Monthly Archives: August 2015

Panda Security

EDR technology – much more than just standard protection

Traditional viruses, defined as executables that were sent en masse to cause infection on a large scale, are already controlled by protection systems (Endpoint Protection Platforms). These are popularly known antiviruses which, as the name suggests, protect the system of the user. The problem is that cybercriminals have evolved greatly in recent years and so has their manner of attack.

Cybercriminals change their spots every day and advanced threats are now the main focus. Direct attacks, ransomware (a technique, such as Crypotolocker, that steals information from the infected computer), zero day attacks, persistent threats… they are all spreading through the market. Businesses and everyday users are at risk, not just of information theft, but also the economic fallout of being targeted. It can also reflect badly on a company if it suffers an attack and can damage its reputation.

Fortunately, the security industry has begun to react and many big players in this sector have unveiled platforms which go far beyond just protecting your system – they can detect advanced threats while at the same time giving the best response possible to possible incidents. We are talking about EDR platforms, or Endpoint Detection and Response, to give them their full name. This term was coined in 2013 by the security analyst Gartner Chuvakin and is a trend that we at Panda Security have turned into a true star product with our Adaptive Defense 360 solution.

“The protection offered by EPP (Endpoint Protection Platform) solutions, including those that possess a traditional antivirus, isn’t enough,” explains Eduardo Fernández Canga, an expert at Panda Security. “Antiviruses are still important; they are products that protect against known threats. The problem is that some new forms still manage to enter the system. It’s not good enough to just protect your system, you also need tools that allow you to detect new threats. It’s impossible to say that we can block all malware but we can detect it and act in the best way possible,” he added.

edr technology

A comprehensive and customized solution

This is where a solution like Adaptive Defense 360 comes into play. Designed by over a five-year period by Panda’s experts, this solution is compatible with Windows and soon will be available on Android devices. “Protection solutions that detect a threat always generate an identifier and include a black list. The problem is that if there is an executable that is not on this blacklist then it assumes that it is good and does nothing against it. However, Adaptive Defense does not rely only on a blacklist. It is suspicious of everything running on the endpoint,” emphasizes our expert.

So, how does this platform work? The first thing that it does is install an agent on the user’s device. Then it analyzes the behavior of every application that is running on the system. It then sends information to the cloud regarding the behavior. By using big data and data mining tools, Panda is able to classify 95% of all that shows up, including goodware and malware. To cover the remaining 5%, Panda depends on its group of expert analysts who are able to analyze and classify what the system misses.

detection

An important differential, when compared to other solutions on the market, is that Adaptive Defense draws up a white list “for the client which we use to analyze executables,” says Fernández. Furthermore, the platform doesn’t just classify the executables but rather makes sure that their behavior doesn’t change. “Normally white list solutions aren’t capable of detecting a change when they have classified an executable like goodware. However, we generate a pattern for each executable, so if the latter leaves the pattern then it generates an alert,” adds our expert.

This last part is a relevant factor that allows customers to work with vulnerable applications such as old versions of Java, Chrome or Internet Explorer. “Many businesses feel obligated to work with software which only functions with these applications. Therefore the only way they can be protected while using them is to have a system like Adaptive Defense,” insisted Fernández.

Full control of the information flow in the organization

Another advantage of Adaptive Defense is that it allows the system administrator to know exactly what damage the malware has caused to the computer. Moreover, it allows you to know and control who has access to these harmful executables. For example, it may be the case that an employee accesses confidential information and sends it to someone outside the company. Adaptive Defense, although it doesn’t block these actions, detects them and informs the administrators.

In fact, going a step further, Adaptive Defense is a powerful tool to precisely analyze, understand and visualize the flow of information that occurs both within our organization and outward, and vice versa. “The administrator can know who, how and when data is accessed, with the all of the advantages that it entails,” says Fernández Canga.

The post EDR technology – much more than just standard protection appeared first on MediaCenter Panda Security.

AVG

Thomson data breach exposes passenger details

Thomson, a UK based holiday company, apologized to their customers this weekend about a small but rather significant data breach. This comes on the back of much larger breaches such Ashley Madison in the US within the last few weeks.

My attention was grabbed by the depth of what data was breached and also the method in which it was distributed, rather than the quantity of what was mistakenly disclosed. Just 458 people have been effected, all of them UK based.

In a statement, Thomson apologized and said “We are aware of an email that was sent in error, which shared a small number of customers’ information. The error was identified very quickly and the email was recalled, which was successful in a significant number of cases”.

The interesting element to this story is that regardless of the perimeter security that Thomson has in place to avert hackers and cybercriminals, a simple human error of attaching data to an email has caused concern for a number of customers.

The data included in the breach includes: name, home address, telephone number, flight dates, email address and the outstanding balance due. The data was shared with all the people on the list itself, so 458 people have the data.

There are technologies available that allow companies to limit the data that is sent out in emails or other communications. These are termed ‘data leakage prevention’ technologies and I am sure that the Thomson IT team will be evaluating a solution of this type.

In the BBC article that covered this breach the people effected are talking about cancelling holidays and are of course worried about being burgled.

What advice can be offered in this instance? An obvious one is to change the dates of your holiday and insist that Thomson cover the costs. In reality though many people have probably scheduled time off work, and its not easy to change plans. I think if this happened to me, the option I would take is to have someone house sit for me while I am away.

Follow me on Twitter @TonyatAVG

AVG

Windows 10 not playing DVDs? Here’s why.

Microsoft has included the DVD Player software for free in Windows 10, but only if you’re upgrading from any of the following versions:

  • Windows 7 Home Premium, Professional or Ultimate
  • Windows 8 or 8.1 with Windows Media Center.

It’s free for a limited time, but Microsoft hasn’t given any indication as to how long that will be. So if you haven’t already upgraded and qualify for the free DVD software, you might want to consider upgrading soon.

It’s important to note that to receive the DVD Player app from Microsoft for free you must upgrade Windows 10 from your existing version of Windows.  A clean install of Windows, despite this being the preference for many people, won’t work.

What if you don’t want the Windows DVD Player app? No problem, there are free and open source alternatives available, such as VLC Media Player

While you’re at it, remember to keep all software on your PC up-to-date and install an antivirus solution like AVG AntiVirus Free to prevent infections against viruses and malware.

If you have any tips for Windows 10 you’d like to share, please let us know via Facebook or Twitter. Until next time, stay safe out there.

NVD

CVE-2015-3269

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

NVD

CVE-2015-5785

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.

NVD

CVE-2015-5786

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.

NVD

CVE-2015-6262

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.