What information is sent and stored in the cloud of EPP and EDR solutions

Along with the frequent innovations in the law on personal data and the increasing role of the state in this matter, there are questions about the privacy policies of various vendors . And is it worth trusting software vendors for their personal data? Moreover, it is interesting to know what information antivirus vendors collect, transmit and store in the cloud. In this article, we consider this question using the example of a cloud-based security solution for corporate clients of Panda Adaptive Defense [360] (whose centralized management console is also located in the cloud).

We have repeatedly written about Panda cloud solutions for centralized endpoint protection, which include Panda Endpoint Protection [Plus] and Panda Adaptive Defense [360] . The peculiarity of these solutions is that their entire infrastructure (management console, database, repository, etc.) is moved to the cloud, and local agents are installed on the endpoints.

Since local agents and the management console must constantly exchange information, it turns out that local agents send something to the cloud. Let's see what is sent to the cloud and what is stored there.

What data is sent to the cloud

The new security model in Panda Adaptive Defense requires the collection of information about what each application does. Continuous monitoring of actions performed by applications, as well as further analysis of this data using machine learning techniques in our Big Data environment, is what allows us to offer users a high level of protection.

The data collected by Panda Adaptive Defense complies with the following rules:

• Only relative information about executable files in Windows (.exe, dll, etc.) files that are started / loaded on the machine is collected.

• Attributes of such files are sent as standard links without specific information for each user. For example, file paths are standardized as LOCALAPPDATA \ name.exe instead of c: \ Users \ USERS_NAME \ AppData \ Local \ name.exe.

• Collected URLs for downloadable executable files only. Those URLs that the user himself opens in the browser when viewing sites are not collected.

• The data collected does not contain personal information.

• In no case does Panda Adaptive Defense send personal information to the cloud .

The following information is collected from each machine:

• Device Name.
• Operating system.
• Service Pack.
• The group in which the protected PC is located.
• The default IP address of the machine.
• MAC address.
• IP addresses assigned to various web adapters.
• MAC addresses for various web adapters.
• Memory RAM in MB.

As important information to support the new model of protection in Panda Adaptive Defense, information about actions taken by applications in the system is sent to the cloud.

In addition, you may need to send executable files to our cloud platform for Collective Intelligence. To reduce the level of use of the communication channel, only those executable files that are not yet present in it are sent to the Collective Intelligence platform.

By sending any executable files, we guarantee that in any case they will not contain confidential user / client information.

All collected information is sent to the cloud in encrypted form . In some cases, we use SSL, sometimes Blowfish encryption.

Data transfer to third parties

All working information is stored exclusively on our Windows Azure cloud platform.

Information is not passed on to third parties , unless the users:

• They want to receive information in their SIEM system about alarms and safety data collected in Panda Adaptive Defense. The collected security information is sent to the user’s SIEM using a secure protocol by prior agreement with it.

• Use the Logtrust platform (Advanced Reporting Tool) - SIEM-Ulitita, which is integrated into Panda Adaptive Defense [360] by default. Logtrust is a Big Data cloud platform that stores real-time information about collected parameters from all machines protected by Panda Adaptive Defense. Information is sent to Logtrust via HTTPS and stored in Logtrust CPD.

Cloud platform security

The entire cloud infrastructure of the Panda Adaptive Defense [360] solution, as well as their “minor versions” of Panda Endpoint Protection [Plus], is located on the Windows Azure platform. It provides maximum protection and confidentiality of stored data. The security and control policies set in Azure are described in the White Paper “Windows Azure Security Overview” .

What security does the platform where logtrust is located provide?

Logtrust uses Amazon Web Services, providing all the benefits of physical and information security of Amazon data centers.

For more information, see the following AWS Cloud Compliance document.

Access to Logtrust systems is always filtered by the firewall and is protected using certificate-based authentication. In addition, all the systems, services and applications that make up the cloud infrastructure transmit their logs for audit and security purposes.

Safety certificates

As mentioned above, Windows Azure runs on the infrastructure of Microsoft Global Foundation Services (GFS).

The following document contains information about security management in Global Foundation Services (GFS), a Microsoft cloud infrastructure running Windows Azure.

Windows Azure Certificates:

• ISO / IEC 27001: 2005
• Statement on Auditing Standards No. 70 (SAS 70) Type I and II
• Sarbanes-Oxley (SOX)
• Payment Card Industry Data Security Standard (PCI DSS)
• Federal Information Security Management Act (FISMA)

More information about the certificate 27001 .

By the way, the page contains a white paper that describes how Windows Azure meets the security requirements that are defined by the Cloud Security Alliance, the Cloud Control Matrix.

Paragraph from this book:

"Our security framework is based on ISO 27001, which allows users to evaluate how Microsoft meets or exceeds security standards and how they are applied. ISO 27001 defines the implementation, monitoring, maintenance and continuous improvement of an information security management system (ISMS). In addition, the infrastructure GFS is annually audited by the American Institute of Certified Public Accountants (AICPA) Statement of Auditing Standards (SAS) No. 70, which will be replaced by AICPA audits. No. 3402. Also a plan ruetsya audit Windows Azure as part of SSAE 16 audit ".

Platform security certificates where Logtrust data is located

Those users who intend to use the Logtrust service should know that they can rely on Amazon CPD physical security measures.

As you can see in this document, Amazon has all the basic certificates:

• ISO / IEC 27001
• SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS70)
• Payment Card Industry Data Security Standard (PCI DSS)
• Federal Information Security Management Act (FISMA)

Where is the Windows Azure platform located?

Windows Azure has its nodes around the world. Now the Panda Security data center is located in Dublin (Ireland). Below is a photograph of a data center in Ireland.

Where is the Amazon Logtrust platform located?

Logtrust operates in high availability mode on its platform at Amazon, located in its own data center in Ireland.

Conclusion

Panda Cloud Solutions are serious solutions that are manufactured by Panda Security with its headquarters in Spain. Taking into account the high requirements for the protection of personal data in the European Union and the United States, these solutions have all the necessary international certificates that guarantee the security and confidentiality of transmitted data and information storage systems.

As a result, no personal data is transmitted to the cloud from local agents .