Epidemics, data leakage, and targeted attacks over the past few years have significantly changed attitudes toward cybersecurity. Nowadays, no one thinks protection against cyberthreats is just a system administrator’s responsibility; every company needs a defence strategy. But cybersecurity cannot survive a hands-off approach, it cannot be limited to installing “some antivirus.” To feel safe today and in the future, modern business needs a next-generation solution that can counter a broad range of cyberthreats.
A full-fledged protective solution must on the one hand tackle modern challenges, and on the other be able to adapt to the needs of a specific business. Here we analyse major trends in the cybersecurity world and look at how the latest version of our core B2B solution, Kaspersky Endpoint Security for Business, counters them.
Ransomware
Over the past few years, ransomware has held onto its position in the top 10 cyberthreats list. At least two major outbreaks (WannaCry and ExPetr), plus numerous smaller incidents, caused severe harm to both small businesses and enterprises. Our experts predict we will face ransomware this year as well. Malefactors clearly see that intimidating home users is less lucrative than extracting ransom from corporate victims, so they have turned their attention in that direction. Moreover, where previously they focused on end users’ operating systems, now they put more effort into technologies that target server OS’s.
Countermeasure: strengthening of highly specialised protection technology. A subsystem tailored specifically to protect against cryptomalware allows for monitoring file access attempts and detecting and blocking suspicious activity. This technology is equally effective on users’ operating systems and on server OS’s. Furthermore, on clients’ Windows-based devices, where most user information is usually stored, it can roll back malicious changes to files, restoring information that was corrupted.
Bodiless and nex-gen threats
Cybercriminals are constantly inventing new methods to evade detection. Some attacks use no files. Others employ sophisticated code obfuscation methods. Still others use only legitimate instruments and rely on employee inattention. Some inventive groups even search for zero-day vulnerabilities and create exploits for them. Finally, there are craftsman who combine all of those methods. To counter those threats, a multilayered solution is not enough.
Countermeasure: multilayered machine learning (ML2) and non-signature methods of detection. Our next-gen protection technologies are based on machine-learning algorithms that work in static mode (for detection of threats in pre-execution phase) and dynamically (catching activated cyberthreats). Our methods incorporate behavioural engine, an automated exploit prevention subsystem, host-based intrusion prevention, and cloud technologies that do not rely on regular base updates to detect the newest threats.
Targeted attacks
Executing targeted attacks against specific businesses has become much more affordable, so such incidents are more common than they used to be. Though they still require more resources and thorough preparation than casting a wide net, they are also potentially more profitable. Large enterprises with deep pockets are not the only targets, either. Even a small company can become an unwitting link in a supply-chain attack, so no business can consider itself safe from that type of threat.
Countermeasure: an integrated security strategy based on using several security solutions that complement each other. The client part of our solution, installed on each workstation, can integrate with Kaspersky Endpoint Detection and Response or with the Kaspersky Anti-Targeted Attack platform to improve endpoint visibility and automate incident response procedures.
Data leaks
In some industries, data leaks have led to real catastrophe. Client and employee records are top-selling items on the black market. That is especially alarming in the light of GDPR coming into force.
Countermeasure: an increased focus on encryption technologies. Kaspersky Security Center Console can be used for remote centralised administration of various data encryption systems on most popular mobile and desktop platforms (including FileVault 2 for macOS). Moreover, our own encryption technologies can protect your data on a file or entire disk basis.
Of course, the above are not all brand-new. The new version of Kaspersky Endpoint Security for Business contains numerous upgraded and newly introduced features that enhance protection levels, simplify administration and scalability, and help lower the costs of implementation and support.