Panda GateDefender Performa

The perimeter solution to combat malicious code.

Malware refers to all files with content that could be malicious for a computer system. This is not just limited to viruses, as there are many other types of files that can cause serious damage to computers or networks.

The term malware refers to a wide range of threats:

• Viruses: They destroy information and replicate automatically.
• Worms: They make copies of themselves and send themselves massively from infected computers to all contacts in the address book, for example.
• Trojans: They can open ports to a hacker who can take remote control of an infected computer.
• Spyware: They steal personal information stored on a computer.
• Phishing: This involves sending email messages that appear to come from reliable sources (such as banks) and that try to get users to reveal confidential banking information. To do this, the messages usually include a link to spoofed web pages. In this way, the user, thinking that they are in a trusted site, enters the requested information, which is really falling into the hands of the fraudster.
• Blended threats: The latest epidemics have involved attacks using a combination of threats (blended threats).
• Dialers: They change dial-up connections to premium-rate numbers without the user's permission.
• Jokes: These are time-wasting tricks or jokes.
• Other risks: Certain software is not classified as malware, but can pose a risk to the security of corporate networks if it is used.
  • Hacking tools: all tools that can be used to steal confidential information or gain unauthorized access, etc.
  • Security risks: applications that pose a risk to security and which are not classified as viruses. For example, a program for creating viruses or Trojans.

The anti-malware protection in the Panda GateDefender appliances blocks all these types of threats at perimeter level. This means that the malicious code never enters the corporate network.

Benefits

• Complete protection: It prevents all types of malware from entering the network by scanning the six most widely used communication protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP).
• Improved network efficiency: Reduces the workload on company servers by eliminating unnecessary traffic.
• Prevents damage to corporate image: Stops malware from being sent out from the company and prevents installation of programs that can do this.
• Rapid Return on Investment: Prevents saturation of network resources and loss of productivity of employees. Hands-free operation minimizes administrator tasks.

Combination of proactive protection and reactive protection

The anti-malware protection in Panda GateDefender combines 2 powerful techniques to provide the most complete protection:

• Identifier files: Reactive protection based on a list of known malware which is automatically updated every 15 minutes.
• Genetic Heuristic Engine: Scanning of the code of all files that pass through the device to determine if they are potentially dangerous on the basis of typical malware code structure.

The combination of reactive and proactive techniques reduces the risk window and makes Panda perimeter devices the most up-to-the-minute network protection.

Anti-malware protection in operation

Implementation Involves the following phases:

• Installation: Configured in no more than 15 minutes thanks to the ease-of-use of the console.
• Scanning and disinfection: After installation, it immediately scans all inbound and outbound traffic, applying the actions defined by the administrator.
• Incremental Signature Updates: Every hour, it downloads only new malware signatures patch, automatic and transparently.
• Local Updates: It connects to a local server to check and download the new updates, instead of connecting to the Internet, for restricted security networks.

Action on malware. The administrator decides what action to take on any malware detected:

• Disinfect: The file with the malware will be disinfected
• Delete: The infected file will be deleted.
• If the malware is contained in an attachment in an SMTP email, the options include:
  • Deleting the entire message.
  • Deleting just the attachment.

Scanning. The administrator decides on the configuration of the protection:

• Protocols to scan: HTTP, FTP, SMTP, POP3, IMAP4 and/or NNTP.
• Types of malware detected:
• Trusted sites : Internal domains excluded from the anti-malware scan to improve performance.

Definition of security policies according to company criteria.

The Content Filter prevents potentially dangerous content from entering the network. The risks can differ from one company to another depending on many factors, including:

• Sector to which they belong.
• Size
• Governmental restrictions affecting the company
• Arbitrary decisions of IT administrators
• Etc.

The Content Filter protection in Panda GateDefender is both robust and flexible:

• Robust: to prevent all types of possible threats regardless of the type of traffic.
• Flexible: to enable application of corporate security policies adapted to every type of company.

Benefits

• Improved corporate security: Based on the specific criteria of each company.
• Prevents data loss: Control over the documents that can be transmitted outside the internal network.

Content filter protection in operation

The filtering of potentially dangerous content takes place on two levels.

• At file level (HTTP, FTP). Scanning the types of files that could represent a danger and filtering according to different criteria:
  • Nested compressed files – The maximum level of nesting can be defined.
  • Large compressed files – The maximum file size can be defined
  • Compressed files containing a large number of files – Configurable by the administrator.
  • Dangerous MIME types – Defined in an importable and exportable list.
  • Files whose MIME type does not match its extension.
  • ActiveX and Applets - White lists and blacklists of senders and domains with controls
  • Files with macros or embedded information – Office files, Flash…
  • Password protected files – ZIP files, PDF files and Microsoft Office files.
  • Files with truncated extensions – CLSID, space, illegal characters…
  • Encrypted files in HTTP – Encrypted through PGP.
  • Scripts in HTML – embedded or referenced in the code.
  • External references in the body or attachments to HTML messages – Referenced files.
• At message level (SMTP, POP3, IMAP4 and NNTP). Scanning the bodies, subjects and structure of messages and filtering according to different criteria:
  • By textual content. Lets you define the filtering rules for messages and attachments, by text content for SMTP, POP3, IMAP and NNTP. Messages can be filtered by:
    • Subject
    • Attachment name
    • Message body (text and HTML)
  • By no. of recipients. The maximum number of recipients can be defined for inbound, outbound or inbound and outbound mail.
  • Nested messages. Nested messages are filtered, as well as attachments to the main messages and the attachments to nested messages.
  • Encrypted messages. Files received encrypted with PGP will be filtered.
  • Malformed messages. Messages whose content cannot be scanned will be filtered.
  • Fragmented messages: Fragmented messages received, which pose a security risk as they cannot be scanned in full, will be filtered

The actions that can be taken on filtered items are:

• Messages:
  • Delete the message: The message will be completely deleted.
  • Redirect or move the message: It will be sent to the Content Filter quarantine area.
  • Just notify: No action will be taken on the content or the item filtered.
• Attachments
  • Delete attachment. The attached file will be deleted.
  • Delete the message: The message will be completely deleted.
  • Redirect or move the message. It will be sent to the Content Filter quarantine area.
  • Just notify. The event will be logged, if configured.
• HTTP and FTP file transfers
  • Block/delete. The file transfer will be blocked or the filtered file will be deleted.
  • Just notify. The event will be logged, if configured.

Stop the avalanche of junk email.

Spam is the sending of unsolicited information by email. For a message to be considered spam, it must meet the following conditions:

• The message is sent indiscriminately to any recipient.
• The recipient has not requested or authorized the message.
• The action of the recipient can result in benefits for the spammer.

The financial impact of spam on companies continue to grow. The OECD has confirmed that each employee loses around €2,000 because of spam.

Benefits

• Increased productivity Prevents employees wasting time receiving, reading and deleting junk mail.
• Improved network efficiency. Reduces server workloads by eliminating spam before it enters the network. It also minimizes traffic on the internal network.
• Prevents damage to corporate image. Prevents junk mail or illegal content from being sent out of the company.
• Rapid Return on Investment. Prevents saturation of network resources and loss of productivity of employees. Hands-free operation minimizes administrator tasks.

Anti-spam protection in operation

Implementation Involves the following phases:

• Installation: Takes no more than 15 minutes thanks to the ease-of-use of the console. After installation it starts to work automatically.
• Scanning and detection: It immediately starts to scan inbound and outbound messages, applying the actions the administrator has defined.
• onstant Updates: Spam signatures update automatically every minute through microupdates.

Adapting the detection system. The sensitivity of the system can be set to:

• High: Greater detection of spam, but more chance of false positives
• Medium: Balance between the spam detected and the false positives returned
• Low: Less detection of spam but no false positives

Action on spam detected: The administrator decides whether spam or probable spam…

• Is eliminated
• Or is sent to the email quarantine

Prevent employees viewing inappropriate pages

The Internet is an essential source of information. Companies need the Internet to access data and key professional services.

However, much of the content on the Web is unrelated to work. This content can have serious repercussions for a business. It can affect the working environment and performance, and even jeopardize corporate image if certain content is reproduced or forwarded by employees. The statistics are alarming:

• Between 30 and 40 percent of Internet use is non work-related.
• At least 60 percent of employees use the Internet at work for personal reason (chats, forums, etc.).
• Seventy percent of access to pornographic website is during work hours.

Benefits

• Increased productivity Prevents employees wasting time on the Internet.
• Optimizes bandwidth. Prevents access to inappropriate pages, increasing resources available for productive use.
• Prevents damage to the corporate image and minimize legal risks. Prevents access to inappropriate and even illegal content. Such content can severely jeopardize public image or even have legal repercussions.
• Rapid Return on Investment. Prevents saturation of network resources and loss of productivity of employees. Hands-free operation minimizes administrator tasks.

Web filtering in operation

Implementation Involves the following phases:

• Installation: Takes no more than 15 minutes thanks to the ease-of-use of the console. Simply select the categories of restricted content.
• Supervising access: Lets you manually supervise individual access to the Internet.
• Constant updates: Every 15 minutes the database of classified URLs is updated without administrator intervention.
• WebLearn: All visited URL´s from inside the network are registered and categorized adapting the protection to the organization's real Internet use.

Maintenance.

Administrators can adapt filtering policies in accordance with the results.

• Filtering by users and groups: Different policies can be set for different users or groups.
• VIP User list: A list of users exempt from the Web filtering can be defined.
• Web access control: Hours of Web Filter restriction can be marked.

Stop inappropriate use of level of resources

The P2P and instant messaging filter lets you block the following types of connections:

• Instant messaging applications

  Instant messaging can affect the performance of internal network users. You can block connections with instant messaging and chat applications. The applications you can block are the following:

  • ICQ/AOL
  • IRC
  • MSN Messenger
    • Windows Messenger
    • MSN Messenger File Transfer
    • MSN Web Messenger
  • Yahoo! Messenger
  • Skype
  • Jabber (Google Talk)

  Each one can be blocked independently from the others.

• Peer to Peer applications

  P2P applications allow users to exchange and share files. This is a serious entry point for malware. To prevent this you can block:

  • Access to P2P servers
  • Terminal connections between P2P users (with non-server-based P2P applications)

    The P2P protocols you can block are the following:

    • BitTorrent (Azureus, BitComet, Shareaza, MlDonkey…)
    • eDonkey (eDonkey2000, MlDonkey)
    • FastTrack (Kazaa. Grokster, iMesh, MlDonkey)
    • Gnutella (BearShare, Shareaza, Casbos, LimeWire, MlDonkey…)
    • Gnutella2 (Shareaza, Trustyfiles, Kiwi Alpha, FileScope, MlDonkey…)
    • OpenNap (Napster, Lopster, Teknap, MlDonkey)

    Each one can be blocked independently from the others.

Benefits

• Increased productivity Prevents employees from wasting time with unproductive applications.
• Optimizes bandwidth. Prevents file downloads and unproductive use of bandwidth from clogging up the network.
• Rapid Return on Investment. Prevents saturation of network resources and loss of productivity of employees. Hands-free operation minimizes administrator tasks.

P2P and instant messaging application filtering in operation

Configuration Simply involves setting the protocols and applications to block

Level of protection You can choose the level of protection to guarantee correct use of network resources:

• Performance level. Prioritize general system performance over protection against use of the applications.
• Security level. Prioritize the protection against applications over the performance through blocked ports and protocols.
• Balance level Balance the protection with the system performance.
• Web access control: IM/P2P application restriction can be scheduled by hours.