Review: Panda Cloud Office Protection
For small to midsize businesses, cloud-based endpoint security management can be a compelling alternative to running an on-premise antivirus management server.
Panda Security is not one of the biggest names in business endpoint protection, but it is a technology innovator whose recent efforts have focused on security delivered via the cloud.
Small and medium-sized businesses are the target market for the company's Panda Cloud Office Protection (PCOP) product. Large enterprise customers are better served by the "really big [vendors] with super robust reporting," according to Rick Carlson, President of Panda Security USA. Yet in the market segment of companies with between five and a few thousand employees, Panda's offering has proved itself to be surprisingly effective.
With Cloud Office Protection, Panda is setting its sights on organizations that have multiple locations to manage – such as retail or restaurant chains that might have three or four endpoints at hundreds of locations around the country, or companies with more than one office location as well as remote workers armed with laptops.
A key feature of business-oriented endpoint protection solutions is the ability for an administrator to centrally manage the product to ensure that all endpoints are adequately protected, to push security policies to endpoints, and to monitor and log malware detection activity. Panda's contention is that having each endpoint report to the cloud, from where it can be managed, is far simpler and lower cost than running WAN connections or VPNs between a management server running in-house and remote locations or mobile workers.
"Most endpoint protection platforms were designed for when machines stayed on the corporate network, " says Carlson. "PCOP eliminates the need for management servers, network configuration, and VPNs by moving management to the cloud." To administer and manage the system, administrators log on to Panda's web-based console, where protection and policies can be configured (such as the frequency of scans) and activity monitored, and unprotected machines on the local network can be flagged for attention.
PCOP works using a small antivirus agent which is installed on each endpoint. Since the product is aimed at companies with many locations, agents can be deployed remotely by sending emails to users containing a download URL. Alternatively the agents can be installed without end-user intervention using a distribution tool or an MSI installer distributed through login scripts, Active Directory, Tivoli, or LanDesk. The agent runs on Windows machines only – from Windows 2000 Professional to Windows 7.
Panda's antivirus agent has a lightweight footprint and is designed to use fewer memory resources than typical full-featured antivirus programs. Nonetheless, it has scored highly in testing by organizations such as AV-Test.
"We take an Apple-like approach, by giving customers what they need, without bogging them down with features that they don't need. As a result, it works well even on legacy machines that are due for replacement," says Carlson. To achieve this high level of protection, the antivirus agent uses standard antivirus signatures as well as fuzzy signatures that detect virus variants, heuristics, and behavioral based protection based on its TruPrevent technology, says Carlson.
In a standard enterprise endpoint protection setup, a server downloads virus signature updates from the vendor and distributes them to each endpoint over the local area network. Because PCOP dispenses with the enterprise server, Panda has built peer-to-peer technology into its agents to prevent your endpoints from bogging down your network connection by simultaneously downloading identical antivirus signatures from the cloud. Every time an endpoint checks for an update, it will first check to see if any other machines on the network have the latest signature file. If a local copy is found, the endpoint will retrieve the signature file over the local area network. If the update is not found locally, the agent will download it from Panda and then act as a local distribution point for that file until a newer update is available.
Panda's reputation system, known as Collective Intelligence, also runs in the cloud. This system receives unknown files which have been flagged as suspicious from endpoints protected by PCOP – as well as from Panda's free consumer cloud product, Panda Cloud Antivirus. If the file is known to be either malicious or harmless, the system returns a message instructing the endpoint to either block or allow the file. If the file is unknown to Collective Intelligence, it is then analyzed and classified.
"We have about 35 terabytes of information in the cloud about the files that we see, and Collective Intelligence allows us to provide protection quicker. It may take hours to push signature updates out, but we can provide protection from the cloud in about six minutes," says Carlson. This type of cloud-based protection is becoming increasingly valuable, and has been adopted by most large endpoint protection vendors including Kaspersky, Symantec, and Trend Micro.
Luckinbill Inc., an Oklahoma-based construction company, is a Panda customer that maintains a handful of offices and has a mainly mobile workforce. The company implemented PCOP two years ago to protect about eighty endpoints.
"The cloud nature of the system makes PCOP very cost effective compared to anything that needs a server to run," says Trevor Miller, the head of Luckinbill's IT department. The company thought about installing a competitor's product that requires an in-house server, but decided against it before installing it.
"It would have just been one more thing to manage. With PCOP we set it up and got everyone updated, and now it is very low maintenance," he says. The company had one virus incident since implementing the product, but otherwise the product has worked well, catching Trojans, rootkits and even malicious hacking attempts, according to Miller.
Panda is not the only vendor to offer cloud-based endpoint security management. But PCOP achieves consistently good results and is competitively priced. If you're responsible for the endpoint security of a small to midsize business with multiple offices or a mobile workforce, this solution merits a closer look.
Pricing: Panda Cloud Office Protection – ca. $29 per user per year for 100 users, discounts available for 2-3 year subscription.
Paul Rubens has been covering IT security for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.
Photography courtesy of Karin Dalziel.
February 23, 2012
With Microsoft's help, Panda is leveraging Azure's massive data centers to scale its Cloud Office Protection service globally.