ENTERPRISE SECURITY GETS ADAPTIVE

Today’s threat landscape was unimaginable a decade ago. Cybercriminals have adapted their techniques to sidestep traditional defenses and lurk undetected on systems for months or even years. It’s time for enterprise security to adapt with an intelligence-driven, multi-layered approach to IT security.

“Intelligence is the ability to adapt to change.” – Stephen Hawking.

ENTERPRISE SECURITY. POWERED BY INTELLIGENCE.

Kaspersky Lab has a long track record in making some of the highest profile, most relevant threat discoveries, including:

•Carbanak:theworld’sbiggestcyberbankheist

•DarkHotel:whichspecificallytargetssenior-levelbusinesstravelers

•TheMask/Careto:whichtargetedenterprises,governmentsandprivateequityfirms,amongothers

•WildNeutron:targetingglobalenterprisesandotherbusinesses

• Icefog:attackedthesupplychainforbusinesses

•RedOctober:exploitedenterprisesystemstoconductmasssurveillanceoperations

Morethanathirdofouremployeesworkinresearchanddevelopment,focusingsolelyondevelopingtechnologiestocounteractandanticipatetheconstantlyevolvingthreatsKasperskyLab’sdedicatedteamsofIntelligenceandAnalysisResearchersinvestigateeveryday.

KasperskyLab’sunderstandingoftheinnerworkingsofsomeoftheworld’smostsophisticatedthreatshasenabledustodevelopamulti-layered,strategicportfolioofsecuritytechnologiesandservicescapableofdeliveringafullyintegrated,adaptivesecurityapproach.OurexpertisehasseenKasperskyLabachievemorefirstplacerankingsinindependentthreatdetectionandmitigationteststhananyotherITsecuritycompany.

PREDICTION

Prediction capabilities – and the mitigation strategies that are built around them – are central to everything KasperskyLabdoes,fromourdedicatedGlobalResearchandAnalysisTeam(GReAT)toKasperskySecurityNetwork(KSN)andourSecurityIntelligenceServices(SIS)portfolio:

Kaspersky Security Network: OneofthemostimportantcomponentsofKasperskyLab’smulti-layeredplatform,KasperskySecurityNetworkisacloud-based,complexdistributedarchitecturededicatedtogatheringandanalyzingsecuritythreatintelligencefrommillionsofsystemsworldwide.

Effectivelyaglobal,cloud-basedthreatlaboratory,KSNdetects,analyzesandmanagesunknownoradvanced threats and online attack sources in seconds – and delivers that intelligence straight to customer systems.Forenterpriseswithveryspecificdataprivacyconcerns,KasperskyLabhasdevelopedaKasperskyPrivateSecurityNetworkoption.

Security Intelligence Services: Feworganizationshavetheresourcestodevelopthehighlevelsofstrategicsecurityintelligencerequiredtokeeppacewithconstantlyevolving,sophisticatedthreats.That’swhyKasperskyLabhasdevelopedanextensiveportfolioofIntelligenceServices:

Education and training: Frommoregeneralizedcybersecurityfundamentalstoadvanceddigitalforensics,malwareanalysisandreverseengineeringtraining,KasperskyLabprovidescomprehensivetrainingandawarenessprogramstoenterprises–bothon-siteandonline.Inadditiontointeractivegames,skillsassessmentsandgeneralcybersafetypromotion,coursesof2-5daysdurationarealsoavailable,includingsomeofthefollowingtopics:

ENTERPRISE SECURITY GETS ADAPTIVE

AdvancedPersistentThreats(APTs),sophisticatedmalwareandtargetedattacksarejustsomeofthenew,constantlyevolvingthreatstheenterprisefaces.Cybercriminalsareonlytooawareofthelimitationsoftraditional,perimeter-basedsecurity–it’stheirfirstportofcallwhenthey’relookingforchinksintheenterprisearmor.

Iftheattackersareconstantlyshape-shifting,it’sfairtosaythatmultipleenterprisetechnologiesprovideaconvenientsupportnetworkofattackvectors:mobiledevices,webapplications,portablestorage,virtualization,cloud-basedtechnologiesallpresentawindowofopportunitytocybercriminalsthattraditional‘preventandblock’securityalonecannotanswer.

Anew,moreadaptive,integratedapproachbuiltonthepillarsofprediction, prevention, detection and responseisneeded.

THE FOUR PILLARS OF ADAPTIVE ENTERPRISE SECURITY

Prediction:Noonehasacrystalball,butenterpriseswithaccesstothelatestthreatintelligenceandtrendsarebetterplacedtoanticipate–andavoid–incidents.Trainingemployeestorecognizethetacticsusedin attacks augments predictive analysis, as does the ability to learn from mistakes by forensically analyzing breaches;penetrationtesting,meanwhile,canhelpexposetheweakspots.

Prevention:Akeygoalhereistoreduceattacksurface–beittraditional,signature-basedanti-malware,device controls or patching application vulnerabilities – hardening systems and placing as many obstacles in thewayofattackersaspossiblearejusttwocomponentsofanover-archingapproachthatincludeslimitingtheabilityofattackstospreadandreducetheirimpact.

Detection: AsKasperskyLabresearchintohigh-profileAPTsshows,sophisticatedattackscangoundetectedforyears.It’sestimatedthattheaverageenterpriseattackgoesundetectedforover200days1; the sooner any incidentisdiscovered,thebetter.Detectiontechnologiesunderscoredbythebestthreatanalysisaugmentsdiscovery: as threats evolve at pace, the best detection strategy is often built on the ability to spot behaviors andsequencesofeventsthatsuggestabreachhastakenplace.

Response:Effectiveenterprisesecurityhasthecapacitytorespondtoandmitigatetheeffectsofabreach.Atonelevel,thiscaninvolve“If/then”policyforproceduresthatcanbeautomated,suchaspatching.Atanotherlevel,thiscouldincludepost-breachanalysisortheuseofspecializedincident-responseteamstostop,mitigateandinvestigateattacks,breachesandothersecurityincidents.

Tobetrulyeffective,eachofthesecapabilitiesmustworktogetherasamulti-layeredsystem.Intelligence-driven,threatfocused,integrated,holisticandstrategy-driven:thesearethekeycharacteristicsofacomprehensive,adaptiveenterprisesecurityarchitecture.KasperskyLabisuniquelyplacedtodeliveranadaptiveenterprisesecurityplatform,let’stakealookatsomeoftheelements.

1https://www.siliconrepublic.com/enterprise/2014/04/11/advanced-cyberattacks-can-go-undetected-for-typically-229-days

KASPERSKY LAB PROVIDES BEST IN THE INDUSTRY PROTECTION*

OurEnterpriseSecurityportfoliocombinesindustry-leadinganti-malwarewithmultipletechnologiestoreduceattacksurfacesinauniquecombinationofintelligence-ledtechnologies.

Known,unknownandadvancedthreatsarepreventedusingmultipleprotectionlayers,including:

Network Attack Blocker:Scansallnetworktrafficusingknownsignaturestodetectandblocknetwork-basedattacks,includingportscanningandDenialofService(DoS)attacks.Forafurtherlayerofprotection,KasperskyDDoSProtection(KDP)isavailableasasolutiontoprotectagainstDistributedDenialofService(DDoS)attacks.It’sacomprehensive,integratedDDoSpreventionandmitigationsolution,thatincludes24/7analysisandpost-attackreports.

Heuristic anti-phishing:Capableofpreventingsomeoftheverylatestphishingattacktechniquesbylookingforadditionalevidenceofsuspiciousactivity,overandabovetraditionalphishingdatabase-ledapproaches.ApplicationcontrolandDynamicWhitelisting:Applicationcontrolblocksorallowsadministrator-specifiedapplications.It’sbuiltondynamicwhitelisting,KasperskyLab’scontinuouslyupdatedlistsoftrustedapplicationsandsoftwarecategories.

Host Intrusion Prevention System (HIPS): Helpscontrolhowapplicationsbehaveandrestrictstheexecutionofpotentiallydangerousprogramswithoutaffectingtheperformanceofauthorized,safeapplications.

•CybersecurityFundamentals:Understandingthethreats,usingtechnologysafely.

•GeneralDigitalForensics:Buildingadigitalforensicslab,incidentreconstruction,tools.

•GeneralMalwareAnalysis&ReverseEngineering:Buildasecuremalwareanalysisenvironment,conductexpressanalysis.

•AdvancedDigitalForensics:Deepfilesystemanalysis,recoverdeletedfiles,incidenttimelinereconstruction.

•AdvancedMalwareAnalysis&ReverseEngineering:Analyzeexploitshellcode,non-Windowsmalware,useglobalbestpractices.

Security Assessment:

•Penetrationtesting:Understandinginfrastructuresecurityfromanattacker’sperspective,whileachievingcompliancewithsecuritystandardssuchasPCIDSS.

•Applicationsecuritytesting:Analysisofwebapplications(includingonlinebankingandoneswithWAFenabled),mobileapplications,fatclients

Threat Intelligence:

•Anearlywarningsystem,drivenbyGReAT’sexpertiseandsupportedbyKSN,thisincludesthreatdatafeeds,botnettrackingandintelligencereporting.EarlyaccesstoAPT-relatedconfigurationfilesandmalwaresamples,alongwithintegrationwithSIEM(HPArcsight)helpenterprisesdevelopcomprehensiveintelligenceinsight.

PREVENTION

KasperskyLabdetects325000newpiecesofmalwareevery single day.Evenasingleadditionalpercentagepointindetectionratecantranslateintohundredsofthousandsofpiecesofmalwarebeingcaught.IndependenttestresultsconsistentlydemonstratethatKasperskyLabprovidesthebestprotectionintheindustry.In2014alone,weparticipatedin93independenttestsandreviews,rankingfirst51timesandfinishinginthetopthreearecord71%ofthetime.2That’sjustoneofthereasonswhyOEMs–includingMicrosoft,CiscoMeraki,JuniperNetworksandAlcatelLucent-trustKasperskyLabtoprovidethesecuritytheyshipwithintheirownproducts.

2Formoredetailonthetestsandthemetrics,visit:http://media.kaspersky.com/en/business-security/TOP3_2013.pdf Newlinkforupdatedreportis:http://media.kaspersky.com/en/business-security/TOP3_2014.pdf.

RESPONSE

Inanadaptivesecurityarchitecture,theabilitytorespondtothreatsisasimportantasthecapacitytopredictandpreventthem–savingtheenterprisebothtimeandmoney.It’salsoworthacknowledgingtherealitythatadirectconsequenceofenhanceddetectionwillbeenhancedresponsecapability.KasperskyLabaddressesthis at both the technology and services levels:

System Watcher: KasperskyLab’suniqueandproactivemonitoriscapableofreactingtocomplexsystemevents,suchasinstallationofdriversanddetectingsuspiciousbehaviour.

Investigation Services: ResolvelivesecurityincidentswithKasperskyLab’shelp.Frommalwareanalysistodigitalforensics,reportingandincidentresponse,customersareempoweredtolearnfromincidentswhilemitigatingtheimpactofanattackandrestoringdamagedsystems.

PROACTIVE, REACTIVE, INTELLIGENCE-DRIVEN ENTERPRISE SECURITY

Tosaymalwarehasmetastasizedissomethingofanunderstatement:advancedthreatsevadetraditionalblockingtechniques,ready-mademalwarekitscanbeboughtforsparechangeonlineandtoolscapableofautomaticallycreatingmultiple,tailoredvariantsofasinglepieceofmalwarearejustthetipofamassivemalwareiceberg.

Anincreasinglysophisticatedandcomplexthreatlandscapecallsforamulti-layered,adaptivesecurityapproach,inwhichacombinationofintegratedtechnologiesprovidescomprehensivedetectionandprotectionagainstknown,unknownandadvancedmalwareandotherenterprise-focusedthreats.

KasperskyLab’sunparalleledtrackrecordindiscoveringthemostsophisticated,relevantthreats,combinedwithitsindustry-leadingtechnologiesandservicesmeanit’suniquelyplacedtodeliverthecomprehensive,adaptivesecurityenterprisesneed.WhileKasperskySecurityNetworkbuildsonthereal-timeintelligencegeneratedbyover60millionnodesworldwide,oureliteGlobalResearchandAnalysisTeamcontributesauniquesetofskillsandexpertisetoourthreatresearch,developingsolutionscapableofcombatingincreasinglycomplexandsophisticatedthreats.

TRUSTED PARTNER OF ENTERPRISES, GOVERNMENTS AND REGULATORS

Becauseit’sprivatelyowned,KasperskyLabisfreetoinvestheavilyinResearchandDevelopmentoutsideshort-termmarketconstraints.Almosthalfofour3000employeesgloballyworkinourresearchanddevelopmentlabs,focusingondevelopinginnovativetechnologies,investigatingcyber-warfare,cyber-espionageandalltypesofthreatsandtechniques.

Thisfocusonhigh-quality,internalR&DhasledtoKasperskyLabbeingrecognizedasanindustryleaderinITsecuritytechnologies.That’sjustoneofthereasonswhyover100leadingOEMs–includingMicrosoft,CiscoMeraki,IBM,JuniperNetworksandAlcatelLucent–trustKasperskyLabtoprovidethesecuritytheyshipwithintheirownproducts.

It’salsowhywe’reatrustedpartnerofgovernments,law-enforcementagenciesandlargebusinessesallovertheworld.Respectedinternationalorganizations,includingINTERPOL,EuropolandnumerousCERTShaveallinvitedKasperskyLabtocollaborateandconsultwiththemonanongoingbasis;inadditiontoholdingregulartrainingcoursesforINTERPOLandpoliceofficersofmanycountries,wesupportedthelaunchofINTERPOL’sDigitalForensicsLaboratory.

DETECTION

KasperskyLab’sunparalleledexpertiseindetectingsomeoftheworld’smostsophisticatedthreatsfeedsdirectlyintoourenterprisethreatdetectioncapabilities.Since2008,ourresearchershaveuncoveredsomeofthemostsophisticated,multi-componentattackstheworldhaseverseen.Thisinsightandintelligencedirectlyinformsourproductdevelopment;inadditiontoourcapacitytodetectsophisticatedenterprise-focused attacks, Kaspersky Lab has used the insights gained from discovering significant financial threat actorssuchasCarbanaktodevelopsolutionsgearedentirelytowardsdetectingfinancialfraud.

APT ANNOUNCEMENTS KASPERSKY LAB

CosmicDuke

Cloud Atlas

Regin

El Machete

Careto/The Mask

SyrianEA

Epic Turla

Dark Hotel

BlackEnergy2

Winnti

NetTraveler

Gauss

Miniflame

Icefog

Kimsuki

Equation

DesertFalcons

Naikon

Wild Neutron

Animal Farm

Crouching Yeti

Teamspy

MiniDuke

RedOctoberFlameDuquStuxnet

Helsing

Duqu2

Animal Farm

Carbanak

H1 201520142013201220112010

2012 - 3 announcements2013 - 7 announcements2014 - 11 announcements H1 2015 - 8 announcements

©2015AOKasperskyLab.Allrightsreserved.Registeredtrademarksandservicemarksarethepropertyoftheirrespectiveowners.LotusandDominoaretrademarksof InternationalBusinessMachinesCorporation,registered inmany jurisdictionsworldwide.LinuxistheregisteredtrademarkofLinusTorvaldsintheU.S.andothercountries.GoogleisaregisteredtrademarkofGoogle,Inc.

Kaspersky Lab, Moscow, Russiawww.kaspersky.com

All about Internet security: www.securelist.com

Facebook.com/ Kaspersky

Twitter.com/ Kaspersky

Youtube.com/ Kaspersky

Find a partner near you: www.kaspersky.com/buyoffline