Overview and current situation

Data security is top of mind for many corporate IT and security leaders. The volume of malware has increased exponentially, with attacks and threats becoming more sophisticated and more persistent. In addition, the number of endpoints within an organization has grown rapidly, and this growth shows no signs of slowing down. And those end-points, as we’ve seen recently in the news, may include data streams coming from IoT networks, which may represent one of the most serious threats the cybersecurity industry has ever faced.

IT departments are overwhelmed: The large volumes of information that they must handle and the appearance of next-generation malware, causes many details to be overlooked or not recognized, compromising the security of the system

Panda Security and endpoint protection

Panda Security, a leader in cloud-based security solutions for businesses and consumers, offers endpoint security protection for endpoints and servers. The solution, available via Amazon AWS, is packaged as a centralized console which manages configuration and deployment of client agents.

Panda Adaptive Defense is an endpoint detection and response service that protects businesses against targeted attacks and advanced threats. The offering is the implementation of a new security model that correlates data from multiple data sources, and brings together the capabilities of machine learning and Big Data within the Panda Security platform. Adaptive Defense accurately classifies every process running in an organization, allowing only legitimate behaviors to run. Real-time security analysis is performed in the Panda Malware Intelligence Platform to detect and prevent events such as zero-days security attacks, targeted attacks, and ransomware attacks.

Devo: The clear choice

Even with a robust endpoint security offering, Panda recognized the need for a forward-thinking partner to help create new tools and value propositions for its customers.

Devo fit the bill. A key priority for Panda included having a partner with a cloud-based platform with the ability to both collect a wide range of data and rapidly analyze large volumes of data in human and

machine real-time. With Devo, Panda is able to leverage a Data Analytics Platform capable of processing hundreds of thousands of events per second, per core.
Panda also wanted to ensure its partner was able to provide new and innovative offerings and tools to make data gathered and analyzed as meaningful as possible to the end user. Devo delivers on this need, providing tools to easily create and configure dashboards with key indicators; adaptive search options; and default as well as custom alerts related to security incidents, risk situations, user access to critical information, and application/network resource usage.

Delivering security analytics in the cloud, at scale

Working together, Panda and Devo have created a module for the Adaptive Defense offering called Advanced Reporting Tool (ART). ART automates the storage and correlation of the information related to process execution and its context extracted by Adaptive Defense from endpoints. This information enables ART, delivered through the Devo Data Analytics Platform, to automatically generate security intelligence and allow organizations to pinpoint attacks and unusual behaviors, regardless of their origin, as well as detect internal misuse of corporate systems and networks. ART’s unique capabilities enable calculations, graphical visualization and alerts on Network Security Status Indicators and IT resources usage.

The Devo platform provides Panda customers with increased visibility into their endpoints, malware and other security issues. Because a massive amount of data is collected at endpoints, the Panda/Devo solution affords the ability to search for external and internal threats, diagnose critical vulnerabilities, and report and alert in real-time, so businesses can take immediate action to prevent or limit the impact of attacks. Devo capabilities enable wide visibility in forensic intelligence regarding any event.

Additional benefits for customers using the ART offering

Determining the Origin of Threats and Forensic Analysis. When an organization is facing a security incident, it could take a significant amount of time before that organization is able to determine the incident occurred. In these instances, the organization and their security partner need to look back at data to find the threat, identify its source, and determine how deeply rooted the problem is. With Devo, Panda is able to go back in time one year to correlate data from endpoints, identify the malware, pinpoint every place the malware has touched and done damage, and highlight the vulnerable application. With this knowledge, the organization can quickly take action to remediate the issue and apply security measures to prevent future attacks.

Visibility into Vulnerabilities. Most organizations believe they know where all their endpoints are installed, and that these endpoints are secure. In reality, they may not have full visibility. Working with Devo, organizations now have clearer visibility into all machines running on the endpoint that are vulnerable. In addition, customers also receive a list of vulnerable elements and applications so they can take action to eliminate vulnerabilities quickly.

Monitoring and Policies. Using the Devo platform, customers can monitor and control misuse of corporate resources that may have an impact on business and employee performance. For example, the customer is able to monitor data usage and identify outliers, such as specific endpoints utilizing excess bandwidth. Armed with this information, customer can assess if this usage is normal and expected, or if it is a matter that needs to be addressed and corrected. The information gives the organization the power to take appropriate action, such as implementing more restrictive policies and limiting access to critical business issues.