Starting at $60.99 per user per year, Panda Security Adaptive Defense has improved significantly since the last time we looked at it as part of our hosted endpoint protection roundup. Like most of the competition, this is a fully managed cloud console with endpoint support for all major desktop and mobile operating platforms with the exception of Apple's iOS. That's generally a forgivable sin, however, as Apple really doesn't leave many management features available to third-party developers.
While we really liked Panda's Adaptive Defense overall, its behavioral approach to security is idiosyncratic enough to keep it just behind our Editors' Choice winners in this space, a list that currently includes Bitdefender GravityZone Ultra, ESET Endpoint Protection Standard, and Sophos Intercept X. This unique approach may, however, work well for some buyers, so it's worth checking this platform out closely, especially for experienced security professionals. The only downside here is that Panda doesn't make a free trial available for evaluation, just a live demo you need to request via the website.
Installation and Interface
When logging into Panda Adaptive Defense, any services available, including Panda Endpoint Protection are clickable icons on the page. When clicking through to Endpoint Protection, the process begins on a status page. There you'll see graphs of infection frequency grouped into various categories of viruses and spyware, hacking tools, phishing attempts, suspicious items, and more. There is also a handy set of indicators at the top that show which computers have not connected to the cloud recently and are potentially running with outdated protection. With the added drill-down capabilities of the graphs, we found Panda struck the good balance between aesthetics and functionality.
The computers tab reveals a group-based device management page. Computers can be easily added by downloading the client or emailing a link to a new user. Licenses can also be tracked from here, so if the number of systems added exceeds the current license allotment, then it’s easy to delete those systems or know to purchase additional seats. Systems can be collected together into groups and subgroups. Policies can then be applied to those groups rather than to individual systems. This is an effective system and similar to how F-Secure Protection Service for Business and Bitdefender organize their policies.
Similar Products
ESET Protect Complete
F-Secure Elements
Trend Micro Worry-Free Services Advanced
Avast Business Antivirus Pro Plus
Bitdefender GravityZone Business Security Enterprise
Kaspersky Endpoint Security Cloud Plus
Sophos Intercept X Endpoint Protection
McAfee MVision Cloud
Vipre Endpoint Security Cloud
The settings tab lets an admin add and edit policies that apply to groups of devices. Each policy contains a well thought out series of options. Basic settings such as scheduled scans, updates, and alerts can all be configured from the corresponding operating system option. Microsoft Windows 10, Linux, Apple macOS, and Android each have their own individual controls. The Antivirus section offers the option of enabling or disabling various file, mail, and web protection settings. The firewall, likewise, has many of the options you'd expect, and you can assign custom rules so specific programs can be explicitly allowed or blocked. Administrators can choose from a number of smart intrusion prevention settings, too.
Device control is another easy to manage feature, that's divided into six categories: Removable Storage, Mobile Devices, CD/DVD/Blu-Ray Drives, Image Capture, Bluetooth, and Modems. Of those, besides explicitly allowing or blocking an entire category, specific devices can be allowed without restrictions in case blocking an entire category is too overbearing. It would have been nice to see a blacklist here as well, but overall, this configuration works.
Three Modes of Operation
One standout Panda feature is that it revolves around its three modes of operation. The first, Audit Mode, just watches and takes notes. There’s no protective action that happens here. However, Hardened Mode treats any executable originating outside the network as suspicious until it can be flagged as "goodware" by Panda’s cloud-based 100% Attestation Service. The executable will remain blocked until then. The third mode is Locked Mode, which is one step beyond Hardened. In this mode, any executable that isn't known and trusted gets blocked until proven good. Using this mode puts Panda in its most battle hardened state.
Panda's marketing claims that this approach makes malware attacks a thing of the past. However, this narrowly defines malware as only executable files. These days, however, malware can take many forms aside from an executable, including scripts from various scripting languages, all of which Panda has already classified as goodware.
Still, Panda's overall approach is quite secure. Infected machines can be isolated from the rest of the network, which is helpful to keep an infection from spreading. There's also a Data Control feature that scans systems for sensitive information, such as social security numbers, passport ID’s, bank account numbers, and more. This is mostly there to help customers maintain compliance with GDPR, and this information can be de-duplicated or removed from all machine on the network should an administrator decide it violates policy.
Detection Testing
As always, we started our detection testing with a phishing test. For this, we used 10 randomly samples from PhishTank, a third-party website that lists known phishing websites. Once we had our list, we navigated to each site in turn using the Internet Explorer instance resident on our test computer. Panda flagged 8 out of the 10 sites as suspicious and blocked them. However, all 10 sites were blocked by our Editors' Choice winner in this category, Bitdefender Gravityzone Ultra.
The next test was to download and execute a fresh malware database against the test system. On executing the extraction program, all samples were blocked initially while the detection engine picked them off one by one. The only oddity with the malware scan were two executables that were detected as viruses but needed additional user level assistance to remove. Considering that they weren't able to run, this was unusual, and the link to the instructions only took us to the top level help screen. While this wasn't a major issue, it was a bit confusing and annoying. .
Our third test was to see how Panda could defend against a browser-based exploit. In this case, we used a well known Internet Explorer vulnerability, called MS06-14. While this vulnerability got reported back in 2006, it's still got a good success rate against Windows Defender. We encoded a dummy website to attack with MS06-14 and then navigated to the site, again using Internet Explorer on our test machine. Had a remote shell been created, it would have meant the attack was a success, however, the attempt failed, so no shell was created.
Our last test simulated an active attacker. This test assumes that a limited account has been created somewhere on your local area network because a user has had his or her machine compromised due to a remote desktop protocol (RDP) password that's been brute forced. We established access to our test machine using RDP, but before that we encoded a variety of Metasploit Meterpreter payloads. We then downloaded them all to the test machine via RDP. Unlike most of our contenders, Panda left every one of the 42 we downloaded as available to execute. However, Panda always takes the stance that applications aren;t trustworthy to start, so all 42 were blocked from running as untrusted programs. Naturally, they'd never be validated as legitimate applications, so overall this indicated success. Of the scripted attacks that were available to execute, they were also blocked as soon as the Meterpreter instance was decoded. Again, a favorable result.
We then checked our results against those of third-party testers. In 2019, AV Comparatives, rated Panda as having blocked 99.6 percent of the threats tested, which stays in line both with Panda's claims and our own testing. Additionally, there were only 12 false positives, which is a fairly low number. Still, even with AV Comparatives, BitDefender GravityZone Ultra outperformed Panda in both areas, albeit not by much.
A Change In Security Philosophy
Overall we really liked Panda Adaptive Defense. This is a great product that does well not just in protecting systems, but in its attempt to change the philosophy behind endpoint protection. However, while signed executables will get categorized exceptionally fast, that weird tool your top developer just pulled off some dark corner of the Internet might take a while; so expect to have to do some whitelisting or juggle specific policies for those individuals. Frankly, we struggled with whether to give Panda an Editors' Choice nod this year, and the fact is that they came very close. But our other winners, especially Bitdefender, managed to produce equal or better results without forcing administrators to radically readjust their security thinking.
As a malware detection and prevention platform, Panda has significantly improved since we last reviewed it. While it could still be vulnerable to fileless attacks and scripts, since they bypass the 100 percent attestation service, this is still a well-designed and thorough protection platform,
Like What You're Reading?
Sign up for Lab Report to get the latest reviews and top product advice delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
