Panda Adaptive Defense 360 and other APT/cloud/big data AV

[etherealfocus]

Normally I don't use Panda for anything but the occasional second opinion, but talked to several IT managers who are moving or considering moving.

Details: http://www.pandasecurity.com/usa/enterprise/solutions/adaptive-defense-360/adaptive-defense-360.htm

My first impression is that they talk a big game but their ability to deliver is doubtful... but what do you guys think? Would any of you put them up against managed AV from Bitdefender, Kaspersky, Webroot, Sophos, etc?

Process whitelisting also seems... sketchy. How to verify processes when some LOBs don't sign each point release, customize the software for certain clients, and the security certificate process has so many cracks in its armor to begin with? Basing it on big data only helps if they've got solid data on every LOB the client uses? That's fine if you're just running Office and Chrome, but there's tons of industry stuff out there they may not have data on.

Seems like more of a small biz product than something really capable of blocking APTs and defending less than ideal software deployments.

 

[XavierMace]

Of all the AV's you've mentioned, the only one I've ever seen used in an actual enterprise is Sophos. Cisco uses Sophos' AV engine (as well as some others) in their IronPort email appliances.

 

[John Connor]

A ) definition-based anti-virus isn't going to stop a zeroday.


B ) Bitdefender FREE is as good if not better. It won't even allow it to run debugging apps which malware loves.


C ) Use a sandbox environment as well as a definition-based antivirus. Like Sandboxie, VooDoo Shield (which is still beta), shadow defender, etc.


D ) Use this for servers. http://www.faronics.com/products/anti-executable/


E ) Scan your Comp with Herdprotect and freefixer. Autoruns can help as well.

Use it, love it, know it. Don't get owned.

 

[XavierMace]

Non-managed products like Bitdefender Free aren't practical in an enterprise environment. Nor is sandboxing every workstation. AppControl is a definitely something to implement, but you have to make sure you have a complete understanding of your environment before doing so or you can bring critical systems to a screeching halt.

 

[John Connor]

So Faronics sells a bogus product not intended for servers? Sandboxiing should be the main feature in every anti-virus deployment.

No, Bitdefender Free isn't for the corporate environment. Nether is Panda. LOL

 

[XavierMace]

You really need to read more carefully. I said nothing remotely like Faronics selling a bogus product. I said you have to understand your environment before implementing AppControl otherwise you can end up taking down critical systems because that program will do exactly what you told it to do (as it should) so if you aren't careful you'll end up blocking business critical systems. For example we use Carbon Black Bit9. Guess what happens when you acquire a new company, and enforce that app control on the acquisitions servers. You bring down their servers because they are running different software than you are.

The whole point of this thread was questioning if Panda was for the corporate environment. We both seem to agree it's not. But your statement of BitDefender FREE being better given the context of being used in a corporate environment would seem to imply you were recommending it be used at the corporate environment.

Sandboxing gets used for systems downloading/running unknown/tested software. The whole point of AppControl and filtering is so that Joe User doesn't have that ability in the first place. You have dedicated test boxes (physical or virtual) that are used as the sandbox for testing software.