14 DAY TRIAL // The long-awaited Hack In The Box conference in Malaysia is fast approaching and because we are an official media partner of the event, we took the opportunity to talk to some of the speakers that will enlighten us with their knowledge during the event.
The first on our list is KaiJern Lau, currently the Technical Director of Panda Security's Asia Pacific office. He has been in the computer security industry for the past seven years and we felt pretty certain that he could tell us a few interesting things regarding cloud security.
Softpedia: Recent news claims that Panda is going to focus its entire activity on providing cloud based security solutions. Is this true and if it is, what determined the company to make such a bold move?
KaiJern Lau: Panda Security has been working since 2006 on providing cloud based security solutions, so it is not a new move. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology and we are going to follow providing cloud based security solutions. Our plan is to continue developing and improving our current products and also working on innovative products to be sold in niche markets. The focus will not only be to provide cloud based security solutions but we will leverage our extensive experience in the Software as a Service Market.
Answering to your question, we are not going to focus our entire activity on providing cloud based security solutions.
Softpedia: Panda Cloud Antivirus achieved Advanced+ rating in AV-Comparatives tests even though it was the first time it participated. What is the secret to this success?
KaiJern Lau: Panda Cloud Antivirus has also received AV-Test.org Certification. There is no secret other than higher detection rate. The results of the tests reinforce the powerful protection capabilities of Panda Cloud Antivirus. The success of Panda Cloud Antivirus lies on its anti-virus protection and incredibly lightweight footprint. The latter is a major benefit of Collective Intelligence, Panda’s proprietary technology for automatically collecting and processing millions of malware samples in the cloud instead of locally on the user’s PC.
Softpedia: You've recently released the Beta for the new version of the Cloud Antivirus. What innovations does the latest variant bring?
KaiJern Lau: The new beta of our popular cloud-based consumer antivirus service Panda Cloud Antivirus, version 1.9.1. Available for the Pro Edition of the product only. This beta incorporates a smart community-based firewall to better respond to user needs and further maximize protection by blocking access to risky programs. This marks the first time Panda Cloud Antivirus has included a firewall and comes in advance of version 2.0 of both the Free and Pro Editions, expected to launch later this year.
The addition of a firewall to Panda Cloud Antivirus Pro is a big milestone for users who want an affordable solution that aims for zero intrusiveness. The new beta release optimizes protection for users by automatically managing rules and permissions based on the real-time knowledge gathered from our global user community. At the same time, advanced users get the flexibility to create, edit and prioritize their preferred rules manually.
The full firewall automatically assigns inbound and outbound communication privileges to processes according to their risk level. This new module includes the following features:
Application rules for users to specify which programs may access the network or the Internet; System rules for all programs. Unlike other firewalls, system rules are included in the same screen as application rules, allowing for prioritization between the two sets of rules; Rule priority for users to configure the order in which rules are applied; Automatic management of permissions for programs establishing network connections, based on the risk rating assigned by Collective Intelligence: - Automatic creation of rules allowing inbound and outbound connections for programs detected as “Safe”; - Automatic creation of rules allowing outbound connections for “Low-Risk” programs; - Automatic creation of rules blocking inbound and outbound connections for “High-Risk” programs. Local notifications of connection attempts, and ability to create rules and set permissions from warning messages; Rule import/export; Notification in reports of blocked connection attempts.
Softpedia: Cloud technology has clearly taken off in the past period. What are in your opinion the risks involved in this fairly new technology and what should cloud providers do to make sure their customers' data is secure?
KaiJern Lau: It is an issue which requires a deep analysis. PaaS (Platform as a Service ) providers are already offering secure platforms based on security standards.
The risks involved such as privacy, availability, scalability and physical localization may be an issue when talking about cloud. There are some advantages as well such as savings on capital, easy deployment, and common security policies.
We believe this technology will not bring any additional threat to a traditional model and the main risks are not very different from the risks of a traditional model and data management applications, mainly security, availability and integrity. But for a company which offers Cloud Computing services probably the biggest risk is the fact that they can become a clear target for hackers and centralized. It is for this reason that one of the main tasks when planning a cloud computing infrastructure are the defense mechanisms against denial of service attacks (DDoS) attacks and vulnerabilities of the service being open to the community.
What is important is to be clear that in the case of cloud security, and unlike other cloud computing applications (such as CRMs and ERPs), any confidential or sensitive data of the customer is stored or saved on Panda Security servers, or travel through the network. Therefore, this fear, in our case, it disappears.
On the other hand, now there is much more control over corporate security, as the entire park can be managed centrally. Imagine a company with 20 offices geographically dispersed ... with a traditional system to maintain and manage security, the administrator must be on site or have staff in each office or location. With a SaaS system, the IT Admin can see everything happening in the network and can manage it from a single point.
In terms of loss of data and sensitive information, it has no impact as it is the local agent doing the analyzing and removing threats. Only statistics and status of the endpoint is sent to central console.
In the case of suspicious files that go to Collective Intelligence to be checked, only certain traces of the file is sent, not the whole document or the container (e-mail, for example).
Softpedia: You have recently blogged about discovering a fake Cloud Antivirus. How can regular users protect themselves against such threats?
KaiJern Lau: Actually, it is a question of common sense and follow some tips: • If you don’t have an antivirus program installed, make sure you always install legitimate software. Check with your IT provider or refer to specialised and reputed forums. • It is vital that you install a real antivirus • If you have unfortunately been victim of rogueware, you can always ask for Technical Support from the security vendors.
The rogueware situation is very serious and growing as cybercriminals continue to create new methods for developing and distributing malware. It is a very lucrative business for the cybercriminals, so the name of the game is to infect as many people as possible. As a result, social networks have proven to be an effective channel to infect users. Based on PandaLabs’ extensive research, the situation is most likely to escalate even further.
Furthermore, cybercriminals know how to avoid antivirus detection; on one hand, most of them don’t show suspicious behaviors, so antivirus companies have to focus on signatures (specific or generic) to deal with those programs. This is the main reason why cyber criminals are creating so many new samples. On the other hand, PandaLabs has started to identify more advanced malware variants that are using typical Trojan features, as well as Rootkits and other techniques to subvert virus protection technologies.
For many years consumers and businesses alike have faced new threats, ranging from viruses and spam to phishing. In order to fight the war against cybercrime, grassroots awareness, advocacy and individual user education will continue to be important. Antivirus companies must play a fundamental role in exposing the problem in near real-time and presenting solutions along the way.
Finally, antivirus companies must admit that the industry is not even close to winning this battle. This is precisely why Panda started to develop Cloud based technologies in 2006. The company needed to be able to quickly analyze every new sample against its 20 years of accumulated malware data in real time to deliver protection in minutes instead of days. Fortunately, other vendors are now following this trend, but cybercriminals will soon look to new channels for malware monetization.
Softpedia: The Panda Security website in Pakistan was recently attacked by hackers. Any comment on that?
KaiJern Lau: As soon as we found out that one page of our website was hacked, we investigated the matter in detail. Our colleagues from Pakistan fixed the problem and we have taken steps at every level to ensure this may not happen again.