- Apr 5, 2014
- 6,008
The Kata Platform analyses data collected from different points of the corporate IT infrastructure.
Kaspersky Lab on Monday announced a major expansion of its enterprise security product portfolio in the Middle East, with a solution designed to detect targeted attacks.
The Kaspersky Anti Targeted Attack Platform (Kata) is a premium solution based on the most advanced technology that draws on Kaspersky Lab's expertise in the detection and analysis of the world's most sophisticated threats.
According to the IT Security Risks Survey 2015 conducted by Kaspersky Lab and B2B International, nine per cent of organisations globally said that they have experienced a targeted attack in the last year. Organisations in the UAE and KSA, being the countries that see most attacks in the region, are face with a growing number of targeted attacks, including those discovered by Kaspersky Lab - Flame, Turla, Epic Turla, Shamoon, Adwind, Wild Neutron, Poseidon, and Desert Falcons.
Although the number of such threats is still growing, businesses are becoming more concerned about targeted attacks and advanced cyber-weapons used for the purposes of cyber-espionage or the disruption of business activity. While these threats represent a tiny fraction, which is less than one per cent of the entire landscape, they present the highest risk to companies worldwide. What's even more important is that the number of such attacks is growing steadily and the price-per-attack is diminishing.
Conventional protection technologies are very good at preventing generic threats and attacks from breaching the corporate perimeter. However, solving the 'one per cent' problem requires advanced technology and proper security intelligence that has either been accumulated within the company or requested from a security vendor. The Kaspersky Anti Targeted Attack Platform is designed to identify and highlight unusual actions that constitute strong evidence of malicious intent.
"Nowadays businesses need to overcome many cyberthreats, including some of the most advanced ones, for which they need knowledge of possible attack vectors, indicators of compromise, and the ability to distinguish normal operations from malicious activity. This requires strong security expertise combined with technology that is capable of spotting a criminal act in the avalanche of daily activity in a large corporation. This challenge is being addressed with the Kaspersky Anti Targeted Attack Platform, together with the security services aimed at sharing security intelligence with our customers faster than ever before," noted Ovanes Mikhaylov, managing director, Kaspersky Lab Middle East.
"It is clear that the number of advanced attacks happening today are huge," said Mohammad Amin Hasbini, senior security researcher in the Global Research and Analysis Team, Kaspersky Lab. "The industries affected by targeted attacks include governments, the military, industrial, intelligence, financial, media, research, education, political, as well as high profile activists."
Kirill Kertsenbaum, head of enterprise solutions at Kaspersky Lab, added that an average targeted attack can stay undetected for more than 214 days, since perimeter security is often overestimated and growing IT sophistication results in a visibility gap and lack of operational information.
The Kata Platform analyses data collected from different points of the corporate IT infrastructure. The solution's sensors are responsible for data acquisition over network traffic, web and e-mail as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict.
The Advanced Sandbox provides a safe, isolated, and virtualised environment for analysing suspicious objects and detecting their intent. The Targeted Attack Analyzer utilises data processing and machine learning technologies to assess and combine verdicts from different analysis engines. This is where the final decision to alert the staff is made. Additional technologies that help to reduce false positive alerts include Kaspersky Lab's own anti-malware engine to rule out generic attacks that can be blocked by traditional solutions; URL analysis; threat data feeds delivered from Kaspersky Lab's cloud security network; an Intrusion Detection System; and support for custom rules to detect specific activity in a corporate network.
The Kaspersky Anti Targeted Attack Platform is available as an independent solution or in combination with expert services aimed at rapid incident detection and response. The availability of intelligence services also enables customers to adapt the solution to specific business needs.
Kaspersky Lab on Monday announced a major expansion of its enterprise security product portfolio in the Middle East, with a solution designed to detect targeted attacks.
The Kaspersky Anti Targeted Attack Platform (Kata) is a premium solution based on the most advanced technology that draws on Kaspersky Lab's expertise in the detection and analysis of the world's most sophisticated threats.
According to the IT Security Risks Survey 2015 conducted by Kaspersky Lab and B2B International, nine per cent of organisations globally said that they have experienced a targeted attack in the last year. Organisations in the UAE and KSA, being the countries that see most attacks in the region, are face with a growing number of targeted attacks, including those discovered by Kaspersky Lab - Flame, Turla, Epic Turla, Shamoon, Adwind, Wild Neutron, Poseidon, and Desert Falcons.
Although the number of such threats is still growing, businesses are becoming more concerned about targeted attacks and advanced cyber-weapons used for the purposes of cyber-espionage or the disruption of business activity. While these threats represent a tiny fraction, which is less than one per cent of the entire landscape, they present the highest risk to companies worldwide. What's even more important is that the number of such attacks is growing steadily and the price-per-attack is diminishing.
Conventional protection technologies are very good at preventing generic threats and attacks from breaching the corporate perimeter. However, solving the 'one per cent' problem requires advanced technology and proper security intelligence that has either been accumulated within the company or requested from a security vendor. The Kaspersky Anti Targeted Attack Platform is designed to identify and highlight unusual actions that constitute strong evidence of malicious intent.
"Nowadays businesses need to overcome many cyberthreats, including some of the most advanced ones, for which they need knowledge of possible attack vectors, indicators of compromise, and the ability to distinguish normal operations from malicious activity. This requires strong security expertise combined with technology that is capable of spotting a criminal act in the avalanche of daily activity in a large corporation. This challenge is being addressed with the Kaspersky Anti Targeted Attack Platform, together with the security services aimed at sharing security intelligence with our customers faster than ever before," noted Ovanes Mikhaylov, managing director, Kaspersky Lab Middle East.
"It is clear that the number of advanced attacks happening today are huge," said Mohammad Amin Hasbini, senior security researcher in the Global Research and Analysis Team, Kaspersky Lab. "The industries affected by targeted attacks include governments, the military, industrial, intelligence, financial, media, research, education, political, as well as high profile activists."
Kirill Kertsenbaum, head of enterprise solutions at Kaspersky Lab, added that an average targeted attack can stay undetected for more than 214 days, since perimeter security is often overestimated and growing IT sophistication results in a visibility gap and lack of operational information.
The Kata Platform analyses data collected from different points of the corporate IT infrastructure. The solution's sensors are responsible for data acquisition over network traffic, web and e-mail as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict.
The Advanced Sandbox provides a safe, isolated, and virtualised environment for analysing suspicious objects and detecting their intent. The Targeted Attack Analyzer utilises data processing and machine learning technologies to assess and combine verdicts from different analysis engines. This is where the final decision to alert the staff is made. Additional technologies that help to reduce false positive alerts include Kaspersky Lab's own anti-malware engine to rule out generic attacks that can be blocked by traditional solutions; URL analysis; threat data feeds delivered from Kaspersky Lab's cloud security network; an Intrusion Detection System; and support for custom rules to detect specific activity in a corporate network.
The Kaspersky Anti Targeted Attack Platform is available as an independent solution or in combination with expert services aimed at rapid incident detection and response. The availability of intelligence services also enables customers to adapt the solution to specific business needs.