Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Collective Intelligence
1. Runtime Packers File Infector Clustered Grafos Emulation Multi-scanner Installers Clustered Grouping Heuristics Behavioral Sandboxing Correlation Over 20.000 new files are imported every day into PandaLabs. These come from customers, competitors, honeypots, CERTs, malicious URLs, online scanners such as VirusTotal, Jotti, etc. When a PC protected by Panda encounters a new file which is not detected by local signatures, heuristics or behavioral analysis, its “behavioral traits” are extracted and analyzed remotely by the PandaLabs Collective Intelligence cloud to determine if the new file is malicious or harmless. New viruses and malware are detected and blocked remotely and automatically almost in real-time without having to send the file to the lab for manual analysis and wait for an answer. The result is that customers are protected against new malware much faster than using traditional signature update approches.
Editor's Notes
… I ‘ve represented here the distributed systems of our users, which interact with your infrastructure, managed by PandaLabs, so that (click forward), if a new executable appears, it will provide some basic data (click forward) , such as behavioral traces, date and time of first appearance, and so on. This information alone may not be sufficient to reach a determination, but if we see the same program (click forward) appearing in a different corner of the world, showing a different behavior, we can then correlate those two behaviors and have sufficient evidence…that the program was in fact malware (click forward), and we can instruct the agents (click forward) to block or eliminate the malicious code. Malware does not manifest its behavior all the time, so this approach allows us to become smarter and to detect malware much earlier. This is just an example of the benefits of using this approach. It is important to note that we do not collect personal information, and that based on the specific data we receive, we cannot trace users, you would always need an ISP to be able to do that… In essence, we get global visibility about the activities of malware, and by connecting sensors to our infrastructure we can continuously correlate the different pieces of data, which results in automatic classification of files in a totally transparent fashion. We believe that, most of the times, users cannot take informed decisions when security products ask them what do they want to do with a program. That is why we believe that security should become as a transparent, but always present, component in their computing experience. TRANSITION TO NEXT SLIDE: overcoming the limitations of the predominant model today, the “local” approach, is what we are doing…