In a recent Webinar, Dealing with New Generation Threats, Jeremy Matthews, regional manager of Panda Security for Africa, gave insights into how to effectively understand and block advanced threats, as well as insights into the latest endpoint detection and response (EDR) and SIEM (security information and event management) technology that is being used to combat these attacks.
Matthews explained that the current situation is brought about by three factors: increasingly sophisticated malware, the limitation of traditional AV, and the changing corporate IT environment.
Matthews believes that understanding the cyber kill chain – a model used to identify steps taken by cyber criminals, is key in adapting the organisation's technology, policies and procedures to effectively address these advanced threats.
Through PandaLabs' assessment of the cyber kill chain, Matthews says it has become clear that combating zero-day attacks requires a new security paradigm – extending traditional security to include new generation EDR technology. EDR is marked by four key capabilities: detection, prevention, remediation and forensics. Simply put, EDR allows for full visibility of endpoints, identification of potential malware and prevention of attacks, as well as the ability to investigate, and enable remedial action to restore endpoints to their original state.
Matthews explained that the benefits of this technology can be seen in Panda Security's EDR offering Adaptive Defense, which offers robust protection by classifying all running programs and only allowing goodware to run. Malware is completely blocked from running on the network, and any unknown programs are blocked until an investigation is completed by PandaLabs. Panda Adaptive Defense provides dynamic anti-exploit capabilities to prevent exploit-based attacks and fileless malware.
By leveraging the cloud and big data, Adaptive Defense has little impact on IT resources and with its optional Advanced Reporting Tool or SIEM integration is able to provide IT staff with additional forensic information on all processes and network activity on the endpoint. Adaptive Defense seamlessly integrates with existing corporate SIEM solutions such as HP ArcSight, IBM QRadar and AlienVault, to provide critical security intelligence.
In the Webinar, Matthews shared invaluable insights into the dynamic landscape we face today, and the technology that is available to mitigate risks and combat cyber crime. The recording of the Webinar is available here: Dealing with New Generation Threats.