incorporates prevention, detection, containment and cleanup with forensic analysis tools, in a lightweight agent and cloud infrastructure. In a unique product, it brings together EPP (protection) and EDR (detection and response) capabilities, monitoring endpoint activity for hundreds of parameters.

What’s more, unlike other solutions, it includes two managed services, the 100% attestation service, and the Threat Hunting service. These services eliminate the risk of incidents coming from any type of malware, and discover new malwareless attacks carried out by hackers, as well as internal and external attackers. This distinction is the reason that it is the only EDR protection solution certified by Common Criteria.

The version 8.0 of Panda Adaptive Denfense Protection Agent has achieved evaluation level EAL2+ALC_FLR.1. This new generation software, with cloud-based analysis capacities and risk analysis, provides the following functions, among others, that have been put to the test by an accredited laboratory (Applus+ Laboratories):

  • Operating system interception, monitoring all operations carried out by applications.
  • Sending a log of operations carried out by each process to the correlation system, saving its responses about the classification of applications and their modules.
  • Use of the correlation system’s response to determine the action to carry out on each application.
  • Decision making based on behavior rules and on registers of known malware to determine the action to carry out on each application.
  • Running the resulting action on the monitored application: blocking, allowing it to run, or loading it, based on the previous parameters.
  • Detecting and impeding exploitation techniques.
  • Detecting and impeding access to malicious websites.
  • Detecting and impeding/allowing reading/writing of removable devices.
  • Generation of notifications about actions carried out.
  • Self-protection against malicious processes.

Panda Security has worked with jtsec, a company specialized in consulting services for product and system certifications for the most reputable IT security standards on the market (Common Criteria, FIPS 140-2, ISO 27001, ENS, SOC 2, etc…). Made up of a team of renowned professionals from the IT sector who have broad experience in different certification schemes and security laboratories, jtsec provides a comprehensive consulting service, optimizing certification processes and facilitating entry into the CPSTIC catalogue (products recommended by the Spanish National Cryptology Center). Find out more about the Common Criteria here: