Collective Intelligence. The Next Generation.

Today there is over 10 times more malware being distributed than two years ago. The obvious conclusion is that a security solution must detect 10 times more malware to provide adequate protection to users. While a fullfledged HIPS solution raises the bar substantially by detecting and blocking most of these with proactive technologies, it is still possible for unknown malware to slip through its defenses.

The Collective Intelligence approach is initially released at the end of 2006 in limited pilots with the objective of being able to reliably detect “10 times more than we are currently detecting with 10 times less effort”.

The pillars of this new system are:

• Collection of data from the community. The system centrally collects and stores behavioral patterns of programs, file traces, new malware examples, etc. This data comes from Panda users, and from other companies and collaborators. This wide capacity to collect information provides higher visibility of the threats that are active in the Internet.
• Automated data processing. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the community with PandaLab’s extensive malware knowledge base. The system automatically returns verdicts (malware or goodware) on the new files received from the community, thereby reducing the tasks that PandaLabs must carry out manually to a minimum.
• Release of the knowledge extracted. This knowledge in delivered to users as web services or through signature file updates.

We have developed and deployed a few services already that function purely based on the Collective Intelligence platform. These online services are designed to perform indepth audits of machines and detect malware not detected by the installed security solution.