Tag Archives: featured1

Avast

Creators of Dubsmash 2 Android Malware Strike Again

Malware Writers Can’t Keep Their Hands Off Porn

In April, we reported on a porn clicker app that slipped into Google Play posing as the popular Dubsmash app. It seems that this malware has mutated and once again had a short-lived career on Google Play, this time hidden in various “gaming” apps.

For your viewing pleasure

The original form of this porn clicker ran completely hidden in the background, meaning victims did not even notice that anything was happening. This time, however, the authors made the porn a bit more visible to their victims.

The new mutation appeared on Google Play on July 14th and was included in five games, each of which was downloaded by 5,000-10,000 users. Fortunately, Google reacted quickly and has already taken down the games from the Play Store.

The selection of "gaming" apps affected by Clicker-AR malware on the Google Play Store.

The selection of “gaming” apps affected by Clicker-AR malware on the Google Play Store.

Once the app was downloaded, it did not really seem to do anything significant when opened by the user. However, once the unsuspecting victim opened his/her browser or other apps, the app began to run in the background and redirect the user to porn sites. Users may not have necessarily understood where these porn redirects were coming from, since it was only possible to stop them from happening once the app was killed.

May I?

This new mutation, which Avast detects as Clicker-AR, requested one important permission that played a vital role in helping the app do its job. The app requested permission to “draw over other apps”, meaning it could interfere with the interface of any application or change what victims saw in other applications. This helped the malware put its adult content in the forefront of users’ screens.

Let’s play “Clue”

We did not immediately realize that the group behind Clicker-AR was comprised of the same folks  from Turkey behind the fake Dubsmash app. Then, our colleague Nikolaos Chrysaidos dug a bit deeper and was able to connect some clues to figure out who was behind this piece of malware. He noticed that the fake Dubsmash app and the new apps shared the same decryption base64 code for the porn links. We then noticed that they shared the same function with the same name “bilgiVer”, which means “give information” in Turkish. Finally, the old and new apps used the same DNS from Turkey. Not only did they have a server in Turkey, but they also now made use of an additional server in the U.S. – it seems they made some investments using their financial gain from April!

Bye bye, porn!

As mentioned above, these malicious apps have already been removed from Google Play and Avast detects the malware as Clicker-AR. The following games are infected with Clicker-AR: Extezaf tita, Kanlani Titaas, Kapith Yanihit, Barte Beledi, and Olmusmi bunlar. If you have any of these apps installed on your device, we suggest you remove them (unless you, um, enjoy them) and make sure you have an antivirus app, like Avast Mobile Security, installed to protect yourself from mobile malware.

Follow Avast on Twitter where we keep you updated on cybersecurity news every day.

Avast

Is the Ashley Madison data breach worse than other data breaches?

Ashley Madison calls itself the “most famous website for discreet encounters between married individuals”. Now, the platform for infidelity and dating has been hacked and its user database of 40 million cheaters with their real names, addresses, financial records, and explicit information were stolen. Discreet is done.

Did the married Ashley Madison customers really think their extramarital activities could be discreet?

Ashley Madison hookup site gets hacked

image: www.ashleymadison.com

The past months and years, Target was hacked, Home Depot, BlueCross BlueShield, and even the U.S. government was hacked and data of tens of millions of people were exposed. Wal-Mart, CVS, and Costco had to take down their photo service websites last week as they are investigating a possible data breach. News about new data breaches break every month, sometimes even every week. Just in May, the dating site AdultFriendFinder was hacked, and sensitive information about 3.5 million people was leaked. It shouldn’t come as a surprise to Ashley Madison users that this data breach happened. It was just a matter of time.

Avid Life Media (ALM), the owner of Ashley Madison, seems to have the same stance. In a statement to the media, published by Brian Krebs who first reported the hack, they said: “The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”

Hackers holding ALM ransom
According to reports, a hacker group called “The Impact Team” seems to be behind this breach and they reportedly demand a ransom from ALM. The hacking group is threatening to expose “all customer records, including profile with all the customer’s secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails” if ALM does not take down Ashley Madison and their other casual dating platform, Established Men.

Moral reasons for the hack
In a document, The Impact Team explained its apparent moral motives behind the breach. Regarding the Ashley Madison users, they write “they’re cheating dirtbags and deserve no such discretion”, and describe Established Men as a “prostitution / human trafficking website for rich men to pay for sex.

Furthermore, they call out ALM for misguiding its users by offering a “full delete” feature that will allegedly delete your payment and address details from its database for a fee of $19. The Impact Teams writes: “It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.” According to the hackers’ manifesto, ALM made $1.7 million in revenue alone with this feature in 2014.

How did The Impact Team get access to the data?

According to information revealed to Brian Krebs by ALM, it is likely that the data breach happened through somebody who internally had access to ALM’s technical systems, like a former employee or contractor.

As this data breach puts sensitive personal information at risk – is it worse than previous breaches, like the Target breach that exposed customer credit card numbers?

Jaromir Horejsi, Senior Malware Analyst at Avast said,

From what we know about the technical circumstances of how this happened, it isn’t worse than other breaches. As a former employee or contractor might have been involved, this doesn’t sound like something that required a sophisticated hack. However, more sensitive personal data is involved, and that is what is making people shiver.”

On the other hand, if somebody is cheating on their spouse, they always are walking on thin ice and have to fear that their partner will find out about it some way or another. This is nothing new.

“What’s more sensitive in this case, is that address and financial data was revealed and therefore could be abused for identity theft,” Jaromir Horejsi added. “The personal data may be sold on hacking forums and later used for spamming the affected individuals. It also didn’t take long until the data from the AdultFriendFinder breach made its rounds on hacking forums. People should take this seriously. What users can learn from this is that any information shared online can be stolen. Just because things take place or at least start in the virtual world doesn’t mean that they have a lower impact on your real life. Users that may be affected should start monitoring their credit card statements for unusual activities and report them to their bank.”

In theory, it would also be possible for the hacker group to start blackmailing individuals – in this case it would be best for those affected to be upfront with their partner to take the wind out of the criminal’s sails. However, judging from the type of ransom the hacker group is demanding, this is rather unlikely – as their real goal seems to be to take down Ashley Madison and Established Men.

Follow Avast on Twitter where we keep you updated on cybersecurity news every day.

Panda Security

Cyber-security is a worry for the health industry, but is it sufficiently protected?

A recent report by the non-governmental organization HIMSS, focused on improvements made in the health sector due to the introduction of information technology, has revealed that the sector is extremely vulnerable to cyber-attacks.

According to the report, two-thirds of those questioned (made up of industry professionals from around the world) confirmed that their organization had suffered a recent data attack. This is an alarming example of how valuable private patient information is to cybercriminals.

ciber-security, attack

Information security continues to be a priority in IT strategies

The concern about the protection of confidential information is of increasing importance to those who work in the industry, and they are working harder to ensure that this information is kept secure and private. This is reflected in the survey as nearly 9 out of 10 stated that cyber-security has taken on a greater importance in their business in the last year.

Lisa Gallagher, vice-president of Technology Solutions at HIMSS, claims that “health organizations need to adapt quicker in order to defend themselves against cyber-attacks”. So, what does this involve? According to Gallagher, this means incorporating new tools and carrying out frequent analysis of its security processes. Fortunately, half of those questioned agreed that their company had undertaken steps to improve its online security, the protection of its endpoints, the loss of personal data, and disaster recovery. Despite the wealth of protection technology available, however, the majority of those questioned have doubts that their company can protect against attacks on its IT infrastructure and private data.

The use of antivirus and antimalware software is the most widespread

In general, according to the report, companies within the health sector use, on average, 11 different types of technology to guarantee their security. Furthermore, over half of these companies have employees dedicated to the management of private information and data.

This is a logical move considering that 42% of those questioned believe that there are new and growing threats that need to be detected and stopped. These threats have, in half of the cases, been detected by internal security systems. Just 17% of those surveyed admitted that security breaches had been detected by an external source, such as a patient whose information had been compromised.

Another important and positive detail that comes from the survey is the increased use of antivirus and antimalware software by companies (87% of those polled confirmed that their business had implemented the software). Not only this, but 80% also stated that their company was increasing its monitoring of online security to detect and investigate security breaches.

health industry

Consequences of attacks

With regards to security incidents, the majority (62%) have stemmed from a disturbance in the IT systems that has not only affected the IT operations, but also health care – albeit in a more limited way.

To have personnel available that are ready to detect and stop the attacks is vital. According to the report, 64% agree that not having skilled professionals on hand is a barrier against combating cyber-attacks.

The majority of those questioned (70%) also agree that phishing attacks, which are more and more frequent, and the spread of malware, are incentives to improve the protection of private information. In order to achieve this, 59% of those surveyed feel that it is important to share information about cyber-attacks with other sectors.

It is important to point out that these attacks aren’t just confined to the health sector. Many other companies have suffered breaches of security including Sony Pictures, which saw information stolen relating to employee salaries, unreleased films, and private mails between directors. Other businesses in the maritime oil industry  have also suffered information theft, which we recently discovered at Panda Security.

Finally, an example of a company from the health sector that has suffered an attack is CareFirst BlueCross BlueShield, which offers medical services in the US states of Virginia, Maryland and Washington D.C. Last year the company found out that private information relating to over a million of its online users could have been compromised in a cyber-attack.

The post Cyber-security is a worry for the health industry, but is it sufficiently protected? appeared first on MediaCenter Panda Security.

Avast

Android malware Fobus now targeting users in the U.S., Germany and Spain

Mid January we informed you of a data-stealing piece of Android malware called Fobus. Back then Fobus mainly targeted our users in Eastern Europe and Russia. Now, Fobus is also targeting our users in the USA, United Kingdom, Germany, Spain and other countries around the world.

Fobus can cost its unaware victims a lot of money, because it sends premium SMS, makes calls without the victims’ knowledge and can steal private information. More concerning is that Fobus also includes hidden features that can remove critical device protections. The app tricks users into granting it full control of the device and that is when this nasty piece of malware really begins to do its work. You can find some more technical details and analysis of Fobus in our previous blog post from January.

Today, we decided to look back and check on some of the data we gathered from Fobus during the last six months. We weren’t surprised to find out that this malware family is still active and spreading, infecting unaware visitors of unofficial Android app stores and malicious websites.

The interesting part of this malware is the use of server-side polymorphism, which we suspected was being used back in January but could not confirm. We have now confirmed that server-side polymorphism is being used by analyzing some of the samples in our database. Most of these have not only randomly-generated package names, but it also seems that they have randomly-generated signing certificates.

Number of users who have encountered Fobus

Number of users who have encountered Fobus

Geographical reach expanded from the East to the West

Previously, we predicted that we would probably see a steady growth in the number of encounters users have with this malicious application. A review of the results, however, beats all of our predictions. At the beginning, this malware mainly targeted mobile users in Russian speaking countries. As our detections got smarter and we discovered new mutations of Fobus, we discovered that many other countries are affected as well. Now Fobus, although it still mainly targets users in Eastern Europe and Russia, is also targeting our users in the USA, Germany, United Kingdom, Spain, and other countries around the world.

The above graph shows the number of unique users (user IDs) encountering Fobus per day. The graph is also geologically divided by country codes as reported by the users’ connection location.

Number of times users encountered Fobus by country (as of July 21, 2015):

  • Russia: 87,730
  • Germany: 25,030
  • Spain: 12,140
  • USA: 10,270
  • UK:  6,260
  • Italy: 5,910

There are two great leaps visible in the graph, which mark the days when new versions of Fobus were discovered and new detections protecting our users were released. These three detections seem to be particularly effective at their task. The high impact in countries outside of Russia and English speaking regions, which can be seen in the graph, is a little surprising. Especially considering that the malware typically is only in Russian and English and even the English version contains some strings in Russian. Seems like the authors were too lazy to translate their own app properly…

World map showing the percentage of users who encountered Fobus

World map showing the percentage of users who encountered Fobus

An app, built just for you

Now, let’s dig into the analysis. We will look at the certificates used to sign some of the Fobus samples. We already mentioned the problems connected with generating unique applications for each victim (server-side polymorphism). This does not only apply to rebuilding, repackaging and obfuscating each instance of the app itself, but also extends to their signing certificates. To back this up, we analyzed around 4,000 samples and data and inspected the usage of these certificates. We verified that each build of the malicious app is typically seen by one user only, even though its signing certificate can be used to sign multiple apps. Virtually all of the samples we have are very low prevalent, meaning that different users only very rarely see an app instance multiple times. As for the signing certificates, we believe that they are being regenerated on a timely basis. We were able to pick a few examples of such certificates from our statistics.

certs_may_28certs_may_30

 

 

 

 

 

 

 

 

 

 

As you can see from the screenshots above, these certificates are dated the 28th and 30th May 2015 and the time differences in the beginning of the validity period between these certificates are in the order of minutes, sometimes even seconds. We have also found some samples that have certificates with randomly generated credentials altogether.

certs_random

The above provided screenshot is an example of such randomly generated certificates.

To conclude, we would like to encourage you to think twice about the apps you install on your phone. Especially if the apps you download are from third party stores and unknown sources. If you download apps from the Google Play Store you’re on the safe side. Requiring nonstandard permissions – especially permissions that don’t seem necessary for the app to properly function – may be a sign that something fishy going on. You should be very suspicious of an app that requests device administrator access and think twice before downloading it.

Acknowledgement

Special thanks to my colleague, Ondřej David, for cooperation on this analysis.

Avast

How iOS users can stay protected against iScam threat

iScam displays a "crash report" to affected users. (Photo via Daily Mail)

iScam displays a “crash report” to affected users. (Photo via Daily Mail)

It’s a common belief (and myth) that Apple products are invincible against malware. This false line of thinking has recently again been refuted, as iPhone and iPad users have been encountering a ransomware threat that freezes their Internet browsers, rendering their devices unusable. The ploy, commonly known as iScam, urges victims to call a number and pay $80 as a ransom to fix their device. When users visit an infected page while browsing using the Safari application, a message is displayed saying that the device’s iOS has crashed “due to a third party application” in their phone. The users are then directed to contact customer support to fix the issue.

How to clean your system if you’ve been infected by iScam

  • Turn on Anti-phishing. This can be done by visiting Settings > Safari and turn on ‘Fraudulent Website Warning’. When turned on, Safari’s Anti-phishing feature will notify you if you visit a suspected phishing site.
  • Block cookies. For iOS 8 users, tap Settings > Safari > Block Cookies and choose Always Allow, Allow from websites I visit, Allow from Current Websites Only, or Always Block. In iOS 7 or earlier, choose Never, From third parties and advertisers, or Always.
  • Allow JavaScript. Tap Settings > Safari > Advanced and turn JavaScript on.
  • Clear your history and cookies from Safari. In iOS 8, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data. To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.

Check out Apple’s support forum for additional tips on how to keep your device safe while using Safari.

Avast

GrimeFighter is now Avast Cleanup

Optimize your PC with Avast Cleanup’s advanced scanning features.

Change is good, especially when it pushes us forward and encourages us to improve. We’ve recently made a change that will benefit our users and make their experience using our products even better. Our PC optimization product formerly known as GrimeFighter has now emerged as Avast Cleanup. In addition to the name change, there’s more to this transition that Avast users can be excited about. In Avast Cleanup, we’ve got a bunch of great benefits for you to enjoy:

  • Rid your PC of up to 5x more junk. Avast Cleanup continues to search for junk files, unnecessary app processes and system settings that slow down your PC’s performance. The amount of issues detected by Avast Cleanup have been improved fivefold, ensuring that your PC is cleaned as thoroughly as possible.
  • Keep it clean, keep it fast. Avast Cleanup’s quick and easy scan is 10x faster, now capable of transforming your PC in minutes or even seconds. As always, exact scan times may vary due to Internet connection or amount of issues found.
  • Win precious space back with new, advanced scanning features. Even a new PC can be loaded with unnecessary apps. Avast Cleanup checks when you update a program or uninstall an app, ensuring that any unnecessary leftover files don’t take up space on your PC. Since you’re immediately informed if unneeded files are discovered, you can save more space on your device than ever before.
  • Organize Avast Cleanup to work around your agenda. You can schedule a daily clean, select which programs you want to load upon startup, and choose what you clean in a scan. What’s more, Avast Cleanup discreetly runs in the background while you go about your daily activities.

Avast Cleanup helps you store more of what you actually want and to accomplish it in just a few minutes. Don’t let your PC become a test of your patience — try Cleanup for yourself. Here’s how:

  • For licensed users, all you need to do is install the latest version of Avast. Your GrimeFighter will then be automatically updated to Avast Cleanup. You’ll receive a notification letting you know that the update was successful.
  • For users who have updated to the latest Avast version but haven’t yet purchased Avast Cleanup, you can do so either from our website or, better yet, directly through the program by navigating to the store link on left menu of the interface.
  • For users who haven’t updated, you can also buy Cleanup within Avast. For now, you’ll still see it as GrimeFighter and you’ll need to do an update to the latest version of Avast in order for it to work.

Panda Security

Tapjacking – when the danger camouflages itself on Google Play

tapjacking, android

After many attempts, we have finally gotten it into our heads that it is essential that we read the small print before we install any application on our devices. If it mentions anything that strays far from what the app is about (for example, a flashlight that tries to use your GPS) it’s best to ignore it unless you are completely confident in the product.

Just because an application requires a lot of permission to be installed doesn’t mean that there is anything to be concerned about but it should still serve as a caution. Luckily, the majority of people are aware of this and look at the small print in detail, leaving cyber attackers to look for other ways to trap their victims.

One of their more dangerous techniques is known as tapjacking – a weakness in the Android operating system that allows for malicious activity to be hidden under the guise of a regular app. This technique lets malware, which could potentially steal credit card details, disguise itself as an inoffensive videogame application.

danger, mobile, android

In February of this year Google released its Android Security Acknowledgements and included on this list were two investigators – Stephan Huber and Siegfried Rasthofer. They were thanked for their help in detecting the possible security breach and for helping the company to uncover how these attacks were being carried out.

How tapjacking Works

It works in a surprisingly simple way – you download an application and open it, which triggers the installation of a second, this time malicious, application. Then, when you press a button on the seemingly innocent application, you are actually clicking a button on the malicious application that is hidden within it. So, as its name suggests, the trap is in the tap.

So, imagine this scenario. You have downloaded an application and on the main screen there is a button that says “Start Game”. You click it to begin but, unbeknownst to you, this has triggered the downloading of the dangerous malware. On the next screen you continue clicking away, oblivious to the dangers, and without realizing you have accepted the terms and conditions of the dangerous malware that has hidden itself on your cellphone.

In the video below we have a clear example of how this form of attack works – the user clicks on “Start Now” to begin downloading images of adorable kittens and, without realizing, grants permission to the attacker to take screenshots on the device.

VIDEO

How the attack works is a lot easier than it might seem. This is due to the type of pop-up notifications that were developed by the programmers of Android applications. There were developed to give alerts to users – such as the one that appears if the battery is running low – but if they appear in full screen and with a button that doesn’t react to your clicks, then they are in fact a dangerous tool used by cybercriminals.

Apart from installing the malware and tricking you into accepting the terms of installation, the attacker can use tapjacking to steal your passwords or to even carry out actions using your bank details.

They key to protecting yourself from this attack is, yet again, in the permission stage. Even though these dangerous applications don’t request a lot of information before being installed, there is one thing which they all have in common – they will ask for permission to show system alert windows, something which isn’t common in other types of applications. If this happens to you, be wary. Check out reviews and opinions from other users on Google Play and ask yourself whether you trust in the application’s creator.

A good antivirus could also come to your rescue in this situation. Just because you can’t see the danger doesn’t mean it’s not there. Fortunately, our security tools are there to shine the light on it.

 

The post Tapjacking – when the danger camouflages itself on Google Play appeared first on MediaCenter Panda Security.

Avast

How to thoroughly wipe your phone before selling it

Make sure your Android phone is wiped clean before you sell it.

Every day, tens of thousands of people sell or give away their old mobile phones. We decided to buy some of these used phones to test whether they had been wiped clean of their data. What we found was astonishing: 40,000 photos including 750 photos of partially nude women and more than 250 male nude selfies, 750 emails and texts, 250 names and addresses, a collection of anime porn, a complete loan application, and the identity of four of the previous phone owners.

How did we recover so much personal data?

The problem is that people thought they deleted files but the standard features that came with their operating system did not do the job completely. The operating system deleted the corresponding pointers in the file table and marked the space occupied by the file as free. But in reality, the file still existed and remained on the drive.

With regular use of the device, eventually new data would overwrite the old data but since the person was selling the phone, that never happened and the files were still intact.

It works the same way on your PC. I used free software to recover deleted photos that I thought were missing forever because they had not been overwritten yet.

You can permanently delete data with Avast Anti-Theft

Avast’s free app for Android, Avast Anti-Theft, actually deletes and overwrites all of your personal files. All you do is follow these steps to delete personal data from your smartphone before you sell it or give it away.

1. Install Avast Anti-Theft on your Android device. The app is free from the Google Play Store.
2. Configure Avast Anti-Theft to work with your My Avast account. This gives you remote access to your phone through your PC.
3. Turn on the thorough wipe feature within the app.
4. Log in to your My Avast account from a PC to wipe your phone. This will delete and overwrite all of your personal data.

Follow Avast on FacebookTwitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Patches from Adobe, Oracle, and Microsoft released

Avast Software Updater helps you apply software updates.

Earlier this week, we told our readers about the three Flash Player zero-day vulnerabilities that were found in stolen files that were leaked from the Hacking Team. We advised Avast users to disable Flash until the bugs are fixed.

It doesn’t look good for Flash. Because of the continuing security problems facing the 20-year old platform, Google and Mozilla each announced this week that their Web browsers will eventually be dropping default support for Adobe Flash, and Facebook’s new security chief wants to kill Flash. For now you can still use it, but the reports of it’s death are not greatly exaggerated…

Adobe has released security patches for Windows, Mac OS X, and Linux. Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version. Users of Internet Explorer 10 and 11 for Windows 8.x will be automatically updated to the latest version.

Another Hacking Team zero-day vulnerability was discovered in Microsoft’s Internet Explorer. Microsoft released a total of 14 security bulletins, 4 ‘critical’ and the remainder ‘important’ in their July Security Bulletin.

And finally, Oracle released a security update to fix the Java zero-day exploit reportedly used to attack military and defense contractors from the U.S. and spy on NATO members. The Critical Patch Update Advisory also includes 193 new security updates; 99 of which could be exploited by remote attackers.

Avast Software Updater can help you with most software updates. To find it, open your Avast user interface. Click Scan on the left side, then choose Scan for outdated software. You an then decide how to proceed.

Avast Software Updater shows you an overview of all your outdated software applications

Avast Software Updater shows you an overview of all your outdated software applications

Follow Avast on FacebookTwitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Panda Security

Why Adaptive Defense 360?

AD-360

A few days ago we published an interview on why Adaptive Defense was the solution against ransomware like Cryptolocker. Now, however, I’d like to go into further details on why Adaptive Defense 360 isn’t just the present and future for just Panda, but rather for the entire cyber security industry.

Adaptive Defense 360 is the only solution available on the market that offers the full protection of a traditional antivirus, white listing, and protection against advanced threats all in one. In fact, it combines all of the capabilities of two product categories in one – EPP (Endpoint Protection Platform) and EDR (Endpoint Detection and Response).

So, how can we make it stand out, in a way that shows Adaptive Defense to be a unique and essential option, to other products on the market?

Differences between Adaptive Defense 360 and a traditional antivirus

  1. An antivirus lacks proactive detection and doesn’t classify all of the applications. Instead, it just classifies those which it has previously listed as malware while Adaptive Defense classifies all running applications, be they goodware or malware, known or unknown.
  2. An antivirus means a certain level of work for the administrator – management of the quarantine, dealing with false positives, etc. On the other hand, Adaptive Defense is a managed service and these types of tasks are taken care of automatically by Panda.
  3. An antivirus doesn’t offer traceability for the actions taken by a malware, meaning that it doesn’t give any forensic details about the attack. Adaptive Defense, however, offers detailed feedback on every action taken by a threat.

Differences between Adaptive Defense 360 and white listing

  1. The main inconvenience of managing by white listing has always been the amount of time required to look after it. This is time that could be better used by the administrator. With Adaptive Defense this inconvenience is removed and Panda looks after the management of the task.
  2. What’s more, the deployment of these services is extremely complex. With Adaptive Defense it’s more akin to child’s play, thanks to it being a cloud based service with one agent in every endpoint.
  3. Above all, a white list doesn’t protect vulnerable applications, or applications that suddenly begin acting strangely. This is something which Adaptive Defense detects and blocks.

Differences between Adaptive Defense 360 and an Advanced Threat Defense (ATD) such as FireEye, PaloAlto, SourceFire, etc)

  1. An ATD solution doesn’t cover all of the possible vectors of infection, but rather only threats that enter via the internet. This leaves you vulnerable to attacks via the USB port, for example. This doesn’t happen with Adaptive Defense as, due to being at the endpoint, it detects all attacks no matter where they come from.
  2. ATDs monitor threats by sandboxing, which means they do it in controlled settings. This allows a threat to behave in different ways to a normal situation making it harder to catch – Panda Adaptive Defense 360 monitors the endpoint in real-time, meaning that no threat can escape its analysis.
  3. ATDs don’t avoid or block attacks, which is one of their main limitations. Adaptive Defense, however, is capable of automatically detecting and blocking any threat that is found at the endpoint.
  4. Finally, if an ATD finds a threat it needs either a third party solution or a manual intervention to correct it. With Adaptive Defense 360 this is all taken care of automatically and immediately.

When all is said and done, we can see that Adaptive Defense 360 is way ahead of other options available on the market. It excels not only against traditional threats but also with vulnerable applications and advanced threats.

Adaptive Defense 360 continuously analyzes the system’s activity so as to determine how to classify every process being carried out as goodware or malware, without leaving room for doubt, and closes the circle of detection with the solution built in.

Do you want more information?

TRY ADAPTIVE DEFENSE

 

Paula Quirós. CMO Panda Security

The post Why Adaptive Defense 360? appeared first on MediaCenter Panda Security.