Harry Cheung, MD, Kaspersky Lab, Asia-Pacific.
Kaspersky Lab, a globally recognised information security vendor recently launched its Endpoint Protection version 8.0 with many enhanced security features and improved performance in India. We spoke to Harry Cheung, MD, Kaspersky Lab, Asia-Pacific at this launch exclusively to understand the security strength of EP 8.0 in depth.
1. How do you evaluate emerging cyber threats?
Cyber security threats may emerge from a wide variety of sources, and result in disruptive activities targeting individuals, businesses, national infrastructures and governments. Today, we are uncovering close to 70,000 new malware examples every day – how do we evaluate or classify them? Largely by the intention behind the attacks. Broadly, the threats can be classified into categories or groups – one that is targeted to individuals — the biggest threat comes from the millions of smartphones that are now being used to surf the Internet, as well as access banks and other financial information. The more serious cyber-threats, however, come from the possibility of penetrating government-controlled utilities or from the computers controlling them. Stuxnet is a case in point.
2. Based on what parameters, do you term your solution as intelligent one?
We have many new features integration our EP 8.0 solution to proactively tackle the known & unknown threats. For e.g.
System watcher: A technology that monitors all actions performed by programs running on a computer and compares the behavior of each program with the behavioral patterns of malware. If activity of a malicious program is detected, System Watcher rolls back all the actions carried out by the program in the system. The rollback of malicious activity can be performed automatically, depending on product settings.
Active Disinfection using Qscan technology: To remove malware infections from a PC during the process of installing Kaspersky Endpoint Security 8 for Windows. It works at the deepest levels of an operating system to neutralize any malicious objects detected.
Optimized updates: Database, cloud and other updates can be delivered to an endpoint using a proxy to reduce bandwidth load. The improved update engine significantly reduces CPU and HDD load during updates.
Integration with the cloud based Kaspersky Security Network: The main advantage of using cloud-based technologies is real-time protection against newly emerging threats. As a result of the combination of cloud-based technologies and traditional signature-based methods, corporate endpoints are provided with higher than previous levels of protection
3. Is endpoint security 8.0 capable enough to prevent APTs?
Yes, Endpoint Security 8.0 is certainly capable to prevent Advanced Persistent Threats (APTs). It is most important to detect new threats & take corrective actions to mitigate them. We have come up with a number of technological innovations, as described below.
The Urgent Detection System (UDS): Uses data from the Kaspersky Security Network on both files and URL reputations, permitting rapid responses to new, previously unknown threats. The UDS database is updated much faster than traditional signature databases – several minutes as opposed to several hours. This minimizes the risk considerably.
Application Privilege Control: Restricts or blocks malicious activity without impeding execution of safe operations (Host Intrusion Prevention System)
Groups applications according to their trustworthiness by evaluating them across a range of parameters obtained from various sources, such as:
- The Global Security Rating Reputation service from the Kaspersky Security Network.
- Local Security Rating from heuristic analysis.
Applications are assigned to one of four existing groups with different access rights to system and network resources and users’ data: trusted, low restricted, high restricted, and untrusted. Monitors all applications, even trusted ones, and reclassifies an application when either it or its reputation is altered.
4. Where does this version stand unique in comparison of others vendors’ products?
Competitive advantages of Kaspersky Endpoint 8.0
- Kaspersky Endpoint Security 8 for windows introduces support for cloud-based Kaspersky Security Network, which provides prompt and reliable reputation data about malicious and legitimate programs and web pages’ to let organizations react quickly against emerging threats and leverage flexible whitelisting functionality.
- Optimized support for virtual environment
- Staff productivity tools – Application control, Web control
- Granular device control – controls devices at the bus, type and device level
5. What is Kaspersky’s effort to reduce the ever growing cybercrime?
We all are aware that, cybercrimes normally occur due to factors like ignorance of cyber threats by the users, using vulnerabilities in popular & widely used software & applications by cyber criminals, inadequate & inappropriate cyber security implementation by the businesses and lack of knowledge to identify & prevent phishing attacks.
At Kaspersky Lab, we believe “we are here to save the world”. Our analysts work round the clock to ensure the world stays protected from the latest threats and new types of malware. Kaspersky Lab leverages its relentless expertise to deliver intelligent hybrid security technologies with the deepest anti-malware protection, easy and efficient deployment and management, and robust reporting and controls to secure your business and improve IT productivity. Instant Reporting and early-detection of new threats and effective yet fast response to them is the key to reduce the ever-growing cybercrime.
6. What is Kaspersky’s future research area in cybercrime space?
The defining feature of the next decade will be the end of Windows’ domination of user operating systems. Though Microsoft’s brainchild will remain the primary business platform, everyday users will have access to an ever-expanding variety of alternative operating systems. Notably, even now the number of devices accessing the Internet via Windows and non-Windows platforms are almost the same, with the latter even occasionally exceeding their Microsoft counterparts. The growing number of new operating systems will affect the process of threat creation: cybercriminals will not be able to create malicious code for large numbers of platforms. This leaves them with two options: either target multiple operating systems and have many individual devices under their control, or specialize in Windows-based attacks on corporations.
The second variant will probably appeal to them more – by 2020, targeting individual users will become much more complex because the emerging trend of making payments electronically and using online banking will continue, but biometric user identification and payment protection systems will become the norm. The coming changes in operating systems and their specifications will affect virus writing techniques as these new systems evolve. Many cybercriminals who used to target Windows devices will have to become adept at exploiting the new-generation operating systems. To retain their ‘place in the sun’, today’s cybercriminal will need to enlist the help of members of the younger generation who are capable of writing malicious code for the new platforms. However, this state of the affairs cannot prevail forever and we may well see ‘turf wars’ between different hackers and hacker groups.
Cybercrime in 2020 will almost assuredly divide into two groups. One group will specialize in attacks on businesses, sometimes to-order. Commercial espionage, database theft and corporate reputation-smearing attacks will be much in demand on the black market. Hackers and corporate IT specialists will confront each other on the virtual battlefield. State anti-cybercrime agencies will probably be involved in the process too and will have to deal predominantly with Windows platforms, in addition to the latest versions of traditional Unix systems.
The second group of cybercriminals will target those things that influence our everyday lives, such as transport systems and other services. Hacking such systems and stealing from them, making free use of them and the removal and changing of personal data about customers’ activities will be the main focus of attention of the new generation of hackers, who will make a living this way.