It's very easy to deploy, we don't have any problem or issues with it. It's almost full automatic. It basically makes the assumption that everything is supposed to be suspicious; files, processes, URL accesses, and so on. Everything is checked once in the cloud and it's assessed as malware or safe. You're free to use it. It's simple enough to be used by a non-specialist, by regular users. You don't need a large security team to manage it.
The gap between the two final conclusions is a problem, whether or not a file is known to be malware or is known to be safe. There is a gap between this space which means that some time in which the attestation service works on the conclusion it might regenerate this gap through the communication process. For example, if an employee gets his laptop and goes somewhere where it doesn't have full access to Panda Cloud, meaning the attestation service in the Panda Cloud, it will lose the connection and it cannot promptly receive the attestation conclusion.
If you travel or something like that or there's a lapse in time in which the lack of the conclusion regarding a required item like a file or process or whatever, is lacking. Panda understood it might be a huge problem for the whole solution. They resolved it in a way that I don't like. They assumed that there is a knowledgeable person in the customer security team that will assume the conclusion and will either set that everything is supposed to be malware or everything is supposed to be safe, unless it's attested by the Panda Cloud. There are just these two options. You have a checkbox and you just check or uncheck the checkbox, meaning you assume that the non-attested item is assumed to be malware. If you put the checkmark, it is assumed to be safe. Either conclusion means we will have either false positives or false negatives. This is an issue they didn’t solve well.
They didn't solve this issue well first of all because it is only a single checkbox to do this. As a suggestion, they could use several similar checkboxes, for example, one for executable files, one for malware detections or suspicions, and so on. You either treat unattested items as malware or either as safe items, which is not good.
I have been using Panda Security Adaptive Defense for fourteen months.
I haven't had any crashes. I recall having some issues deploying agents on Linux distributions, but I don't recall which distributions. It is possible that they have some issues there. The way they distributed agents seems like they rebuilt some packages and then activated them into the OS, which is not a good way of distributing software. It requires a specific set of libraries and OS modules. If your distribution doesn't have it, it might end in an installment crash on that endpoint.
Stability depends on the networking because getting network connectivity interruptions on the endpoints breaks the continuous state of the security.
It is good for small and medium-sized companies.
They have a lot of support sites. I haven't need to contact them for support.
It is remarkably easy to deploy.
The time it takes to deploy depends on the customer infrastructure of course. I think a medium 1000 endpoint infrastructure could take around one day. You can use the group policy if you integrate with a local domain or something. They provide several tools to deploy it. It's nice.
The amount of people required to deploy depends on the complexity of the infrastructure. If you have branch offices or sub-networks distributed regionally or geographically, you probably will need more than one person.
If you have Active Directory across multi-domain distribution and so on, your team should be more than one person. For smaller customers, I assume one well-trained security person could do the work in one day.
The attestation paradigm is specific to Panda. I haven't found it anywhere else as strongly enforced into the solution.
My advice would be to follow the general rules, do a trial, learn about it well. Test it in a test environment, change the settings according to your customer-specific needs, and then implement it if you find it has advantages.
In the next release, I would like for them to add DDR features, threat intelligence, and more analytics. It lacks in that area. It should be integrated better with CMS and other useful enterprise applications and tools.
Threat intel also needs improvement. If I was a security analyst, employed in a company and my boss asked me what I think about this solution, the first place I’d look is where the threat intel is. It just lacks this. It is well hidden in cloud attestation service.
I would rate it a seven out of ten.
