Threat of targeted attacks redefines requirements for corporate-class security solutions
Nearly half of the companies that participated in the IDC Market Analysis Perspective: Worldwide Security Products survey conducted by IDC in December 2012, believe that increasingly sophisticated attacks pose a serious threat to their IT infrastructures. It’s becoming more and more common for cybercriminals to use dedicated malicious software to launch attacks on corporations, eschewing widely-recognised malware tools and making it harder to detect and repel intrusions. As a result, companies have more stringent requirements for their corporate security solutions, analysts say.
“The sophistication and complexity of the attacks increases the need for advanced anti-malware offerings that appreciate the multiple attack points (web, network, device, etc.) used to infiltrate the endpoint and minimise the resources needed to thwart these attacks and protect the asset (device and data),” said Kevin Bailey, Research Director, EMEA Software Security Products and Services Policies, IDC.
A number of incidents took place last year in different parts of the world that compromised the security of various corporate networks, with existing security software powerless to intervene. In the hope of making big gains from selling stolen confidential data (such as corporate intellectual property, business-critical information, etc.), cybercriminals invest heavily on purchasing and/or developing malware that can bypass most existing security solutions. In response, Kaspersky Lab invests aggressively in the development of heuristic and proactive technologies meaning its solutions are capable of detecting malware even if it is previously unseen or being used for the first time.
Kaspersky Lab proactive protection technologies:
Of all new threats detected in 2012 by Kaspersky Lab’s products, 87% were detected with the help of heuristic technologies incorporated into a number of products, including Kaspersky Endpoint Security for Business. Whatever method cybercriminals use when trying to penetrate a corporate network, they will have to confront these technologies.
For example, if the attackers know that software with unpatched vulnerabilities is present on corporate computers, they may attempt to exploit them to covertly infect corporate computers.
Cybercriminals typically exploit vulnerabilities existing in popular software, such as Adobe Flash, Adobe Reader, Java, web browsers or OS components. Since these types of applications are legitimate and often used by corporate employees, the attackers gamble that security solutions will “overlook” the irregular behaviour of a specific commonly used programme, allowing malware to pass unnoticed. Kaspersky Lab’s products incorporate the System Watcher software module which regularly analyses code for suspicious modifications, even in trusted applications. Besides, the dedicated Automatic Exploit Prevention technology, implemented as part of the System Watcher module, is able to detect and block typical exploit behaviour.
Cybercriminals often attempt to infect computers in the target corporate network with the help of so-called rootkits and bootkits. These highly dangerous malware types modify the boot sector on the hard drive of the target computer so they can launch before the operating system or the installed security software. The Anti-Rootkit technology implemented in Kaspersky Endpoint Security for Business and several other products, intercepts and analyses all instances when the hard drive’s boot sector is accessed, checking their legitimacy and preventing possible infection. Moreover, even if the rootkit was somehow able to modify the boot record, Kaspersky Lab’s technology will detect it and undertake to treat the infection.
As the BYOD (Bring your Own Device) trend develops, corporate employers increasingly allow personal mobile devices for work, giving cybercriminals more and more opportunities to penetrate corporate networks. The wide range of mobile devices and operating systems gives them a wide choice of attack vectors. For instance, vulnerability in a mobile device connected to a corporate network, once successfully exploited, could allow a cybercriminal access even if the other network segments are well protected. The technologies for securing and managing corporate mobile devices available in Kaspersky Endpoint Security for Business offer a robust response to the growing number and complexity of attack vectors which develop in BYOD environments.
In particular, Kaspersky Security for Mobile, apart from scanning mobile devices for malware, can apply various restrictive policies to installed applications, identify jailbroken devices, and remotely wipe corporate data stored in a device if there’s a risk it has been compromised.
In summary, Kaspersky Lab’s technologies protect every weak point presented by mobile devices, thwarting attempts to attack corporate networks. By virtue of deeply integrated security technologies for various types of device, they provide security from combined attacks, when cybercriminals attempt to break into corporate IT infrastructures by using both vulnerabilities existing in desktop software and breaches in mobile device security.