Kathy Gibson reports from Jordan – Kaspersky is on a mission to switch the narrative about security from mitigation to prevention.
“We are a strong player in traditional security, but we know there is a gap,” says Andrey Suvorov, head of the KasperskyOS business unit.
He says the problem with traditional security measures is that they address attacks once they happen. A more secure approach would be to prevent them from happening at all.
“Our cyber immunity journey is the result of a lot of R&D, but we can now start delivering it,” he told delegates at the Kaspersky Middle East, Turkey and Africa Cybersecurity event in Jordan.
The key to cyber immunity lies in isolating the various processes that take place in different parts of the system, Suvorov says.
“The truth is that developers are going to make mistakes that lead to vulnerabilities in the operating system which can be exploited by threat actors.
“With KasperskyOS one vulnerability cannot compromise the whole operating system.”
So vulnerabilities are effectively shut down before they can be exploited. And even if an exploit happens in one part of the system, it cannot move to other parts.
The KasperskyOS is based on a combination of different security approaches with a distinctive architecture that creates an environment in which it is safe to run untrusted or potentially vulnerable programs.
The architecture is based on the microkernel, created with the minimal number of code lines required to make kernel mechanisms work, providing strict control over the OS code quality.
Guaranteed isolation means security domains and security features are separated from functional components.
A unified inter-process communication (IPC) mechanism is provided by the microkernel, and interfaces are strictly defined for each application or driver.
The Kaspersky Security System (KSS) subsystem checks the validity of all IPC messages against the interface definitions and controls communications between different parts of the system, preventing exploitation of vulnerabilities by attackers.
The static security configuration means that all processes and their permitted types of communication are pre-configured and checked before functioning.
“We are trying to change the security market,” says Suvorov. “We created the microkernel from the first line of code. It is our development – and a trusted solution.
“And we have come up with some real solutions,” he adds. “Earlier this year, we launched an IoT gateway and, today, are announcing a thin client that is secure by design.
“With this thin client, organisations can build secure workplaces that are cyber immune.
“We are also starting an automotive journey that will see products that follow the same principles, starting with the Kaspersky Automotive Secure Gateway.”
Suvorov points out that Kaspersky is not entering the hardware business, but looking to partner with hardware OEMs to include cyber immunity on their devices.
“We are issuing an invitation to hardware vendors to partner with us to develop new devices and make security by design pervasive.
“While cyber immunity should be the goal for all organisations, it is particularly important in the automotive industry,” Suvorov says.
He explains that the industry has agreed on international standards whereby vehicles will have to comply with security requirements. “And they will have to be secure by design.”
Cyber immunity in action
With a number of secure by design products under its belt, Kaspersky is rolling out its cyber immunity architecture to address real-world business issues.
Alexander Vinyavsky, technology evangelist: KasperskyOS and cyber immunity at Kaspersky describes the experience of Moskabelmet, a manufacturer of cabling and wiring products that supplies 12 customers in 12 countries.
During production, the cables are cased in lead, which needs to be ordered and available on the production line.
Previously, these reports were done manually, by phone or paper-based journals, and manually entered into the ERP system.
“The customer wanted to optimise this process and realised they needed to be more digital,” Vinyavsky explains.
“So we collect information directly from the lead shell production line with an IoT gateway, and automatically send to the ERP.
“This gives the company realtime and accurate information about lead consumption, so they can understand exactly what it is being used in the process. Based on this information, they could see which operations are not optimised.
“They could then optimise these processes, with the result that they reduced lead consumption by 6 tonnes per month – a saving of $14 000.00 per month.”
Because Moskabelmet used a KasperskyOS-secured IoT gateway, it is not vulnerable to the many threats that could have plagued it.
These include attackers breaking into the corporate network – “which is not difficult; it can be done via a printer,” Vinyavsky says – and compromising the IoT gateway. This would allow them to control the IoT devices.
“From there, attackers can do almost anything,” Vinyavsky points out. “For instance, they could change parameter values so information becomes untrusted; they could encrypt info on machines leading to machine downtime, line downtime or productions stops; or launch a ransomware attack.”
Cyber immunity means the potential benefit to attackers is less than the cost of breaching a system. “So we have changed the approach to security by using a cyber immune IoT gateway. The attacker cannot cost-effectively get into the system – and even if they did, they cannot spread the attack.”
Based on the outcomes of this project, the customer has decided to scale up their cyber immunity approach to a new plant currently being built.