Kaspersky Lab has announced a major expansion of its enterprise security product portfolio with a solution designed to detect targeted attacks.
The Kaspersky Anti Targeted Attack Platform is a premium solution based on the most advanced technology to date that draws on Kaspersky Lab’s expertise in the detection and analysis of the world’s most sophisticated threats.
Businesses all over the world, including South Africa, have become victim to numerous targeted attacks, including those discovered by Kaspersky Lab (such as Equation, Red October, Careto, Flame, Turla, Epic Turla, Wild Neutron, Poseidon, Desert Falcons). According to the IT Security Risks Survey 2015, conducted by Kaspersky Lab and B2B International, 9% of organisations globally and 7% in South Africa said they have experienced a targeted attack in the last year.
“Kaspersky Lab has vast experience in threat intelligence and a long history of discovering some of the world’s most high-profile advanced persistent threats,” says Christian Christiansen, IDC programme vice-president: security products. “IDC’s Specialised Threat Analysis and Protection Market (STAP) quantifies the opportunity for countering advanced persistent threats and targeted attacks. IDC believes the market will grow to over $3-billion by 2019, with a five-year CAGR of 28%. This high growth rate is driven by significant adoption of STAP products to address the growing need for advanced threat detection.”
Conventional protection technologies are very good at preventing generic threats and attacks from breaching the corporate perimeter. Although the number of such threats is still growing, businesses are becoming more concerned about targeted attacks and advanced cyber-weapons used for the purposes of cyber-espionage or the disruption of business activity.
While these threats represent a tiny fraction (less than 1%) of the entire landscape, they present the highest risk to companies worldwide. What is even more important, the number of such attacks is growing steadily, and the price-per-attack is diminishing.
Solving the “one percent” problem requires advanced technology and proper security intelligence that has either been accumulated within the company or requested from a security vendor. The Kaspersky Anti Targeted Attack Platform is designed to identify and highlight unusual actions that constitute strong evidence of malicious intent.
“One of many challenges that businesses face nowadays is a requirement to overcome an array of cyberthreats, including very advanced ones, for which they need knowledge of possible attack vectors, indicators of compromise, and the ability to distinguish normal operations from malicious activity. In order to win this battle organisations need to have strong security expertise combined with technology that is capable of spotting a criminal act in the avalanche of daily activity in a large corporation. This challenge is being addressed with the Kaspersky Anti Targeted Attack Platform, together with the security services aimed at sharing security intelligence with our customers faster than ever before,” comments Riaan Badenhorst, MD of Kaspersky Lab Africa.
The Kaspersky Anti Targeted Attack Platform
The Kaspersky Anti Targeted Attack Platform analyses data collected from different points of the corporate IT infrastructure. The solution’s sensors are responsible for data acquisition over network traffic, web and e-mail as well as endpoints.
This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict.
The Advanced Sandbox provides a safe, isolated and virtualised environment for analysing suspicious objects and detecting their intent. The Targeted Attack Analyzer utilises data processing and machine learning technologies to assess and combine verdicts from different analysis engines. This is where the final decision to alert the staff is made.
Additional technologies that help to reduce false positive alerts include Kaspersky Lab’s own anti-malware engine to rule out generic attacks that can be blocked by traditional solutions; URL analysis; threat data feeds delivered from Kaspersky Lab’s cloud security network; an Intrusion Detection System; and support for custom rules to detect specific activity in a corporate network.
The Kaspersky Anti Targeted Attack Platform is available as an independent solution or in combination with expert services aimed at rapid incident detection and response. The availability of intelligence services also enables customers to adapt the solution to specific business needs.