With great pride, jtsec is able to announce the publishing within the BOE of the Common Criteria certification granted to Panda Security for their product Panda Adaptive Defense.
It’s been 9 months of intense work from the beginning of the process by the end of June 2017 until its ending, along the month of march of this same year.
Panda Adaptive Defense is a security solution for workplaces, laptops and servers which protects against known threats, advanced and zero-day, ransomware and fileless (in memory) and security attacks and malwareless. Compatible with the existing security antivirus solution.
Its protection capabilities cover every stage of Adaptive Security: Predict, Prevent, Defect and Respond, thanks to running services: service of classification for the 100% of the programs, processes and executables in the endpoints and the Threat Hunting and Forensic Analysis service, which allows for a constant application of corporative security.
The Protection Agent of Panda Adaptive Defense, on its 8.0 version, has managed to pass the EAL+ALC_FLR.1 level of evaluation. It is an Endpoint Protection software of new generation, with cloud analysis capabilities and risk evaluation, which provides the following functionalities among others, and has undergone the evaluation process carried out by Applus+ Laboratories, a CCN accredited laboratory to perform Common Criteria evaluations to EAL5+:
- Interception of the operating system gathering all operations performed by the applications.
- Sending of a registry with all the operations performed by every system process to the correlation system, saving its response about the classification of applications and their modules.
- Use of the response of the correlation system, resolving the action to be taken over each application.
- Use of the local capabilities based on the behaviour rules and known malware traces in order to determine the action to be taken over each application.
- Execution of the action derived from the monitored application: block or allow its execution or loading based upon the two previous items.
- Detect and stop exploitation techniques.
- Detect and stop the access to malicious websites.
- Detect and stop/allow the reading/writing of removable devices.
- Generation of notifications about performed actions.
- Self-protection against malicious processes.
The Protection Agent is the heart of the solution Panda Adaptive Defense 360º, whose inclusion within the CPSTIC catalogue for a HIGH ENS level was simultaneously achieved during the evaluation process.
The Project was structured in several stages: gap analysis, preparation for the evaluation and evaluation process.
The performance of an initial gap analysis of the product by the jtsec experts, allowed for drawing up an adapted certification plan thus limiting the delays and uncertainties that are so undesirable during the Common Criteria evaluations.
The preparation stage was completed in record time, performing the adaptation of the documentation of the design, operation, tests and life cycle of the product to the requirements of the Common Criteria norm.
The jtsec experts on Common Criteria took care of this preparation stage counting on every moment with the support of Panda Security technical experts.
This way of working has allowed for the manufacturer to focus their effort on the implementation of new security measures for their product, thus achieving a global improvement of the product and its documentation.
The evaluation stage was performed by Applus+ Laboratories which was in charge of the technical analysis of the product.
It is a critical factor for the success of any certification process, the communication between all the stakeholders. jtsec has been in charge of being the interface so as to speed up the time of response and optimize the evaluation process.
The follow up of the state of the product’s evaluation by each part has been exceptional, granting a greatly agile and resolutive communication interface, which has allowed for detecting and solving each problem in a highly efficient way.
It has been a pleasure for us to have the chance of working with a company of reference within the security market at a national and international level as is Panda Security. Without their eager disposition for the introduction of improvements in the product, it wouldn’t have been possible to carry out the evaluation in such a satisfactory way.
We feel like we are keeping up to jtsec’s motto “Any fool can make something complicated. It takes a genius to make it simple – Woody Guthrie”