ENTERPRISE SECURITY GETS ADAPTIVE Today’s threat landscape was unimaginable a decade ago. Cybercriminals have adapted their techniques to sidestep traditional defenses and lurk undetected on systems for months or even years. It’s time for enterprise security to adapt with an intelligence-driven, multi-layered approach to IT security. “Intelligence is the ability to adapt to change.” – Stephen Hawking.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ENTERPRISE SECURITY GETS ADAPTIVE
Today’s threat landscape was unimaginable a decade ago. Cybercriminals have adapted their techniques to sidestep traditional defenses and lurk undetected on systems for months or even years. It’s time for enterprise security to adapt with an intelligence-driven, multi-layered approach to IT security.
“Intelligence is the ability to adapt to change.” – Stephen Hawking.
ENTERPRISE SECURITY. POWERED BY INTELLIGENCE.
Kaspersky Lab has a long track record in making some of the highest profile, most relevant threat discoveries, including:
•Carbanak:theworld’sbiggestcyberbankheist
•DarkHotel:whichspecificallytargetssenior-levelbusinesstravelers
•TheMask/Careto:whichtargetedenterprises,governmentsandprivateequityfirms,amongothers
•WildNeutron:targetingglobalenterprisesandotherbusinesses
• Icefog:attackedthesupplychainforbusinesses
•RedOctober:exploitedenterprisesystemstoconductmasssurveillanceoperations
Morethanathirdofouremployeesworkinresearchanddevelopment,focusingsolelyondevelopingtechnologiestocounteractandanticipatetheconstantlyevolvingthreatsKasperskyLab’sdedicatedteamsofIntelligenceandAnalysisResearchersinvestigateeveryday.
KasperskyLab’sunderstandingoftheinnerworkingsofsomeoftheworld’smostsophisticatedthreatshasenabledustodevelopamulti-layered,strategicportfolioofsecuritytechnologiesandservicescapableofdeliveringafullyintegrated,adaptivesecurityapproach.OurexpertisehasseenKasperskyLabachievemorefirstplacerankingsinindependentthreatdetectionandmitigationteststhananyotherITsecuritycompany.
PREDICTION
Prediction capabilities – and the mitigation strategies that are built around them – are central to everything KasperskyLabdoes,fromourdedicatedGlobalResearchandAnalysisTeam(GReAT)toKasperskySecurityNetwork(KSN)andourSecurityIntelligenceServices(SIS)portfolio:
Kaspersky Security Network: OneofthemostimportantcomponentsofKasperskyLab’smulti-layeredplatform,KasperskySecurityNetworkisacloud-based,complexdistributedarchitecturededicatedtogatheringandanalyzingsecuritythreatintelligencefrommillionsofsystemsworldwide.
Effectivelyaglobal,cloud-basedthreatlaboratory,KSNdetects,analyzesandmanagesunknownoradvanced threats and online attack sources in seconds – and delivers that intelligence straight to customer systems.Forenterpriseswithveryspecificdataprivacyconcerns,KasperskyLabhasdevelopedaKasperskyPrivateSecurityNetworkoption.
Security Intelligence Services: Feworganizationshavetheresourcestodevelopthehighlevelsofstrategicsecurityintelligencerequiredtokeeppacewithconstantlyevolving,sophisticatedthreats.That’swhyKasperskyLabhasdevelopedanextensiveportfolioofIntelligenceServices:
Education and training: Frommoregeneralizedcybersecurityfundamentalstoadvanceddigitalforensics,malwareanalysisandreverseengineeringtraining,KasperskyLabprovidescomprehensivetrainingandawarenessprogramstoenterprises–bothon-siteandonline.Inadditiontointeractivegames,skillsassessmentsandgeneralcybersafetypromotion,coursesof2-5daysdurationarealsoavailable,includingsomeofthefollowingtopics:
ENTERPRISE SECURITY GETS ADAPTIVE
AdvancedPersistentThreats(APTs),sophisticatedmalwareandtargetedattacksarejustsomeofthenew,constantlyevolvingthreatstheenterprisefaces.Cybercriminalsareonlytooawareofthelimitationsoftraditional,perimeter-basedsecurity–it’stheirfirstportofcallwhenthey’relookingforchinksintheenterprisearmor.
Iftheattackersareconstantlyshape-shifting,it’sfairtosaythatmultipleenterprisetechnologiesprovideaconvenientsupportnetworkofattackvectors:mobiledevices,webapplications,portablestorage,virtualization,cloud-basedtechnologiesallpresentawindowofopportunitytocybercriminalsthattraditional‘preventandblock’securityalonecannotanswer.
Anew,moreadaptive,integratedapproachbuiltonthepillarsofprediction, prevention, detection and responseisneeded.
THE FOUR PILLARS OF ADAPTIVE ENTERPRISE SECURITY
Prediction:Noonehasacrystalball,butenterpriseswithaccesstothelatestthreatintelligenceandtrendsarebetterplacedtoanticipate–andavoid–incidents.Trainingemployeestorecognizethetacticsusedin attacks augments predictive analysis, as does the ability to learn from mistakes by forensically analyzing breaches;penetrationtesting,meanwhile,canhelpexposetheweakspots.
Prevention:Akeygoalhereistoreduceattacksurface–beittraditional,signature-basedanti-malware,device controls or patching application vulnerabilities – hardening systems and placing as many obstacles in thewayofattackersaspossiblearejusttwocomponentsofanover-archingapproachthatincludeslimitingtheabilityofattackstospreadandreducetheirimpact.
Detection: AsKasperskyLabresearchintohigh-profileAPTsshows,sophisticatedattackscangoundetectedforyears.It’sestimatedthattheaverageenterpriseattackgoesundetectedforover200days1; the sooner any incidentisdiscovered,thebetter.Detectiontechnologiesunderscoredbythebestthreatanalysisaugmentsdiscovery: as threats evolve at pace, the best detection strategy is often built on the ability to spot behaviors andsequencesofeventsthatsuggestabreachhastakenplace.
Response:Effectiveenterprisesecurityhasthecapacitytorespondtoandmitigatetheeffectsofabreach.Atonelevel,thiscaninvolve“If/then”policyforproceduresthatcanbeautomated,suchaspatching.Atanotherlevel,thiscouldincludepost-breachanalysisortheuseofspecializedincident-responseteamstostop,mitigateandinvestigateattacks,breachesandothersecurityincidents.
Tobetrulyeffective,eachofthesecapabilitiesmustworktogetherasamulti-layeredsystem.Intelligence-driven,threatfocused,integrated,holisticandstrategy-driven:thesearethekeycharacteristicsofacomprehensive,adaptiveenterprisesecurityarchitecture.KasperskyLabisuniquelyplacedtodeliveranadaptiveenterprisesecurityplatform,let’stakealookatsomeoftheelements.
1https://www.siliconrepublic.com/enterprise/2014/04/11/advanced-cyberattacks-can-go-undetected-for-typically-229-days
KASPERSKY LAB PROVIDES BEST IN THE INDUSTRY PROTECTION*
OurEnterpriseSecurityportfoliocombinesindustry-leadinganti-malwarewithmultipletechnologiestoreduceattacksurfacesinauniquecombinationofintelligence-ledtechnologies.
Known,unknownandadvancedthreatsarepreventedusingmultipleprotectionlayers,including:
Network Attack Blocker:Scansallnetworktrafficusingknownsignaturestodetectandblocknetwork-basedattacks,includingportscanningandDenialofService(DoS)attacks.Forafurtherlayerofprotection,KasperskyDDoSProtection(KDP)isavailableasasolutiontoprotectagainstDistributedDenialofService(DDoS)attacks.It’sacomprehensive,integratedDDoSpreventionandmitigationsolution,thatincludes24/7analysisandpost-attackreports.
Heuristic anti-phishing:Capableofpreventingsomeoftheverylatestphishingattacktechniquesbylookingforadditionalevidenceofsuspiciousactivity,overandabovetraditionalphishingdatabase-ledapproaches.ApplicationcontrolandDynamicWhitelisting:Applicationcontrolblocksorallowsadministrator-specifiedapplications.It’sbuiltondynamicwhitelisting,KasperskyLab’scontinuouslyupdatedlistsoftrustedapplicationsandsoftwarecategories.
Host Intrusion Prevention System (HIPS): Helpscontrolhowapplicationsbehaveandrestrictstheexecutionofpotentiallydangerousprogramswithoutaffectingtheperformanceofauthorized,safeapplications.
•CybersecurityFundamentals:Understandingthethreats,usingtechnologysafely.
•GeneralDigitalForensics:Buildingadigitalforensicslab,incidentreconstruction,tools.
•GeneralMalwareAnalysis&ReverseEngineering:Buildasecuremalwareanalysisenvironment,conductexpressanalysis.
•AdvancedDigitalForensics:Deepfilesystemanalysis,recoverdeletedfiles,incidenttimelinereconstruction.
•AdvancedMalwareAnalysis&ReverseEngineering:Analyzeexploitshellcode,non-Windowsmalware,useglobalbestpractices.
Security Assessment:
•Penetrationtesting:Understandinginfrastructuresecurityfromanattacker’sperspective,whileachievingcompliancewithsecuritystandardssuchasPCIDSS.
•Applicationsecuritytesting:Analysisofwebapplications(includingonlinebankingandoneswithWAFenabled),mobileapplications,fatclients
Threat Intelligence:
•Anearlywarningsystem,drivenbyGReAT’sexpertiseandsupportedbyKSN,thisincludesthreatdatafeeds,botnettrackingandintelligencereporting.EarlyaccesstoAPT-relatedconfigurationfilesandmalwaresamples,alongwithintegrationwithSIEM(HPArcsight)helpenterprisesdevelopcomprehensiveintelligenceinsight.
PREVENTION
KasperskyLabdetects325000newpiecesofmalwareevery single day.Evenasingleadditionalpercentagepointindetectionratecantranslateintohundredsofthousandsofpiecesofmalwarebeingcaught.IndependenttestresultsconsistentlydemonstratethatKasperskyLabprovidesthebestprotectionintheindustry.In2014alone,weparticipatedin93independenttestsandreviews,rankingfirst51timesandfinishinginthetopthreearecord71%ofthetime.2That’sjustoneofthereasonswhyOEMs–includingMicrosoft,CiscoMeraki,JuniperNetworksandAlcatelLucent-trustKasperskyLabtoprovidethesecuritytheyshipwithintheirownproducts.
2Formoredetailonthetestsandthemetrics,visit:http://media.kaspersky.com/en/business-security/TOP3_2013.pdf Newlinkforupdatedreportis:http://media.kaspersky.com/en/business-security/TOP3_2014.pdf.
RESPONSE
Inanadaptivesecurityarchitecture,theabilitytorespondtothreatsisasimportantasthecapacitytopredictandpreventthem–savingtheenterprisebothtimeandmoney.It’salsoworthacknowledgingtherealitythatadirectconsequenceofenhanceddetectionwillbeenhancedresponsecapability.KasperskyLabaddressesthis at both the technology and services levels:
System Watcher: KasperskyLab’suniqueandproactivemonitoriscapableofreactingtocomplexsystemevents,suchasinstallationofdriversanddetectingsuspiciousbehaviour.
Investigation Services: ResolvelivesecurityincidentswithKasperskyLab’shelp.Frommalwareanalysistodigitalforensics,reportingandincidentresponse,customersareempoweredtolearnfromincidentswhilemitigatingtheimpactofanattackandrestoringdamagedsystems.
PROACTIVE, REACTIVE, INTELLIGENCE-DRIVEN ENTERPRISE SECURITY
Tosaymalwarehasmetastasizedissomethingofanunderstatement:advancedthreatsevadetraditionalblockingtechniques,ready-mademalwarekitscanbeboughtforsparechangeonlineandtoolscapableofautomaticallycreatingmultiple,tailoredvariantsofasinglepieceofmalwarearejustthetipofamassivemalwareiceberg.
Anincreasinglysophisticatedandcomplexthreatlandscapecallsforamulti-layered,adaptivesecurityapproach,inwhichacombinationofintegratedtechnologiesprovidescomprehensivedetectionandprotectionagainstknown,unknownandadvancedmalwareandotherenterprise-focusedthreats.
KasperskyLab’sunparalleledtrackrecordindiscoveringthemostsophisticated,relevantthreats,combinedwithitsindustry-leadingtechnologiesandservicesmeanit’suniquelyplacedtodeliverthecomprehensive,adaptivesecurityenterprisesneed.WhileKasperskySecurityNetworkbuildsonthereal-timeintelligencegeneratedbyover60millionnodesworldwide,oureliteGlobalResearchandAnalysisTeamcontributesauniquesetofskillsandexpertisetoourthreatresearch,developingsolutionscapableofcombatingincreasinglycomplexandsophisticatedthreats.
TRUSTED PARTNER OF ENTERPRISES, GOVERNMENTS AND REGULATORS
Becauseit’sprivatelyowned,KasperskyLabisfreetoinvestheavilyinResearchandDevelopmentoutsideshort-termmarketconstraints.Almosthalfofour3000employeesgloballyworkinourresearchanddevelopmentlabs,focusingondevelopinginnovativetechnologies,investigatingcyber-warfare,cyber-espionageandalltypesofthreatsandtechniques.
Thisfocusonhigh-quality,internalR&DhasledtoKasperskyLabbeingrecognizedasanindustryleaderinITsecuritytechnologies.That’sjustoneofthereasonswhyover100leadingOEMs–includingMicrosoft,CiscoMeraki,IBM,JuniperNetworksandAlcatelLucent–trustKasperskyLabtoprovidethesecuritytheyshipwithintheirownproducts.
It’salsowhywe’reatrustedpartnerofgovernments,law-enforcementagenciesandlargebusinessesallovertheworld.Respectedinternationalorganizations,includingINTERPOL,EuropolandnumerousCERTShaveallinvitedKasperskyLabtocollaborateandconsultwiththemonanongoingbasis;inadditiontoholdingregulartrainingcoursesforINTERPOLandpoliceofficersofmanycountries,wesupportedthelaunchofINTERPOL’sDigitalForensicsLaboratory.
DETECTION
KasperskyLab’sunparalleledexpertiseindetectingsomeoftheworld’smostsophisticatedthreatsfeedsdirectlyintoourenterprisethreatdetectioncapabilities.Since2008,ourresearchershaveuncoveredsomeofthemostsophisticated,multi-componentattackstheworldhaseverseen.Thisinsightandintelligencedirectlyinformsourproductdevelopment;inadditiontoourcapacitytodetectsophisticatedenterprise-focused attacks, Kaspersky Lab has used the insights gained from discovering significant financial threat actorssuchasCarbanaktodevelopsolutionsgearedentirelytowardsdetectingfinancialfraud.
APT ANNOUNCEMENTS KASPERSKY LAB
CosmicDuke
Cloud Atlas
Regin
El Machete
Careto/The Mask
SyrianEA
Epic Turla
Dark Hotel
BlackEnergy2
Winnti
NetTraveler
Gauss
Miniflame
Icefog
Kimsuki
Equation
DesertFalcons
Naikon
Wild Neutron
Animal Farm
Crouching Yeti
Teamspy
MiniDuke
RedOctoberFlameDuquStuxnet
Helsing
Duqu2
Animal Farm
Carbanak
H1 201520142013201220112010
2012 - 3 announcements2013 - 7 announcements2014 - 11 announcements H1 2015 - 8 announcements
©2015AOKasperskyLab.Allrightsreserved.Registeredtrademarksandservicemarksarethepropertyoftheirrespectiveowners.LotusandDominoaretrademarksof InternationalBusinessMachinesCorporation,registered inmany jurisdictionsworldwide.LinuxistheregisteredtrademarkofLinusTorvaldsintheU.S.andothercountries.GoogleisaregisteredtrademarkofGoogle,Inc.
Kaspersky Lab, Moscow, Russiawww.kaspersky.com
All about Internet security: www.securelist.com
Facebook.com/ Kaspersky
Twitter.com/ Kaspersky
Youtube.com/ Kaspersky
Find a partner near you: www.kaspersky.com/buyoffline
Related Documents
