Kaspersky Lab has debuted an expansion of its enterprise security product portfolio with a product aimed at detecting targeted attacks.
Dubbed the Kaspersky Anti Targeted Attack Platform, the solution is based on what Kaspersky calls 'the most advanced technology to date'.
According to the company, organisations around the globe, including SA, have fallen victim to targeted attacks, and the IT Security Risks Survey 2015, conducted by Kaspersky Lab and B2B International, revealed that 9% of businesses globally and 7% in SA said they have been the victim of a targeted attack in the last year.
Christian Christiansen, IDC program VP, Security Products, says Kaspersky has vast experience in threat intelligence and a long history of discovering some of most high-profile advanced persistent threats that have been seen globally to date.
Traditional protection solutions are able to prevent generic threats and attacks targeting the perimeter, and although this type of attack is growing in frequency, organisations are more concerned about targeted attacks and advanced threats used for cyber-espionage or to disrupt the business, says Kaspersky.
"While these threats represent a tiny fraction, less than 1% of the entire landscape, they present the highest risk to companies worldwide. What is even more important, the number of such attacks is growing steadily, and the price-per-attack is diminishing."
In order to solve this 1% problem, advanced technology and security intelligence that has been accumulated within the company or requested from a security vendor, is essential. The new solution has been built pinpoint and highlight anomalous activities that could be an indicator of malicious intent.
Riaan Badenhorst, MD of Kaspersky Lab Africa, says one of the numerous challenges facing organisations today is a need to overcome an assortment of cyber threats, including highly sophisticated and advanced threats, for which an understanding of possible attack vectors, indicators of compromise, and the ability to distinguish normal operations from malicious activity is crucial.
He says to meet these challenges, strong security expertise, combined with technology that is capable of spotting a criminal act in the avalanche of daily activity in a large corporation, is the way forward.
The Kaspersky Anti Targeted Attack Platform analyses data collected from different points of the corporate IT infrastructure, explains Badenhorst. "The solution's sensors are responsible for data acquisition over network traffic, Web and e-mail as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict."
Next, he says the Advanced Sandbox offers a safe, isolated and virtualised environment for analysing suspicious objects and detecting their intent. "The Targeted Attack Analyzer utilises data processing and machine learning technologies to assess and combine verdicts from different analysis engines."
He says at this point, a final decision on whether or not to alert the staff is made. "Additional technologies that help to reduce false positive alerts include Kaspersky Lab's own anti-malware engine to rule out generic attacks that can be blocked by traditional solutions; URL analysis; threat data feeds delivered from Kaspersky Lab's cloud security network; an Intrusion Detection System; and support for custom rules to detect specific activity in a corporate network."
The platform is available as an independent solution or in combination with expert services aimed at rapid incident detection and response.
Share