Panda Adaptive Defense 360 on Aether Platform Getting started Best Practices

Information applies to:

STEP 1 - Access the Administration Console

STEP 2 - Pre-configure settings

• Identify Computers & Devices to Protect
• Verify Minimum Requirements for Target Device
• Determine Computer Default Settings
• Review List of Known Issues

• Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, see Installation Requirements.
• Panda Adaptive Defense 360 require access to multiple Internet-hosted resources. You need to ensure that these URLs and ports are open to allow communication with the Panda servers.

• You cannot modify default settings.
• You can copy default settings and modify them or create new ones to suit your specific needs.
• Settings are inherited to all devices within a group, but you can also set up exceptions for specific devices or sub-groups.
  More information here.
• Settings vary for Panda Adaptive Defense 360, Panda Adaptive Defense and for Panda Endpoint Protection Plus. If you do not see a setting in the web UI, it is not supported by your product.

1. Groups
   Define the group structure of your network, for example, by department or location, configure the policies required, and establish if you want to use the Active Directory tree or if you prefer to have static groups. For more information about the different types of groups, and specific instructions, see Group Computers and Devices.
2. Network settings
   Configure the network settings required to specify the language of Panda Adaptive Defense 360 software installed on computers and devices or to define the type of connection to Panda Cloud with proxies and add cache computers that act as repositories for signature files and other components. For more information, see how to configure network proxy and cache settings.
3. Per-computer settings
   • Updates
     We recommend that you leave automatic updates enabled. You can also configure the updates in time intervals and set the restart.
     
     Panda deploys the latest version available to customers and partners in phases, but you can contact your Sales Representative to request a version update.
     
     NOTE 1: From the Panda Adaptive Defense 360 web console, select the cog icon and open the Panda Adaptive Defense 360 Release Notes to find the latest version available. There are different version numbers: Panda Adaptive Defense 360 product version, Protection version by platform and Agent version by platform.
     
     NOTE 2: To find out which Panda Adaptive Defense 360 version you have installed, from the Panda Adaptive Defense 360 web console, select the cog icon, and select About. You can see the version installed on each computer from the Computers tab.
     
     NOTE 3: Contact your Sales Representative to request a version update.
     
     However, if you prefer, you can plan and execute the update process gradually in your network. Here are a few guidelines:
     
     • Create a new Per-computer profile with the Automatically update Panda Adaptive Defense 360 on computers enabled and assign it to a group containing computers representative of your environment.
     • Monitor the upgrade for a couple of weeks to ensure the process has been successful and the applications work as expected.
     • Split the deployment of the client software updates of your network progressively. The process can be done in 2 or 3 phases, depending on your network characteristics.
       For more information, see how to configure Best Practices regarding Updates & Upgrades.
   • Tampering
     Configure security against tampering to ensure that only authorized users can uninstall, disable, or uninstall Panda Adaptive Defense 360. For more information, see Tampering settings.
4. Workstations and servers' settings
   • Automatic Knowledge Updates
     Configure automatic signature file updates. Panda Adaptive Defense 360 uses signature files to identify threats. The Panda Adaptive Defense 360 client agent downloads signature files (knowledge updates) to help identify the newest security threats.
     
     We recommend that you do not disable automatic updates. A computer with out-of-date signatures becomes more vulnerable to malware and advanced threats over time. For more information, see Configure knowledge updates.
   • Uninstall other security products
     If you want to install Panda Adaptive Defense 360 on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install Panda Adaptive Defense 360.
     You can also choose to not remove the current solution, so that Panda Adaptive Defense 360and third-party products coexist on the computer. When you uninstall a third-party antivirus product, you might have to restart the computer.
     For a list of the third-party security products that Panda Adaptive Defense 360 uninstalls automatically, see Programs Automatically Uninstalled by Panda Adaptive Defense 360.
   • Advanced Protection
     In the Advanced Protection settings of a workstations and servers settings profile, you can configure Panda Adaptive Defense 360 to detect and block malicious programs. There are three available operating modes: Audit, Hardening and Lock.
     
     For maximum security and efficiency, we recommend a combination of the Advanced Protection in Lock mode together with authorised software rules (see further on).
     
     Initially, you can configure the Advanced Protection in Hardening mode to kick start the Zero-Trust Application Service learning and classification process. After a couple of few weeks, you can change the mode to Lock mode. In Lock mode, all software that is in the process of classification or is already classified as malware is prevented from running.
   • Authorized software
     Configure settings to authorize software or a family of software that you want to allow to run before it is classified. If the program represents a threat, Panda Adaptive Defense 360 blocks it regardless of whether it was authorized in these settings. For more information, see Authorized software.
   • Anti-exploit
     Enable Anti-exploit protection to automatically block attempts to exploit vulnerabilities found in the active processes on user computers. For more information, see Anti-exploit settings.
5. Indicators of Attack
   Configure the Advanced settings to Report and Block RDP or Report only according to your needs.

STEP 3 - Deploy the client software

• Download the Panda Adaptive Defense 360 Installer (for Windows, Linux, macOS and Android)
• Discovery and Installation (Windows only)
• Install the Client Software with Centralized Tools (Windows only)
• Install the Client Software from a Gold Image (Windows only)

STEP 4 - Post-deployment Checklist

• Check Dashboards
  The Panda Adaptive Defense 360's dashboard shows an overview of the security status of the network for a specific period. Several tiles show important information and provide links to more details. More information here.
• Use Lists
  Cybercriminals take advantage of a single vulnerable endpoint to carry out lateral movements that can compromise the security of the whole network, so it is critical to ensure every endpoint is protected. The My Lists section of the Status page provides quick links to detailed lists filtered for specific information that help you monitor the health and security of your network. Most dashboard tiles have an associated list, so you can quickly see information graphically in the tile and then get more detail from the list.
  
  We recommend that you use pre-defined or new lists to monitor unprotected or outdated protection endpoints to prevent attacks. Here are a few list examples:
  • Outdated Protection
  • Offline Computers
  • Pending Critical Patches
  • Installation Errors
  • Outdated software
    
    More information here.

• Restrict access to specific website categories
  Configure the categories of websites accessible to users to reduce the number of dubious sites, ad ridden pages, and innocent-looking but dangerous download portals (ebooks, pirate software, etc.) that may infect users' computers.
  More information here.
• Lock access to pen drives and other external devices
  Another commonly used infection vector is the USB drives and modems that users bring from home. Limiting or totally blocking access to these devices will block malware infections through these means.
  For more information, click here.
• Restrict communications (firewall and IDS)
  A firewall is a tool designed to minimize exposure to threats by preventing communications to and from programs that are not malicious in nature but may leave the door open to malware. If malware is detected that has infected the network via a chat or P2P application, configuring the firewall rules correctly can prevent those programs from communicating with the outside world.

• Reinforce Authentication Methods
  Apply Two-Factor authentication methods and enforce the use of robust passwords across your network.
  More information here.
• Patch up vulnerable systems and update out-of-date applications
  Update vulnerable systems and out-of-date applications with Panda Patch Management to prevent attacks looking to exploit security holes. More information, here.
• Uninstall or update the programs in EOL (End-Of-Life) stage
  EOL software is more likely to have unpatched vulnerabilities that could be exploited by malware. Use lists to view the computers in EOL or near EOL and plan to remove or update the software. Select the Status tab, and from the My lists left menu, click Add and select the End-of-Life programs lists to help you manage the update process.
• Encrypt information on the internal storage devices of computers
  Use Panda Full Encryption to minimize the exposure of the data stored on the company's computers in the event of loss or theft and prevent access to confidential data with recovery tools for retrieving files from removed drives. More information, here.
  
  Additionally, we recommend that you use the TPM module included on computer motherboards or update their hardware to support this tool. The TPM lets you prevent hard disks from being used on computers other than those used to encrypt them and detect changes to a computer's boot sequence.
• Isolate at-risk computers and devices
  You can isolate an at-risk computer to block communication to and from the computer. When you isolate a computer, Panda Adaptive Defense 360 blocks all communications, except for those required. From the Status tab, select Patch Management from the left menu, click View all available patches, select a specific computer, for example, and select the Install or Isolate computer option.
• Limit RDP connections
  Identify computers that require RDP connection and restrict its use to the bare minimum.
• Schedule scans
  You can configure tasks to run immediately or later. Tasks can run once or repeatedly through specified time intervals. Select the Tasks tab, click the Add task button and select the Scheduled scan option.

• Enable Alerts
  Configure alerts to send to the network administrator by email. You define alerts for each web UI user. The content of an alert email varies with the managed computers that are visible to the recipient. Select the Settings tab and click on My Alerts, on the left menu.
• Schedule Reports
  You can email a report of security information from the computers protected by Panda Adaptive Defense 360. You can schedule reports to send daily, weekly, or monthly on specific days and at specific times. This option allows you to closely monitor the security status without the need for administrators to access the web UI. Select the Status tab and click the Scheduled reports on the left menu.
• Audit User Actions
  You can see log information for user sessions and actions, as well as system events. Select the Settings tab, select Users from the left menu, and click the Activity tab.