Tag Archives: Panda Security

Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation

There’s a new challenge that lies ahead for businesses that have operations within the European Union. The new General Data Protection Regulation came into effect on 25 May, 2016, and will begin to be enforced 25 May, 2018.

With the focus on protecting the fundamental rights and freedoms of natural persons and their right to the protection of personal data, the regulation establishes obligations and advantages both for private entities and public administrations.

Panda Security’s “Preparation Guide to the New European General Data Protection Regulation” introduces the new legislation to businesses before its application in 2018. Disregarding the application of the GDPR could lead to costly administration fines of up to 20,000,000 euros.

Panda’s objective is to address the need to adapt data security practices and thereby give its clients a competitive advantage.

How will the GDPR affect businesses?

One of the main points of the white paper is that taking action only when an infringement has already occurred is insufficient as a strategy, since such a failure can cause irreversible damage to interested parties and can be very difficult to compensate.

Here are some sanctions and other potential problems stemming from non-compliance with the GDPR:

  • Direct or indirect economic repercussions. These could result from security incidents coming from outside the company or from a company’s own employees and collaborators.
  • PR damages. Damages to your reputation could result from security incidents not properly being reported to the public.
  • The loss of current or potential clients may occur when the company is unable to demonstrate that it is in compliance with the regulation.
  • The risk of data-processing limits or bans imposed by data protection audits, which could affect the normal functioning of a company.
  • The possible suspension of your service for your clients, which could induce them to leave your service or even take legal action.
  • Reparations that interested parties will have the right to claim in case of infringement.
  • Costly administration fines that could reach up to 20,000,000€ or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Panda Security, a partner in compliance with the new law

For organizations dealing with data, prevention is the core element of the regulation. We underscore the importance of working with vision and anticipation as a competitive advantage in business strategy.

Businesses that have put their trust in Adaptive Defense are already well on their way to complying with the GDPR. It offers:

  • Prevention: Adaptive Defense features an internal audit system to verify the security status of the IT infrastructure at any given time, even before the solution is deployed. In the implementation of the action plan for compliance with the GDPR, it proves to be an invaluable tool.
  • Protection of personal data processed on a business’s systems, stopping, for example, any untrusted process from running.
  • Risk reduction, key activity indicators, and endpoint status, which helps to establish security protocols.
  • Tools to satisfy the requirement to notify authorities of security incidents within the first 72 hours after a breach·
  • Control mechanisms and data management for the DPO, who will be notified in real time not only of security incidents, but also whether or not these incidents involve compromised personal data files.


The post Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation appeared first on Panda Security Mediacenter.

Panda Security Detects 100% of malware, According to AV- Comparatives

Panda Security has obtained a 100% detection rate on February’s Real-World Protection Test from the independent labs of AV- Comparatives. The Real-World Test is recognized in the industry for providing an accurate reflection of the protection offered by cybersecurity solutions readily available on the market

Panda Security obtained the highest possible score, topping the list of twenty other providers that also underwent testing.

The analysis, which is available here, takes into account the same infection vectors that a user might experience on any normal day (browsing websites containing malicious content or exploits, running a virus received by email, etc.). In this case, Panda Free Antivirus was able to detect 100% of the malware to which it had been exposed. The fundamental objective of the Real-World Test is to determine if security solutions are able to protect the system as it is exposed to an array of malware samples.

Panda Security, 100% Detection and Zero False Positives in AV- Comparatives’ Most Rigorous Test

“We are especially pleased with the excellent results obtained in the AV-Comparatives Real-World Test because they validate our efforts to offer our users the best protection against all types of threats in real conditions. We are fully committed to the constant improvement of our solutions in order to provide maximum security levels with minimum performance impact, being more aggressive towards threats the bigger the risk of infection” said Alberto Añón, Consumer Product Manager in Panda Security

This result speaks to the success of the set of technologies present in the company’s cybersecurity solutions, ideal for all types of users, private or professional, and for everyone from freelancers to large corporations.

Panda Security has developed its products in response to the rapid evolution of malware in recent years. In this regard, it offers the most effective response to threats like ransomware and proves to be the best ally in the prevention, protection and response to the latest attacks.

Latest updates

The company recently launched their Panda Protection, the multi-device antivirus protection that adapts to the user’s needs through a monthly service subscription.

The post Panda Security Detects 100% of malware, According to AV- Comparatives appeared first on Panda Security Mediacenter.

Panda Security receives “21st Century Global Quality Award” 2017


The International Selection Committee of the Worldwide Marketing Organization (WMKTO) in Mexico has named advanced cybersecurity vendor Panda Security as winner of its prestigious “21st Century Global Quality Award” 2017.

This award is granted annually in recognition of those companies, products or professionals that stand out in the business world for their quality and service. The recipients are selected by an International Selection Committee comprised of prestigious entrepreneurs, diplomats, educational and governmental authorities, marketing and communications specialists, and banking institution directors, with 19 years’ experience in studying global market trends.

This international award was established to recognize and encourage the growth and development of companies and professionals who, despite the difficult global financial and economic conditions, have maintained the highest levels of product quality and professional competence. A recognition of the good work and the implementation of patterns of contextual intelligence on cybersecurity applied to companies in the country.

The award will be presented at the Marquis Reforma Hotel in Mexico City on March 4, 2017. The event will also feature the awarding of three other awards: the “Golden Star for Business Merit”, the “Golden Medal for Quality and Service” and the “Royal Crown to Excellence” to other leading companies in Mexico.



The post Panda Security receives “21st Century Global Quality Award” 2017 appeared first on Panda Security Mediacenter.

Panda Security to Participate in This Year’s RSA Conference

This February, from the 13th to the 17th, the XXII Edition of the RSA Conference, the largest event of cyber security in the world, will be held at the San Francisco Moscone Center. Major companies, suppliers and cybersecurity gurus will gather to find solutions to their business concerns and discuss industry trends — an incomparable venue in which Panda Security will be giving advice on cybersecurity strategies.

An extensive list of national and international experts will give an array of lectures and will be present as exhibitors during the five days of the event. Among the list of cybersecurity gurus you will find Luis Corrons, technical director of PandaLabs (@Luis_Corrons), who will share his thoughts with the attendees at the Panda Security booth (4542).

In keeping with this year’s theme, “The Power of Opportunity”, we will talk not only about malware and cybersecurity predictions for 2017, but also the benefits of a strategy that combines big data and machine learning in the security of your business — cutting-edge technology that constitutes a great leap forward in advanced cybersecurity solutions and will be presented over the course of the event.

Did you know that more than 250,000 new threats are detected in our laboratory every day? We will address how to anticipate potential threats with practical examples and real cases that seem like something out of science fiction. Advanced cybersecurity and prevention are, as always,

A powerful panel of experts bringing together more than 45,000 participants and a large number of exhibitions and activities await you at the RSA Conference 2017, an event in which innovation in cybersecurity is the center of attention.

PandaLabs, the Laboratory That Has the Answers to Your Questions

PandaLabs is Panda Security’s anti-malware lab and represents the company’s nerve center in terms of malware. Luis Corrons, its technical director, is one of the experts who will be representing the company at the Panda Security booth.

The countermeasures necessary to protect Panda Security’s customers on a global scale from all types of malicious code are produced in real time and uninterruptedly at the laboratory.

PandaLabs is also responsible for the detailed analysis of all types of malware, in order to improve the protection offered to Panda Security users.

Don’t miss your chance to consult with the experts! Join us and discover the latest technologies and pioneering developments in the industry.

More Information

When: February 13-17, 2017

Tickets: Check the price list here and get your discount by presenting the Panda Exhibition Pass: XE7PANDA (redemption deadline is Thursday, February 16th)

Where: Moscone Center, San Francisco.

Panda Security will be at booth number 4542 (look for us on the map!)

The post Panda Security to Participate in This Year’s RSA Conference appeared first on Panda Security Mediacenter.

Adaptive Defense 360 Given Stamp of Approval by AV-Comparatives

Defending your devices in our hyperconnected world is no simple task. Your protection should include a wide range of defense mechanisms, a necessary deployment that, until now, has forced IT organizations to purchase and maintain a variety of products from different providers.

In December, AV-Comparatives gave their stamp of approval to the three principles of the Adaptive Defense 360 security model: continuous monitoring of all applications on company servers and workstations, automatic classification of endpoint processes using big data and machine learning techniques in a Cloud-based platform, and the possibility, should a process not be automatically classified, of a PandaLabs expert technician analyzing the behavior in depth.

“The evaluation by AV-Comparatives is a good reflection of the value of Adaptive Defense to our customers,” said Iratxe Vázquez, Product Manager at Panda Security. “We protect from and detect all types of known and unknown malware and zero-day security attacks (ransomware, bot networks, exploits, fileless malware, APTs, etc.), all thanks to the continuous monitoring of all processes running on our customers’ devices.”

The Adaptive Defense 360 solution has been endorsed as the first and only product that combines endpoint protection (EPP) and endpoint detection and response (EDR) in a single platform.

“As this solution classifies all executed processes, it cannot fail to record any malware.”

Efficacy Test

Panda Security’s advanced cybersecurity solution detects and blocks malware that other protection systems don’t even see. “We know that Adaptive Defense is easily one of the best solutions on the market, and we needed this to be certified by a prestigious laboratory in the world of security,” said Luis Corrons, Technical Director of PandaLabs.

Adaptive Defense 360 achieved 99.4% detection in the 220 analyzed samples and 0 false positives in the independent analysis performed by the esteemed AV-Comparatives Institute, which establishes this solution as the most advanced end-user cybersecurity software.

“For us it was essential that the tests were done with the utmost rigor, as we were looking for an environment that would perfectly simulate the real world and the threats to which companies are constantly exposed,” says Corrons.

The Intelligent Control Platform, a Synthesis of Machine Learning and Big Data

Artificial intelligence and machine learning are booming trends this 2017, allowing companies to use data science to optimize resources and improve their productivity. Imagine the effectiveness of a cybersecurity software that combines both of these trends.

“The protection that Adaptive Defense 360 ​​offers is much more than a marketing strategy,” said Iratxe Vázquez. “This solution is a protection strategy, a new security model that our customers will need in order to deal with cyber threats. The attacker continually adapts his behavior, easily avoiding traditional antiviruses. He infiltrates and acts quietly, making all kinds of lateral movements that we monitor, analyze and block before he reaches his targets.”

Adaptive Defense 360 ​​is part of an intelligent cyber security platform, capable of merging contextual intelligence with defense operations.

“We continuously monitor and evaluate the behavior of everything running on our clients’ machines, using Machine Learning’s adaptive techniques in Big Data environments, which gives way to exponentially increasing knowledge of malware, tactics, techniques, and malicious processes, along with reliable application information, “explains Iratxe Vázquez.

Adaptive 360 is also ​​integrated with SIEM solutions (Security Information and Event Management), which add detailed information on the activity of running applications at workstations. For those customers who do not have a SIEM, Adaptive Defense 360 ​​incorporates its own security event management and storage system for real-time analysis of information collected with the Advanced Reporting Tool.

AV-Comparatives has seen what we can do, and they liked what they saw. How about you? Have you witnessed intelligent cybersecurity in action yet?

Follow the links to download the first  infographic on the most notable examples of ransomware in 2016.

The post Adaptive Defense 360 Given Stamp of Approval by AV-Comparatives appeared first on Panda Security Mediacenter.

Panda and Logtrust Stem Cyber-threats with Real-time Analytics

‘ART’ Automatically Pinpoints Attacks and Anomalies at Endpoints

Panda Security, the world’s leader in advanced cybersecurity solutions, and Logtrust, the real-time Big Data-in-Motion firm, announced the availability of the Advanced Reporting Tool (ART), as an optional module of Panda Security’s Adaptive Defense, which automatically generates Security and IT intelligence that allows organizations to pinpoint attacks, unusual behaviors, and detect internal misuse of systems and networks.

ART’s unique capabilities enable calculations, graphical visualization and alerts on data monitored, collected and correlated by Panda Adaptive Defense on companies’ endpoints. ART allows those companies to control the risks in the workplace and take security and resources management actions on end-points, including those associated with IoT networks and devices.

“Malware volume has grown exponentially, and the number of potentially vulnerable endpoints within an organization has proliferated, including data streams coming from IoT networks which may compose one of the most serious threats companies face,” said Pedro Castillo, CEO, Logtrust. “The combined capabilities of Panda and Logtrust allowed Panda to create a tool that applies real-time big data analytics to pinpoint attacks, unusual behaviors as well as detecting internal misuse of the corporate systems and network.”

Security Analytics that Border on Prescience

Panda Adaptive Defense represents a new security model that correlates data from multiple sources, bringing the capabilities of Big Data and machine learning to detect, analyze and prevent advanced threats. By partnering with Logtrust, Panda was able to leverage a cloud-based platform capable of both collecting a wide range of data and rapidly analyzing large volumes of data in machine real-time.

“Adaptive Defense, in combination with Advanced Reporting Tool (ART), is a leap forward in how companies approach cyber-security incidents, unusual behavior and resources misuse by both external factors and insiders, so it naturally requires tremendous speed and power to achieve its objectives,” said Iratxe Vazquez, Product Manager, Panda Security. “Logtrust’s Flat-Ultra-Low-Latency time-series data analytics platform, which processes over 150,000 events per second/per core, meets perfectly the performance and functionalities of our ART’s requirements.”

Additionally, Logtrust’s highly visual, customizable and intuitive interface affords the ability to:

  • Easily create and configure dashboards with key indicators and adaptive search options
  • Set default and custom alerts related to security incidents, risk situations, user access to critical information and application/network resource usage

A Penetrating, Holistic View of the Vulnerability Landscape

Panda Adaptive Defense relies on an innovative security model based on three principles: continuous monitoring of applications running on computers and servers, automatic classification using machine learning on Big Data platform in the cloud and security incidents experts analyze those applications that haven’t been classified automatically to be certain of the behavior of everything that is run on the company’s systems.

The massive amount of data, collected at endpoints and correlated in Panda Security’s Big Data platform is also cumulated at LogTrust Platform to provide security and IT managements insights, such as external and internal threats, diagnose critical vulnerabilities, and alert in real-time, so that businesses can immediately prevent or minimize Security and IT issues. Additional benefits of Advanced Reporting Tool (ART) Module working with Logtrust include the ability to:

  • Perform Forensic Analysis. Go back up to 12 months to correlate data from endpoints, identify the malware and pinpoint every place it has touched, and analyze the application’s vulnerabilities.
  • Completely Map All Vulnerabilities. Gain visibility into all machines, applications and elements running on any endpoint to assess vulnerability.
  • Monitoring and Policies. Monitor and control use of corporate resources to determine if it is normal and expected, or a matter that needs to be addressed.

About Panda Security

Founded in 1990, Panda Security is the world’s leading cloud-based security solutions company. Based in Spain, the company has a direct presence in over 80 countries, products translated into over 23 languages and more than 30 millions of users worldwide.

Throughout its history, Panda Security has established a series of innovative milestones that have been later adopted by the rest of the industry. In fact, Panda has been the first vendor to propose a new technological approach based on three strategic elements: Cloud Computing, Big Data and Behavioral Analysis. This brings a new security model that assures the complete classification of all active processes on the systems. By analyzing, categorizing and correlating all this data about cyber-threats, its platform can leverage contextual intelligence to reveal patterns of malicious behavior and initiate prevention, detection and remediation routines, to counter known and unknown threats. Assuring the maximum level of protection ever seen in the cybersecurity industry. Visit www.pandasecurity.com and www.pandasecurity.com/intelligence-platform/  for more information.

About Logtrust

Logtrust is a Real-Time Big Data-in-Motion platform offering Fast Data, Big Data analytics through a solution that enables real-time analytics for operations, fraud, security, marketing, IoT and other aspects of business. Recognized as a Gartner Cool Vendor 2016, Logtrust is intuitive, interactive, and collaborative, with no coding required, guided widgets, and out-of-the-box advanced interactive contextual dashboards. The platform provides a completely real-time experience, with new events always available for query and visualization, and pre-built queries always updated with the most recent events. The highly customizable solution works non-intrusively with your system, with agentless collectors and forwarders, platform remote APIs to check health, and all capabilities callable via REST APIs. Service is always on with cross-cloud region disaster recovery, and data is always hot and unmodified (to meet data reliability and integrity compliance requirements). Logtrust is located at the epicenter of Silicon Valley in Sunnyvale, CA, and further serves its global clients through offices in New York and Madrid. Visit www.logtrust.com for more information.

The post Panda and Logtrust Stem Cyber-threats with Real-time Analytics appeared first on Panda Security Mediacenter.

How does automatic renewal work for Panda’s homeusers

How to stay protected without having to renew your subscription

It seems like only yesterday when you installed your Panda Security antivirus protection, and all of a sudden… Oh no! You realize your antivirus protection is about to expire!

Already? How can it be?

It's time to renew your antivirus protection

Deep inside, you know this is something you have to do if you don’t want to find your computer locked by a nasty virus once again just when you are going to watch Narcos, but, really…

Why should you renew your antivirus subscription?

1. Because hackers have the bad habit of never ceasing to come up with new ways to hijack your identity, files or photos to try and steal your money. So it’s better to keep your computer and software always up to date


2. Because with the Tuneup feature included in Panda Security’s new product lineup, you can say goodbye to seeing your devices slow down over time.

tune up your devices

3. Because the parental controls will help you keep your kids away from inappropriate Internet content.

renew antivirus

Plus, there is a simple way to stay protected without having to remind yourself of the need to renew your antivirus subscription. Isn’t it great? All you have to do is click a button the next time you renew your license.
Make sure you select the auto-renewal option when renewing. This way, whenever your subscription expires, it will be automatically renewed and you will remain protected one more year without having to lift a finger.


Plus…. The more you renew with Panda the better conditions you’ll get, as you’ll get bigger and bigger discounts with each renewal to reward your loyalty.

renew antivirus

Renueva mi protección ahora

The post How does automatic renewal work for Panda’s homeusers appeared first on Panda Security Mediacenter.

Panda Security and Altitude Partner to Secure Information in the Contact Center


Panda Security, a leading advanced cybersecurity company, and Altitude, a global provider of omnichannel solutions that deliver great customer experiences, today announced a new strategic partnership. This partnership will combine Panda and Altitude expertise, solutions and services to maximize and optimize the prevention of data leakage in the contact center.

Recent research  shows a 29% increase in data breaches since 2013, with an average cost of $4 million per incident and an average cost of $158 per lost or stolen record. Other reports  point out that, for the first time, in 2015 security events traced to insiders have outranked security incidents by outsiders.

Innovative integrated monitoring and security platform for the contact center

The Panda Security and Altitude partnership will provide an integrated monitoring and security platform that relies on big data and analytics to detect and block outsider and insider threats in the contact center. Both companies will work together to deliver endpoint protection, detection and response, data leak prevention and user/entity behavior analytics.

“Contact Centers need to be more effective in preventing breaches and they need to be able to react if the prevention fails” said Raúl Pérez García, Global Presales Manager at Panda Security. “Our solution, integrated with Altitude, analyzes and correlates all the information generated about cyber-threats in order to initiate prevention, detection, response and remediation routines, configuring a whole security intelligence system able to uncover malicious behavior patterns and generate advanced cyber-security action to pre-empt malware”.

“The deliberate or accidental release of sensitive data in contact centers is a problem with far reaching consequences as companies are required to comply with more regulation to take reasonable technical, physical and organizational measures to protect the security of sensitive information”, states Jesus Cuadrado, Business Solutions Manager at Altitude Software. “Together with Panda, we are bringing to the market a solution specifically designed to stop the loss of sensitive information in a contact center environment, focused on automating the protection and detection of mishandled data”.

Panda Adaptive Defense 360 is the first cyber-security service that combines next-generation protection and detection and response technologies, with the ability to classify 100% of running processes. The platform delivers a complete cyber-security infrastructure, comprising a suite of services that connect contextual intelligence with the solutions that implement remedial actions on endpoints. Adaptive protection against malware, integrating prevention, detection, forensic analysis, categorization of all running processes and automated remediation.

The Altitude uCI (Unified Customer Interaction) suite is a complete, modular contact center software solution that provides all the functionality required to provide customers with the best experience. The modularity of the contact center software solution allows contact centers to grow according to business needs, avoiding significant upfront investments. Whether organizations use all the modules, just part of the solution, or employ 10 or 100 agents, Altitude uCI provides the ability to engage with customers and provide them with outstanding service.


The post Panda Security and Altitude Partner to Secure Information in the Contact Center appeared first on Panda Security Mediacenter.

Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10


Panda Security’s cybersecurity solutions have been recognized by the independent consultancy Virus Bulletin, which specializes in the prevention, detection, and elimination of malicious software and spam.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

Panda Security consistently maintains excellent results in the latest tests, placing the Spanish company in a privileged position.

See the complete report with study results here.

Quality Assurance Certification

Windows 10 has become the predetermined OS for Windows launched by Microsoft. There have been various issues which have set off alarm bells for some of the most cautious users.

The first characteristic of Microsoft’s new operating system that we should be aware of is that it has been designed like a cloud service. This means that now, whether you like it or not, you will share more information than ever with Microsoft. Fortunately, there are some things that you can configure to minimize the damage if you consider this to be a threat to your security.

Another of the characteristics of Windows 10 that has caused much debate is the “Advertisement ID”. It is basically a code, a unique identification number, which works like the cookies of a webpage.

For some, the new location options that Microsoft has included may feel invasive. Also potentially invasive is the fact that, as happens with Apple’s Siri or with Google Now, this tool requires access to large quantities of personal information in order to respond to whatever questions a user may ask it.

If this new operating system still hasn’t convinced you, and you’d prefer to keep your information private after installing Windows 10, the most advisable course of action would be to turn to a good cybersecurity solution such as the one offered by Panda Security, compatible with Windows 10 and vouched for by Virus Bulletin.

The post Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10 appeared first on Panda Security Mediacenter.

“Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg

eset- panda- security

Our guest article Righard has been in the IT security world since the late 80’s, and “playing” with computers since the 70’s.

1- At the beginning, computer viruses were almost like a myth. However, over the years, computer attacks became real and they have evolved significantly, along with security solutions. To what extent are we doing things properly? It seems that today there are more attacks than ever before…

Obviously there are more attacks than ever before. In the beginning, having a computer was a novelty, on top of that, the underlying OS was rather diverse. Nowadays, almost everyone has one or more computers or devices. More devices makes the attack vector more interesting (higher chance of success for the cybercriminal) but as many more people are now “into” computers, there automatically are also more people that will exploit for ill purposes. It is inevitable. As in business, where there is an opportunity there will be an entrepreneur, likewise in cybercrime, if it can be exploited, someone will.

With the growth and evolution of the OS’s, security solutions followed. Actually not only the security solutions but also the general perception of security by the public. Guess banking Trojans and ransomware were useful to raise the awareness.


Senior Research Fellow, ESET

2- You developed your first antivirus in 1988. Back then, the number of viruses to detect was very small, despite the fact that they already used some really complex techniques. Considering the way computer threats have evolved, would it be possible for somebody today to develop an effective security solution by himself?

Why not? All you need is a good (new) idea and implement it. It may be the holy grail of heuristics and proactively block a complete new type of threat, or even multiple. That is how the current anti-malware products started in the late 80’s. Of course a single issue solution would nowadays not be enough anymore as customers expect a multi-layered, full protection solution and the sheer number of daily new malware will make it impossible to keep up just by yourself. So it will be more likely that you sell your technology to a larger company or you become a niche player in the 2nd opinion market. But… There is nothing wrong with that!

3- You’ve worked with groups that cooperate with governments, agencies and companies. In your opinion, who should be more interested in improving their IT security knowledge?  Governments? Companies? The public sector and authorities?

Sadly all of the above. Education and Awareness is key here. New threats emerge all the time, and you need to be aware of the to defend yourself against it. Or at least be able to check if your security vendor is defending you against it.

Governments try to have all people use digital systems and guarantee people’s privacy, but can they? They say they do, but then, even at large public events like the 2016 elections for the US Presidency, where you would assume all the security is in place, ignorant security flaws pop up.


In the above case, the official website for – the now elected – Donald Trump allowed an arbitrary URL to show the header above the news archive. That can be used as a funny gimmick, but most likely also be exploited if the arbitrary URL is extended perhaps with script code.

4- You have collaborated with law enforcement agencies in multiple cases of cyber-crime. In your opinion, are law enforcement forces well prepared to fight cyber-crime? Do they have enough resources?

They are well prepared and most of the time have the resources to fight cyber-crime. You will be surprised what they actually know and can do. But what usually is the problematic issue is international laws. Cyber-crime is international, but we get stuck with national laws that may not be compatible in the fight against cyber-crime. On top of that, cyber-crime is digital and very fast moving. Too much legislation prevents swift actions. Politics has to catch up with more organic laws that “go with the flow” and do not takes ages to get updated against the latest threats, allowing law-enforcement to rightfully act against cyber-crime and not to have a case dismissed in court due to old-fashioned legislation.

New threats emerge all the time, and you need to be aware of them to defend yourself against it.

5- Is there an appropriate level of cooperation between law enforcement agencies and security vendors/experts, or do you think there is room for improvement?

Room for improvement is always there. But LEO’s and the private sector already do work together (although as mentioned hindered by (local) laws). Some new cooperation initiatives are actually about to be started and initiated by LEO’s. It clearly shows that working together, it will be easier to reach the mutual goal: to get cyber-criminals locked up, removing safe havens for them.

6- Ransomware attacks can have disastrous consequences for consumers, employees and companies in general. The cost of recovery from a security breach can be very high for an organization; however, what do you think of the expenses a company must face to prevent such attacks?

These must be seen as a preventive measure, a kind of insurance. You do invest for a lock on your door although the door can be closed, right? And when you compare the cost for preventive measurements against the cost after ransomware (the lost work, the lost time, checking and cleaning up the entire network (as you don’t know if it put some executable files of some stolen data somewhere on an open share, or if a backdoor was installed, etc.), the negative public PR, etc.), it isn’t all that expensive. Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company. In this case, the cost of a report of suspicious activity that turns out to be false is nullified by the cost saved by that single report of suspicious activity where it turns out the threat is real.

Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company.

7- Righard, you’ve been working with AMTSO (Anti-Malware Testing Standards Organization) since its inception. During this time, you’ve had the opportunity to work in different positions within the organization: CEO, CTO, and now you are a member of the board. What influence has AMTSO had on the world of security solution testing? What difference has it made?

AMTSO had – in my perception – a tremendous influence on the world of security solution testing. Yes of course, it was a struggle in the beginning, errors were made, but now, after repairing the organizational flaws, AMTSO came up with Guidelines and Recommendations that were adopted by testers and vendors, making sure that all testing was done fair and equally. This has also caught the eye of other organizations that are now recommending AMTSO and AMTSO “compliant” tests or to get a product certified by a tester that has adopted the AMTSO Guidelines and Recommendations.

8- What challenges will AMTSO have to face in the near future?

AMTSO is growing and is now changing the Guidelines and Recommendations into real Standard Documents. This is a delicate procedure to complete, but when completed and done properly, a big step forward. As AMTSO is growing and getting more members of different industries, but also from the same industry with motivations or ways of thinking that are different than the established industry, with older and newer companies, keeping it all together to continue to build AMTSO broader and going for AMTSO’s goals, that will be a challenge. But I am sure the new management will be able to do so. I would not have stepped down as CEO/President if I didn’t believe it would be in good hands!

The post “Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg appeared first on Panda Security Mediacenter.