"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available."           Thomas Mann, 1896

---

Executive summary

Latest data indicates that one in every 204 e-mail messages contains a virus, and that 99 percent of viruses enter companies via SMTP mail or HTTP web-browsing.

And its not just viruses that cause problems. For example, the SQL Slammer worm hit thousands of servers around the world, exploiting buffer overflow vulnerability and causing denial of services in SQL servers which resulted in losses estimated, according to Computer Economics, at 705 million euros.

Due to the increasing sophistication of Internet-borne threats, Panda Software proposes a layered protection strategy in which the Internet gateway plays a vital role, as is the strategic network point used to send and receive e-mails, all type of content... and 99 percent of viruses.

Panda GateDefender Performa is a hardware device that combines with high-performance software to provide maximum anti-malware protection at the Internet gateway. It boosts and complements other types of anti-malware protection that could be installed across your company, stopping all types of malware, such as viruses, Trojans, worms, dialers, phishing, etc.

PERIMETER PROTECTION STRATEGY

In recent years, the entry points used by computer viruses have varied greatly. Whereas before, floppy disks and other removable devices were the main source of infections, nowadays the Internet is unrivalled as a channel for infections.

Similarly, viruses that enter via the Internet are, statistically speaking, the fastest and most dangerous, often with multiple propagation and infection methods such as the so-called ‘blended threats’. This makes it essential that protection is installed in gateways as most viruses enter via e-mail or Internet downloads.

According to Computer Economics, 99 percent of companies surveyed have some kind of antivirus protection installed. Even so, 76 percent admit having been infected by a virus in the last year and over 50 percent reported having suffered a massive virus attack.

The simple answer might seem to be that antivirus protections are not offering adequate protection. The truth however is quite different. Although 99 percent of companies have some kind of antivirus protection, in most cases one of the following points applies.

• The antivirus protection only covers certain platforms. In most cases, workstations and servers are covered, but not all companies have protection for Internet and mail gateway servers.
  

• Antivirus settings are often inadequate to face the latest Internet-borne threats, such as resident protection disabled in desktops, outdated versions of the antivirus, slack signature file update policy and no proper gateway content filtering policy.
  

• In many companies there are groups of users to which antivirus policy is not applied, either because they are remote users, groups of administrators or simply because there is no policy.

Today, 100% security doesn’t exist. However, Panda Software gets as close as possible by promoting a layered anti-malware protection strategy. By protecting all layers of the organization - inbound/outbound Internet connection (Router), web browsing (proxy server, web and database servers), e-mail gateways (SMTP), data storage (Internal database servers), internal messaging (Groupware and Collaboration), file servers and users (desktops and remote users)-, as well as all possible communication and information exchange protocols in all products, security levels begin to reach the longed-for 100 percent protection level.

In this way, for each layer of the organization, Panda offers a different product, optimized especially for each environment, Panda GateDefender Performa is the product designed to protect Internet connections from any kind of content type threads.

As layers of protection are added, the effectiveness of antivirus protection and therefore investment in security is maximized. This layered security strategy makes it extremely difficult for a virus or other malware to enter the organization, thus reducing the risk of infection and propagation. The more layers of an organization that are protected, the nearer the organization will be to achieving 100% security.

PANDA GATEDEFENDER PERFORMA: LAYERED PROTECTION

The Panda GateDefender Performa is a high-performance, dedicated perimeter protection device, which combines hardware and software to provide maximum ease of management. It protects clients from the main Internet threats (viruses, worms, Trojans, etc.) at the Internet gateway, preventing them from getting into corporate networks and spreading before they are detected by other security systems.

The integration of hardware and software allows this solution to offer optimum performance. As it is installed in the network perimeter, it protects the Internet gateway, reducing the risks and workload of the rest of the network computers and as it is a dedicated solution, it guarantees maximum performance in the tasks it is configured to carry out.

It offers gateway level protection designed to integrate simply in any network and without degrading corporate network performance or productivity, and without affecting other critical systems such as firewalls and application/web servers.

GateDefender Performa is available in three models to adapt to the needs of small to large companies, with up to 40,000 workstations, adjusting scan capacity to the overall volume of network traffic.

The main advantages of the new version of GateDefender Performa are its efficiency, wide functionalities, ease of use (‘plug-in and forget’) and high performance and scalability.

It scans the six most widely used protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP). High performance, transparent to users Panda GateDefender Performa takes over the workload of the traditional antiviruses in your network, both on workstations and servers, optimizing use of the network resources.

It guarantees excellent performance and the highest scanning capability of its class. It can scan up to 1,260,000 messages per hour (SMTP traffic) and 170 MB per second (HTTP traffic) completely transparently to corporate network users.

Daily Auto-updates

The viruses signature file is automatically updated every ninety minutes and the scan engines, every twelve hours.

Panda GateDefender Performa will be the most updated protection system installed on your network. Easy administration. 'Plug-in and forget it'

Designed to integrate simply in any corporate network, with no need for reconfiguring network traffic. Panda GateDefender Performa sends to the administrator in a proactive way all relevant information about Antimalware activity in real time graphic reports. It is managed safely and remotely through a simple intuitive web console.

Content filtering Blocks potentially dangerous content hidden in different types of files before they enter the network and prevents  unnecessary resources and bandwidth consumption.

Low cost of ownership

By preventing saturation of network resources and loss of productivity, along with its 'plug-in and forget' operation, result in low cost of ownership of Panda GateDefender Performa.

High scalability and load balancing GateDefender Performa adapts perfectly to the needs of all small, medium and large companies -up to 40,000 workstations- adjusting scan capacity to the overall volume of network traffic. Its load balancing is completely automatic and native, allowing workload to be shared across multiple units. The result is increased scalability and improved antivirus performance.

Detailed graphic reports and customizable alerts

GateDefender Performa provides real-time network traffic and anti-malware protection activity graphic statistics. It also offers comprehensive graphic reports on all the malware detected, as well as customizable alerts and notifications. Besides, the chance to send all important events through the standard log format Syslog, allows the administrator to analyze everything is happening in the GateDefender Performa units with a standard analysis system which can monitor many network devices at the same time, in order to control all network elements. Similarly, all events produced in GateDefender Performa units are sent through SNMP protocol in order to allow centralized monitoring of all devices installed in the company network.

Layered protection

Panda GateDefender Performa represents an extra layer of defense for the corporate environment, as it prevents worms, viruses and Trojans from even entering the network, perfectly complementing the role of other types of protection installed.

The antivirus in a workstation prevents the action of a virus that has entered the corporate environment, via a laptop with a modem or external storage drives.

Gateway antivirus solutions installed in network servers protect the servers and prevent that malware detection systems in workstations degrade corporate productivity.

Panda GateDefender Performa blocks all types of malware entering or leaving via the Internet and filters traffic that uses the protocols HTTP, FTP, SMTP, POP3, IMAP4 and NNTP, as well as stopping attacks like SQL Slammer or other vulnerability exploits that go unchecked by traditional antivirus. By doing this it increase protection and free up the rest of the computer so that they can dedicate 100 percent of their resources to the corresponding functions. As it is an integrated protection system, both the hardware and software settings are designed for optimum performance, minimizing its impact on the network.

If protection is not installed in the rest of the network layers and a virus slipped in through a laptop computer, for example, Panda GateDefender Performa would only stop the virus from leaving the network, preventing the effect that sending a virus to clients or suppliers can have on corporate image, but the network would be infected.

Panda GateDefender Performa is also a complement to the role of the firewall antivirus, as it allows for improved performance and prevents vulnerability exploits that traditional antivirus for firewalls can’t detect. Panda GateDefender Performa is a dedicated device optimized for anti-malware, antispam and web filtering, while a firewall is a dedicated access control server. This separation of roles should be fundamental for the company’s main servers.

So there is a clear need to strive for 100% security with a layered protection strategy as provided by Panda Software. Each protection layer added increases exponentially the value of the solutions installed across the network. Over the last few years, we have witnessed the appearance of fast-spreading worms that go one step ahead of conventional antivirus protection by using spam message to spread and often use e-mail as their only means of transmission.

TECHNICAL DETAILS

Panda GateDefender Performa is a device that is installed in the network perimeter to intercept and scan both inbound and outbound traffic, offering complete anti-malware protection. Scanning of communication protocols GateDefender Performa intercepts and scans HTTP, FTP, SMTP, POP3, IMAP4 and NNTP traffic for malware. The administrator can enable or disable the scan of each of these protocols.

In order to intercept and filter traffic in each protocol, by default the system will use the standard ports:

• Internet access (HTTP): 80
  

• File transfer (FTP): 21
  

• E-mail (SMTP): 25
  

• Download mail (POP3): 110
  

• Download mail (IMAP4): 143
  

• Access to news (NNTP): 119

The user can modify these ports or enter additional ports for each protocol from the administration console. Therefore, both standard ports and the additional ports specified by the user will be used.

Operating system and interception software

The software incorporated in GateDefender Performa is based on the Hardened Linux operating system, reinforced and optimized to offer maximum security and high performance. The GateDefender Performa  operating system only includes the services and processes it needs to function correctly.

Panda GateDefender Performa acts as a transparent bridge between the Internet and the corporate network. This means that the traffic passes through transparently and the device intercepts the protocols it has been configured to scan.

GateDefender Performa protects against all types of malware using specific detection engines for each different type of threat.

Antivirus protection - It protects against all types of viruses worms and Trojans that pass through the GateDefender Performa unit, allow you to disinfect the files or delete them. You can even configure GateDefender Performa to delete the entire if an infected file is received in an email message via SMTP instead of just deleting the attachment.

Heuristic protection - It protects against new threats that have not yet been cataloged by analyzing the behavior of executable files and determining if they carry out any typical actions associated to viruses, Trojans, spyware, etc. It also blocks suspicious files received via HTTP and FTP and allows you to delete or redirect the message if the suspicious file is attached to an email message. The administrator can also define the sensitivity level of this scan.

Anti-spyware protection - It protects against spyware programs that are capable of extracting information from the network and sending it to third-parties.

Anti-phishing protection - It protects network computers against phishing attacks. Phishing is a technique that tries to trick through a message that fakes the identity of a company and asks the recipient for confidential data. The recipients of these messages do not notice any difference with communications sent by the entity they are imitating and therefore, the number of victims of phishing is growing.

Anti-Joke protection - It prevents files and messages classified as jokes from reaching the corporate network, avoid loss of employee productivity. These files or messages do not damage corporate information but can cause users to waste time.

Anti-dialer protection - It protects against dialers that redirect the modem connection to premium rate phone numbers, which cause significant financial damage to the company.

Protection against other risks - Protects against risks not classified as malware as such, but could become a threat in the future. These risks include hacking tools and security risks which can compromise the corporate network.

Definition of trusted sites and domains - This option allows administrators to generate a list of sites and domains whose traffic will not be scanned for malware.

Content Filter

The Panda GateDefender Performa anti-malware module can detect and eliminate other malicious content or unwanted content that can be included in files and messages or hosted on the websites visited from inside the corporate network. The content filter protection can be defined separately for:

• Web browsing and file download protocols (HTTP and FTP): The Filtering of the files received and the files sent is configured separately and the HTML page filter can contain different types of scripts.
  

• Mail and news protocols: Filtering on inbound messages and outbound messages can be configured separately for each protocol and filtering of messages can be distinguished from filtering of attachments.

Attachments - the administrator can filter attachments

• With a double extension or truncated extension
  

• With macros
  

• Protected with a password
  

• With an inconsistent extension and MIME type
  

• Attachments that exceed a certain size
  

• Suspicious compressed files
  

• With dangerous extensions
  

• With dangerous MIME types
  

• ActiveX controls
  

• Java Applets

Messages - The messages can be filtered to

• Scan text content: defining filtering rules.
  

• Delete embedded scripts
  

• Delete calls to external scripts
  

• Delete external references
  

• Scan number of recipients
  

• Block malformed messages
  

• Block partial messages

Anti-malware activity Graphic information

Panda GateDefender Performa includes in the administration web console interface the graphic visualization of the evolution along time of Anti-malware and Content Filter protection. This real time graphic visualization allows administrator to easily view al the threats stopped by the GateDefender Performa Anti-malware module and to evaluate the efficiency of the solution according to real activity data recorded in the real corporate network where GateDefender Performa is installed.

Auto-restore System

Under extreme circumstances (excessive heat, etc.) damage could be caused to the Panda GateDefender Performa hardware, such as hard disk corruptions or physical damage in some partitions.

To prevent system failures in these cases and ensure continuous perimeter anti-malware services, Panda GateDefender Performa includes a partition control or auto-restore system. When GateDefender Performa is started, a control partition is booted, which decides which work partition is going to use to execute the anti-malware system If the auto-restore system detects that the work partition fails, it will start the next established partition. It will also try to restore the damaged partition, in order to make it functional for later bootings.

The system partitions are updated with the latest software versions, in order to make restoring as least traumatic as possible.

NOTE: There are other perimeter solutions that promise high-availability using SCSI RAID disks. Panda Software believes that SCSI RAID disks are only necessary for storage servers that have to protect data and provide high-availability. However, SCSI RAID disks don’t offer any benefits in devices that are not geared to storing data, such as Panda GateDefender Performa or other appliances on the market. This is really just another marketing angle that does no more than add to the cost for the end-user and Panda Software would prefer to eliminate unnecessary costs. Panda GateDefender Performa offers high availability by using tools like WatchDog and Auto-restore System, as well as load balancing.

WatchDog.

Panda GateDefender Performa 8000 series incorporates a system monitoring circuit integrated in the motherboard that avoids the systems getting blocked for a long period. The Watchdog system receives  signals that assure that the system is working properly, and in the case that the signal is missing for a certain period the system will be completely restarted from the motherboard. This will prevent the network services form being inaccessible for an excessive period of time.

Thanks to this fault tolerance system, Panda GateDefender Performa can recover automatically from service failures either in the applications or the operating system.

In addition to this “watchdog hardware” Panda GateDefender Performa has a “watchdog software” that periodically monitors the state of all the processes being executed. If it detects that one of those is not working properly it will try to recover the process without having to completely restart the system. If the recovery of the process would not be possible, it completely restarts the system from the watchdog hardware. This software fault tolerance system allows the recovery of processes without the need of a complete restart of GateDefender Performa.

Load balancing

Load balancing allows the workload to be shared across multiple GateDefender Performa units, providing improved performance and higher availability. No additional hardware or software is needed to implement load balancing across multiple GateDefender Performa units and although it is highly advisable to use switches, these can also be connected through hubs.

One of the devices will act as the master, with the rest acting as slaves. From the administration console, users can view all the devices in the load balancing system and the mode each one is running in.

When several GateDefender Performa units are installed in parallel, they will automatically negotiate the role or mode of functioning of each one and whenever a new device is incorporated, the modes of functioning will be re-negotiated.

The master appliance implements a load balancing algorithm and redirects connections to the different slave appliances in order to balance the system workload. The master device will also scan connections and let clean traffic through.

Slave appliances will not let traffic through and will simply scan the connections redirected to them, returning clean traffic to the master appliance.