QUESTION & ANSWER

Panda latest AV firm trying to adapt with the times

By Bill Brenner, Senior News Writer 07 Feb 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

There's been a lot of consolidation in the security market. Is the plan to keep Panda thriving independently or is there a scenario where you'd be open to an acquisition?
Gary Leibowitz: The snatching up of one company by another isn't necessarily a bad thing in my opinion, as long as it provides some overall value to the customer. You recently had an article on the Verizon acquisition of Cybertrust, which I think was a good, positive example of what can happen. I spoke to the head of the security practice there and he was telling me about some great successes they've had since the acquisition. So gobbling up isn't a negative thing as long as the right mix of players come together in a way that provides better security.

Over time we've evolved with the threats, not only focusing on endpoint protection but network protection against malware of any type, shape or form. Gary Leibowitz, General Manager, Panda Security

Never say never, then?
Leibowitz: Never say never, though we have no plans for something like that at this time.

Panda is best known as an antivirus vendor. What's your strategy to meet newer threats basic antivirus software can no longer address?
Leibowitz: Antivirus is definitely what we evolved from and it's in our DNA. But over time we've evolved with the threats, not only focusing on endpoint protection but network protection against malware of any type, shape or form. Our latest product release is based on a technology we have developed and call Collective Intelligence. It's the fourth generation of antivirus. The first generation was your basic antivirus, the second generation was anti-malware and the third generation was based on host intrusion prevention technology. Collective Intelligence is designed to deal with Web 2.0 attacks designed to quietly steal information for financial gain

Talk about Panda Security for Internet Transactions.
Leibowitz: It's an anti-fraud security service that protects banks and online merchants against active malware targeting business-to-consumer and business-to-business transactions. We designed it in response to growing concerns in the market regarding the safety of online transactions. It includes what we call our Targeted Attack Alert Service (TAAS) to protect users against financial fraud associated with Trojans and other malware. Unlike other solutions on the market that only address authentication, Panda Security for Internet Transactions provides specialized protection against active threats on a user's PC designed for financial fraud.

Editor's note: SearchSecurity.com is looking for IT pros to offer feedback on the security vendors they are using. If you use Panda's security technology or another vendor you believe is more effective, contact Senior News Writer Bill Brenner at bbrenner@techtarget.com.

How does it fit into the Collective Intelligence model?
Ryan Sherstobitoff: The goal of Collective Intelligence is to increase our visibility and automate the entire process from detection to vaccine creation. We've automated the process of collecting malware from the wild, using customers as honeynets and being able to classify malware and deliver vaccine to end users. From the customer community we aggregate intelligence, behavioral traits of malware and how it behaves in individual systems. It's the first time we can take information from the user community and build a more usable protection model.

A lot of security vendors are catering to the online banking sector. How does your technology stand out from what your competitors offer?
Leibowitz: Collective Intelligence allows a much broader and automated scan of any of the malware out there. If the consumer is infected with a targeted banker Trojan, the customer has the choice to configure what happens next. Some clients want to stop the transaction so no damage happens, others want to let the transaction happen, study the malware and collect intelligence. We provide the option for any of that to happen and we have the targeted attack alert service. Using the millions of sensors we have on customers worldwide, as soon as something suspicious is detected targeting a specific customer -- if it's a bank being targeted by a Russian malware group, for example -- we can detect it and respond. I don't see anyone else offering this level of protection.

A lot of security vendors might take issue with that statement.
Leibowitz: We don't claim this is the all and every. We're saying that securing a business-to-consumer transaction requires multiple approaches. Authentication is one of them, but we don't do that. We compliment it. Behavioral analysis is another that we don't do. But we compliment it by making sure the transaction is malware-free. That's something we haven't seen anyone else doing. I don't think you'll run into other companies saying they have a solution like this today.

What kind of concerns do customers come to you with? Where do they need the most help and how does this product address their needs?
Sherstobitoff: Their main concern is how they can be protected from identity thieves. We have a better chance of finding malware, digesting data and providing protection because we're able to aggregate intelligence from the users directly.

Who is most concerned about identity theft? Merchants? Banks?
Leibowitz: The most visible types of threats customers worry about is financial fraud connected to e-banking and e-commerce, and that's what drove us to develop this product. A lot of clients told us their customers won't use their online banking services because they don't feel the banks can guarantee fraud prevention at a level they'd be comfortable with. We think we can help address that.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary