Traditional viruses, defined as executables that were sent en masse to cause infection on a large scale, are already controlled by protection systems (Endpoint Protection Platforms). These are popularly known antiviruses which, as the name suggests, protect the system of the user. The problem is that cybercriminals have evolved greatly in recent years and so has their manner of attack.
Cybercriminals change their spots every day and advanced threats are now the main focus. Direct attacks, ransomware (a technique, such as Crypotolocker, that steals information from the infected computer), zero day attacks, persistent threats… they are all spreading through the market. Businesses and everyday users are at risk, not just of information theft, but also the economic fallout of being targeted. It can also reflect badly on a company if it suffers an attack and can damage its reputation.
Fortunately, the security industry has begun to react and many big players in this sector have unveiled platforms which go far beyond just protecting your system – they can detect advanced threats while at the same time giving the best response possible to possible incidents. We are talking about EDR platforms, or Endpoint Detection and Response, to give them their full name. This term was coined in 2013 by the security analyst Gartner Chuvakin and is a trend that we at Panda Security have turned into a true star product with our Adaptive Defense 360 solution.
“The protection offered by EPP (Endpoint Protection Platform) solutions, including those that possess a traditional antivirus, isn’t enough,” explains Eduardo Fernández Canga, an expert at Panda Security. “Antiviruses are still important; they are products that protect against known threats. The problem is that some new forms still manage to enter the system. It’s not good enough to just protect your system, you also need tools that allow you to detect new threats. It’s impossible to say that we can block all malware but we can detect it and act in the best way possible,” he added.
A comprehensive and customized solution
This is where a solution like Adaptive Defense 360 comes into play. Designed by over a five-year period by Panda’s experts, this solution is compatible with Windows and soon will be available on Android devices. “Protection solutions that detect a threat always generate an identifier and include a black list. The problem is that if there is an executable that is not on this blacklist then it assumes that it is good and does nothing against it. However, Adaptive Defense does not rely only on a blacklist. It is suspicious of everything running on the endpoint,” emphasizes our expert.
So, how does this platform work? The first thing that it does is install an agent on the user’s device. Then it analyzes the behavior of every application that is running on the system. It then sends information to the cloud regarding the behavior. By using big data and data mining tools, Panda is able to classify 95% of all that shows up, including goodware and malware. To cover the remaining 5%, Panda depends on its group of expert analysts who are able to analyze and classify what the system misses.
An important differential, when compared to other solutions on the market, is that Adaptive Defense draws up a white list “for the client which we use to analyze executables,” says Fernández. Furthermore, the platform doesn’t just classify the executables but rather makes sure that their behavior doesn’t change. “Normally white list solutions aren’t capable of detecting a change when they have classified an executable like goodware. However, we generate a pattern for each executable, so if the latter leaves the pattern then it generates an alert,” adds our expert.
This last part is a relevant factor that allows customers to work with vulnerable applications such as old versions of Java, Chrome or Internet Explorer. “Many businesses feel obligated to work with software which only functions with these applications. Therefore the only way they can be protected while using them is to have a system like Adaptive Defense,” insisted Fernández.
Full control of the information flow in the organization
Another advantage of Adaptive Defense is that it allows the system administrator to know exactly what damage the malware has caused to the computer. Moreover, it allows you to know and control who has access to these harmful executables. For example, it may be the case that an employee accesses confidential information and sends it to someone outside the company. Adaptive Defense, although it doesn’t block these actions, detects them and informs the administrators.
In fact, going a step further, Adaptive Defense is a powerful tool to precisely analyze, understand and visualize the flow of information that occurs both within our organization and outward, and vice versa. “The administrator can know who, how and when data is accessed, with the all of the advantages that it entails,” says Fernández Canga.