New Aether Enterprise Security Management Cloud Console
Panda Security Launches New Aether Cloud Console for Centralized Management of Enterprise Information Security The implemented changes provide significant advantages in the management and rapid response to critical incidents, especially for medium and large enterprises. Let's look at them.
In recent years, Panda Security has been actively developing the functionality of its cloud-based enterprise solutions. The most significant event was the release in 2015 of the Panda Adaptive Defense 360 cloud security solution.The first cloud-based product that combines next-generation endpoint protection technology (NG EPP) with endpoint attack detection and response (EDR) technologies. After that, the product constantly acquired new features: EDR technologies were improved, a new anti-exploit technology was introduced, a remote computer control system was integrated, a simplified SIEM system was integrated for in-depth analysis of all ongoing IT processes. On the way: a new module for controlling personal data and integration of the patch and update management system.
Of course, all this has significantly improved the effectiveness of these solutions and become leaders in protecting against unknown threats, exploits, ransomware, fileless attacks and attacks that do not use malicious programs. But, admittedly, the products lacked a new management console, which would allow many issues and tasks to be solved faster, easier and more efficiently.
What is Aether?
With the release of the new version of the Aether cloud management console, this gap has been eliminated.
Aether is Panda’s new, efficient, scalable, and extensible platform for centralized management of enterprise solutions. Moreover, in a single console with a single agent, centralized protection of devices with Windows, Android, Mac and Linux is provided.
Aether is the management console for the following Panda enterprise products:
• Panda Adaptive Defense
• Panda Adaptive Defense 360
• Panda Endpoint Protection
• Panda Endpoint Protection Plus
The new console, primarily designed to meet the needs of medium and large enterprises, as well as managed security service providers, was created to solve the following problems:
1. Transfer management processes to real-time mode
2. Simplify management processes for protected and unprotected devices
3. Increase transparency and control over user activity
4. Provide more detailed settings
Let's go through the new console and see what happened.
Access to the console:
Password: DRUSSIAN # 123
After authorization, on the account selection page, select the top one from the list with the Panda Adaptive Defense 360 with Advanced Reporting Tool product, and then agree to the license agreement.
The first thing that immediately catches the eye of those who are familiar with the previous (traditional) version of the console is design changes. The product menu is divided into two parts: the main menu is horizontal at the top, and on the left is the context menu, depending on the section selected in the main menu. In addition, the console design is now optimized for working on mobile devices: indeed, depending on the size of the screen, the appearance and arrangement of the console elements changes in such a way that all the most significant and necessary is at hand. Plus, transitions between sections and contextual functions are quite conveniently thought out, which allows you to find the required information and option in a few clicks.
In general, the design has become more rigorous, but at the same time lightweight and not distracting from work.
As in the previous version, the main page of the console is the Status section, in which at a glance you can evaluate the security status of the enterprise and the status of licenses.
The Security subsection provides general information on security and threats in the form of the following widgets:
• Protection status on all managed devices
• Statistics on computers offline for the last 72 hours, 7 days and 30 days, on devices with up-to-date protection or knowledge, as well as requiring reboots
• Programs allowed by the administrator , depending on their classification (malware, PUP or pending classification in PandaLabs)
•Classification of all running or tested programs with the distribution by type of classification (reliable program, malware, exploits and PUPs)
• Automatically unclassified objects refer to blocked programs awaiting classification, statistics for which are displayed in the widget of the same name. The claimed classification rate is up to 3 days, although practice shows that in most cases this period of time is limited to several hours.
• Widgets malware activity , activity PNP and Active exploits show information on the activity of the respective types of threats.
• Below - distribution by type of threats detected by the antivirus for the selected period of time and statistics on the operation of the content filter for Exchange servers.
When you click on the sectors of diagrams or the histogram columns in widgets, you can go to the corresponding lists, for example, the list of computers on which the PUP activity was observed, or the list of malware activities:
The Web access and spam subsection provides statistics on the categories of websites to which users of protected devices accessed, as well as spam data detected on Exchange servers.
In both subsections you can choose the time period for which you want to see these statistics: for the last 24 hours, 7 days, a month or even a year.
All of the above was in the previous version of the console, but in Aether , the My lists section appeared in the context menu of the Status section , in which you can quickly create lists according to a number of criteria with the possibility of adding them to this context menu so that you can subsequently access them quickly. To view and, if necessary, add a new list to the menu, you must click the Add link , and then select the type of the list from the ones proposed: Here, for example, display the list of Running malware with a list of computers on which the malware was launched.
In the table of elements in the selected list you can see all the necessary information. For example, in this list for each element you can see the computer on which this element was detected, the name of the malware, the path to it on the computer, whether an attempt was made to start, access data, perform external connections, what action was applied to this malicious Software, date and time of detection.
The table of elements can be sorted in ascending or descending order by any column by clicking on its name once or twice, respectively.
When you click on a list item, you go to a page with more detailed information on the selected item (for example, details of malware detection), which I will discuss below.
In the lower right corner there are page navigation elements with the ability to select the number of elements on the page.
In addition to the required information with the list of devices, you can quickly configure this list “for yourself”:
• Change the name and description of the list
• Change the selection criteria for a number of parameters
• Copy this list, for example, to create another list based on it
• Export the list
• Delete the list
As you can see, everything is quite simple and convenient. Working with lists greatly simplifies and speeds up the receipt of the required information on security status and events occurring on the network.
Threat life cycle
When you click on an item in the corresponding list or widget, you can go to the page with expert information for each discovery. Here, as in the previous version of the console, complete information on the detection and all events associated with it is presented.
The upper part contains general information on the threat with the ability to exclude from blocking, and for temporarily allowed processes, on the contrary, to block.
The Details tab contains the following information:
• Data on the infected computer - name, connected user and detection path
• Conclusions on the degree of influence of the threat on the computer - the name, the ability to search for information on it in Google and Virustotal, the date and time of detection. In addition, from here you can go to detailed information on all the processes associated with this threat, up to viewing the activity graph in time
• Source of infection - the name of the computer where the threat first appeared, its IP address and information about the user who the moment was connected to this computer
• Information on the manifestation of this threat on other devices on the network
On the Activity tabDetailed information is provided about all events that are associated with this discovery. Because Panda Adaptive Defense monitors all causal relationships between all IT processes, this allows you to compose the entire threat life cycle, i.e. its appearance and all the processes that were generated after this: what was started, downloaded, transferred, copied, deleted, written to the registry, including command line information, registry values, file hashes, protocol and data transfer directions, and much more.
When you click the Watch activity graph button, you can go to a graphical representation of the activity of this threat with the ability to view dynamics over time.
The presence of such detailed expert information on each detection distinguishes Panda Adaptive Defense 360 from other corporate security solutions. Analysis of this information allows you to identify weaknesses in the enterprise security system, suspicious and dangerous activity of employees, possible incidents of data leakage.
In the Report for the manager section, you can generate the required report with information on license status, network status, detections, web access and spam.
Here you can schedule automatic generation of the required report with the ability to send to specific email addresses with the required frequency and other parameters.
admit, in the new Aether console, the process of managing computers is much simpler and more intuitive, especially in combination with the ability to easily and remotely perform a number of new tasks in real time. Honestly, this was greatly lacking in the previous version of the management console.
Device management is carried out in the Computers section .
On the left side of the screen is a block for selecting the required computers either by filters or by the organizational tree. In the previous version there were no filters at all, but they were sorely lacking. Now you can use one of the predefined filters (for example, by type of operating system, device type, hardware features or the presence of specific software), and you can also easily and simply create your own filter. To do this, in the desired folder in the list of saved filters where you want to add a new filter, click the button with three dots and select Add Filter in the drop-down menu .
After that, in a new window, you can specify all the required selection criteria.
When setting up the sampling conditions, you are asked to select a category of conditions (computer, license, modules, settings, hardware, software), its property (a huge amount depending on the category), operation (equal, not equal, contains, starts, etc.) and directly value of this condition. You can create several conditions, group some of them, selectively apply or not apply. This degree of detail allows you to customize almost any desired sample.
You can easily transfer each created filter to another filter folder, copy, change or delete.
Here, on the left side of the screen in the block of selection conditions, you can switch from filters to the organizational tree. Folders in this tree can be created by you yourself, or you can also integrate Active Directory folders.
Again, in relation to any folder, you can quickly perform various actions:
• Add a group (folder) to it
• Rename, delete, move to another folder
• Change the settings of this folder
And what’s very convenient is to perform various actions with respect to computers in this folder:
• Run the scan
• Schedule the required task
• Isolate the computer from the network (or stop isolation)
Such capabilities, for example, allow in real-time critical situations to simultaneously launch an anti-virus scan on all (or required) computers in seconds (even if there are tens of thousands of such computers).
In the main part of the Computers section, a computer search block is presented with the ability to add computers (i.e., install protection on them), which I will write about separately in the article in the near future, and the option to export the results. Below is a table with a list of selected computers. In this table, for each device, the following data is visible:
• Computer name
• IP address
• The group in which it is located
• Operating system (name and version)
• Last connection to the cloud
Each computer on the right has a button with three dots, when clicked, a context menu is called up. With it, you can already perform certain operations in relation to this device: move to another folder, delete, perform various tasks (run a scan, schedule a task, reboot, isolate from the network, report a problem to Panda technical support, etc.) .
When you click on the device, you go to the page with a detailed description. And here, too, there are interesting changes compared to the previous version of the management console.
The upper part provides general information: the name of the computer, its IP address, Active Directory folder, group, operating system and its version. Also in the upper right corner are icons for performing various actions in relation to the selected computer.
One of the innovations of the new management console is the ability to isolate the required devices from the network. In this case, an isolated computer can only exchange information with the Panda cloud, but for all other communications it is offline. In this case, for such devices, a red icon is additionally shown in the computer table, and a warning message with the Stop Isolation button is issued on the computer details page .
All information about the computer is divided into four tabs: Details, Hardware, Software, Settings . And here, too, could not do without pleasant changes.
On the Details tabYou can see all the basic information on the computer and its security status. By the way, a convenient option for license release appeared here, as a result of which the computer goes into the status of unprotected computers, and a free license appears in the virtual warehouse, which can be transferred to another device.
The new Hardware tab now contains detailed information about the hardware of this computer: processors, memory and disk. By revealing the corresponding parameter, you can immediately see all the information on this hardware, as well as the percentage of its use. Here, for example, memory information:
On a new software tabdisplays information about installed programs and applications, as well as their updates / patches. The table immediately shows the name, manufacturer, installation date, size and version.
By the way, when you click on the Install and Uninstall link, you can get a detailed log of all program installations and uninstallations and their updates / patches in chronological order by date (default).
The Settings tab contains all the settings that apply to this computer: general computer settings, proxy and language settings, as well as the corresponding security settings. Right on this tab, you can make changes to the settings of a specific device or to the policies themselves. I’ll tell you more about the settings below.
As you can see, in general, computer management processes have become more flexible and simple. Thanks to new filters and task functionality, you can very quickly select the required devices and perform the required actions with respect to them, which significantly increases the speed and efficiency of responding to any incidents.
A distinctive feature of the settings in Aether compared to the previous version is that now the security, network and computer settings are independently configured. This allows you to configure configurations more flexibly and in detail, and also greatly simplifies the process of setting up a fleet of computers in medium and large organizations, making this process more transparent.
Let's go to the Settings section .
settings Policies with general settings for Panda Adaptive Defense 360 on computers are configured in the Computer Settings section .
By default, there is always a Default Settings policy.. This policy cannot be deleted. But you always change it, as well as create your own policies, for which you need to click the Add button .
The policy must have its name and, if necessary, a description of the policy (this is most likely as a comment for itself and other users of the console). You can immediately select the recipients of this policy by clicking on the appropriate link. Moreover, you can select both specific computer groups from the organizational tree (including the AD folders), as well as any individual devices, regardless of their binding to a specific group.
In the Updates section, you need to configure (change the default settings) parameters and update schedules of local agents. In sectionProtection against unauthorized interference with the protection operation, you can configure the following options:
• Request a password to remove protection from the computer
• Deny or allow the user to manage protection modules from the local agent console
• Anti-Tamper, which prevents users or threats from stopping protection
• Password for execution management tasks from the local agent console
Network settings for Panda Adaptive Defense 360 and its local agents are carried out in the Network Settings section , which is divided into three tabs: Proxy and Language, Cache and Detection .
Proxy and language
There is also a default policy, but you can create your own.
Here, everything is similar: each policy needs to be configured with a name, description (optional) and recipients, the latter can be configured at any time (when adding a policy or at any other time both in the Settings section and in the Computers section).
In the Language section, you must specify the protection language (local agents), and in the Proxy section- standard corporate proxy settings or select as a proxy any Windows computer with Panda Adaptive Defense 360 installed. In the latter case, this computer will act as a proxy.
Here in the advanced settings there is an option to enable data transfer in real time. Real-time data transfer on computers applies any changes made to the web console in seconds. However, this requires that each computer has an active connection and can generate a large amount of traffic in a very short period of time. If you disable this option, it may take several minutes to transfer information to your computers. In general, it is worth noting that the word "big" is a relative term here, because in general, the amount of generated traffic is completely invisible against the background of all network traffic.
On the Cache tab, you can select the computer that will be used to cache updates, installers and any other packages downloaded from the Internet.
A small remark regarding local agent updates. By default, peer-to-peer technologies are used for these purposes. As soon as the first PC is updated, it begins to transmit information about its updated status to the corporate network. Other PCs receive this information, and if they are not updated, they are updated from the first PC. Then they can also broadcast their status to the network so that other PCs can update from them, etc. Each PC updates ten others. All this happens automatically and instantly. But if necessary, you can configure specific cache computers from which other computers will be updated, thereby canceling the "peer-to-peer" principle. Discovery
Tabdesigned to configure those computers that will be used to search the network for new, unmanaged computers.
When setting up a computer for detection, you must specify a schedule for automatically starting the detection function (time and frequency), as well as the detection area, i.e. that part of the network in which the search will be performed (in the entire network, in certain domains or ranges of IP addresses).
This approach is very convenient because the entire company network can consist of several subnets / segments, and therefore for each of them you can configure your computers for detection (one or more).
You can view the list of detected unmanaged computers in various ways: through lists and the Protection status widget in the Status section, when adding computers in the Computers section , when setting up computers for detection in the Settings section .
When viewing the table of detected computers for each of them, you can see the name of the computer, its status (not managed, installation error, during installation, etc.), IP address, manufacturer, which computer was last found, date and time of the last detection . For each such computer (or a selected group), you can perform the following tasks: start the task of remotely installing the Panda agent, transfer it to the list of hidden computers, and remove it from the database.
Under My AlertsYou can specify the conditions under which notifications will be sent, as well as the email addresses where they should be sent. So far, in the new version of the Aether console, notifications are being sent in English or Spanish, although Russian will also be connected in the future.
In the context menu of the Settings section , there is a Security section where you can go to individual settings for workstations and servers (Windows, Mac, Linux) and Android devices. Here, everything is similar to other settings: there are default policies, you can create your own and assign them to the required devices separately or in groups.
In general, the security settings remained unchanged compared to the previous version of the console, however, they became a bit in a different design. Here I will not dwell on all the settings separately, because there are a lot of them. I note only that by default, many parameters are configured quite optimally, although you have freedom of choice and settings. I would also “twist” some options a little (firewall, advanced protection, etc.).
In the previous version of the management console, it was also possible to configure several users who, with different rights, could have access to the cloud-based centralized management console. In Aether, these functions have become more flexible and detailed, in addition, a user activity log has appeared. Let's go in order.
So, in the Settings section there is a Users section , which is responsible for setting up console users. This subsection is divided into three tabs: users, roles and activity .
This time, start with the Roles tab , in which role templates are configured. Two roles are offered by default: Full Control and Read Only(monitoring). These roles cannot be removed or changed. But you can create your own roles by clicking the Add button .
Unlike the previous version of the management console, in Aether, you can configure each role in sufficient detail, arming it with your rights to manage users, licenses, computers and security.
tab Members is a list of users who have access to the control console. In this list, each user immediately shows his role. Additional access options are also shown here:
• The first option allows access to the console to Panda Security technical support staff. You can enable this option in case of solving a technical incident, when a technical support employee needs to connect to the console to check its operation, reproduce the incident, etc.
• The second option allows access to the console to your supplier - you can allow access if your supplier is provider of managed security services (integrator, outsourcer) and serves your company.
You can add a new user by clicking the Add button . When adding, you need to specify the email address of the new user in the Login email field , select his role from the list and, if necessary, add a comment in the fieldDescription . As a result, an automatic letter will be sent to the specified email address to activate the account in order to provide access to the management console.
tab activity presented to the user activity log management console, which was not in the previous version. For example, here you can view a list of all user actions with the ability to select by date and user. In this case, for each action you can see:
• the time and date of the action
• the user who performed this action
• the type of action
• the type of object
• the object itself in relation to which this action was performed
When you click the Sessions buttonyou can view a list of sessions for each of which the following information is presented: date and time, user, activity type and user IP address.
As I said earlier, Aether’s major advantage is that most tasks can now be performed remotely and in real time. You can create and run tasks directly in the context of management in various sections of the management console. But there is also a separate Tasks section , in which you can configure tasks and view the results of previously configured tasks.
As part of this article, a guided tour of the new version of the Aether control console was made, its main functions were shown, emphasis was placed on new options and other innovations. Of course, behind the scenes there remained a number of features of the management console, which we did not talk about here, but we will certainly tell in the next articles.
The main thing I wanted to say was that the new Aether console has really become a more convenient management tool. The Aether platform provides even more control, flexibility, and granularity to help administrators manage networks of hundreds or even thousands of computers. It contains very popular advanced features (detection of unprotected computers, filters, roles, tracking user activity, etc.) and additional information about end devices (hardware and software, applied patches, etc.), which helps companies save time and increase corporate security effectiveness.
All these features are available in a single web console with a single agent and in real time, allowing you to quickly respond to any critical security incident in seconds.
PS By the way, Aether is “ether”, and according to ancient Greek mythology, it denotes the upper, cleaner and lighter layer of air that the gods who controlled the lives of people on Earth breathed. Well, that’s true, by the way.