Panda Adaptive Defense obtains the Common Criteria certification

Blog

4
- June
2018
Posted by: Javier Tallón
[Cybersecurity & hacking tools and techniques]
Panda Adaptive Defense obtains the Common Criteria certification

With great pride, jtsec is able to announce the publishing within the BOE of the Common Criteria certification granted to Panda Security for their product Panda Adaptive Defense.

It’s been 9 months of intense work from the beginning of the process by the end of June 2017 until its ending, along the month of march of this same year.

Panda Adaptive Defense is a security solution for workplaces, laptops and servers which protects against known threats, advanced and zero-day, ransomware and fileless (in memory) and security attacks and malwareless. Compatible with the existing security antivirus solution.

Its protection capabilities cover every stage of Adaptive Security: Predict, Prevent, Defect and Respond, thanks to running services: service of classification for the 100% of the programs, processes and executables in the endpoints and the Threat Hunting and Forensic Analysis service, which allows for a constant application of corporative security.

The Protection Agent of Panda Adaptive Defense, on its 8.0 version, has managed to pass the EAL+ALC_FLR.1 level of evaluation. It is an Endpoint Protection software of new generation, with cloud analysis capabilities and risk evaluation, which provides the following functionalities among others, and has undergone the evaluation process carried out by Applus+ Laboratories, a CCN accredited laboratory to perform Common Criteria evaluations to EAL5+:

  • Interception of the operating system gathering all operations performed by the applications.
  • Sending of a registry with all the operations performed by every system process to the correlation system, saving its response about the classification of applications and their modules.
  • Use of the response of the correlation system, resolving the action to be taken over each application.
  • Use of the local capabilities based on the behaviour rules and known malware traces in order to determine the action to be taken over each application.
  • Execution of the action derived from the monitored application: block or allow its execution or loading based upon the two previous items.
  • Detect and stop exploitation techniques.
  • Detect and stop the access to malicious websites.
  • Detect and stop/allow the reading/writing of removable devices.
  • Generation of notifications about performed actions.
  • Self-protection against malicious processes.

The Protection Agent is the heart of the solution Panda Adaptive Defense 360º, whose inclusion within the CPSTIC catalogue for a HIGH ENS level was simultaneously achieved during the evaluation process.

The Project was structured in several stages: gap analysis, preparation for the evaluation and evaluation process.

The performance of an initial gap analysis of the product by the jtsec experts, allowed for drawing up an adapted certification plan thus limiting the delays and uncertainties that are so undesirable during the Common Criteria evaluations.

The preparation stage was completed in record time, performing the adaptation of the documentation of the design, operation, tests and life cycle of the product to the requirements of the Common Criteria norm.

The jtsec experts on Common Criteria took care of this preparation stage counting on every moment with the support of Panda Security technical experts.

This way of working has allowed for the manufacturer to focus their effort on the implementation of new security measures for their product, thus achieving a global improvement of the product and its documentation.

The evaluation stage was performed by Applus+ Laboratories which was in charge of the technical analysis of the product.

It is a critical factor for the success of any certification process, the communication between all the stakeholders. jtsec has been in charge of being the interface so as to speed up the time of response and optimize the evaluation process.

The follow up of the state of the product’s evaluation by each part has been exceptional, granting a greatly agile and resolutive communication interface, which has allowed for detecting and solving each problem in a highly efficient way.

It has been a pleasure for us to have the chance of working with a company of reference within the security market at a national and international level as is Panda Security. Without their eager disposition for the introduction of improvements in the product, it wouldn’t have been possible to carry out the evaluation in such a satisfactory way.

We feel like we are keeping up to jtsec’s motto “Any fool can make something complicated. It takes a genius to make it simple – Woody Guthrie”

tags
Javier Tallón/Technical Director

Expert consultant on the Common Criteria standard, and other security assurance standards in the field of the information technology (FIPS 140-2, ITSEC, ISO 27K1, SOC 2, ENS...). Javier has served as an evaluator in the Spanish CB for the country major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL5+). His experience has led him to participate as a speaker at several conferences on computer security and certification (SuperSec, Cybercamp, Navaja Negra, International Common Criteria Conference, International Cryptographic Module Conference, EUCyberact Conference). He is also Cyber Security lecturer, giving classes of Secure Software Engineering at the University of Granada and is CISSP (Certified Information Systems Security Professional) and OSCP/OSCE (Offensive Security Certified Professional & Certified Expert) certified .

In 2015 he begins to lay the foundations of what will be jtsec. He currently works as Technical Director of the evaluation lab and Chief Operations Officer (COO) of the Granada site from where the company develops most of the work. Recognized expert in various disciplines of cybersecurity (reversing, exploiting, web, ...), assumes the technical direction of most of the projects, directing and organizing the work of the team. He also leads the Research and Development area, encouraging the participation of the jtsec team in multiple Congresses.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
RECENT POSTS
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
Jan 17, 2025
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
jtsec & Applus+ Laboratories at ICCC24
Nov 14, 2024
jtsec & Applus+ Laboratories at ICCC24
How to use the CCN product catalog to improve your company's security
Oct 14, 2024
How to use the CCN product catalog to improve your company's security
Common Criteria Statistics 2023
June 17, 2024
Common Criteria Statistics 2023
How to enter ENS category high, stay in the catalog and add new versions of my product
April 23, 2024
How to enter ENS category high, stay in the catalog and add new versions of my product
jtsec - Our LINCE 2023
Febr 6, 2024
jtsec - Our LINCE 2023
We wish you a happy and cybersecure 2024
Dec 19, 2023
We wish you a happy and cybersecure 2024
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
Dec 14, 2023
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
How to include your product or service in ENS ALTA.
Oct 31, 2023
How to include your product or service in ENS ALTA.
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Sept 19, 2023
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
CATEGORIES