{"id":6678,"date":"2017-03-21T17:50:07","date_gmt":"2017-03-21T21:50:07","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=6678"},"modified":"2020-02-26T11:11:19","modified_gmt":"2020-02-26T16:11:19","slug":"asa-key-to-true-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/asa-key-to-true-cybersecurity\/6678\/","title":{"rendered":"Adaptive architecture: Key to True Cybersecurity"},"content":{"rendered":"<p>In our experience at Kaspersky Lab, ensuring <a href=\"https:\/\/www.kaspersky.com\/true-cybersecurity?redef=1&amp;reseller=gl_truecs_acq_ona_smm__onl_b2b_blog_ban_______\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">True Cybersecurity<\/a> for enterprise IT infrastructure requires multilayered solutions. By multiple layers we mean not only using overlapping protective technologies or covering different levels of IT network. We also imply that utilized range of \u00a0solutions should possess qualities allowing corporate security to dynamically adapt in line with the ever-changing threat landscape.<\/p>\n<p>Why do we think this approach makes the most sense? Whatever you might think of it, we are participating in an never-ending arms race. By continuously improving protection technologies, we try to make them more effective than the tools and techniques used for cybercriminal activity. But what matters is that we cannot settle for purely reactive measures. To efficiently deflect various attacks, we need flexibility to optimize protection not reactively, but proactively, before new threats are out.<\/p>\n<p>Moreover, we think that a single super-technology that guarantees protection from all threats is a utopian dream. Even a new method demonstrating proven impressive results shortly after its conception will be effective only until cybercriminals strike back.<\/p>\n<h2>Effective protection framework is cyclical<\/h2>\n<p>We think the most viable security architecture is the one described by Gartner. It is based on a cycle of activities and divided into four key areas: Prevent, Detect, Respond, and Predict. Essentially, it assumes intrusion detection and prevention systems should function in concert with threat analytics. Ideally, this strategy helps to create a cybersecurity system that continuously adapts and responds to the emerging challenges of the digital world.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-6482\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020610\/ICS-ASA.png\" alt=\"\" width=\"621\" height=\"347\"><\/p>\n<p>Here is how this adaptive security model could be deployed.<\/p>\n<h2>Prevent<\/h2>\n<p>The \u201cPrevent\u201d segment is, to put it simply, technologies which use iron-clad reasoning to define whether an object is safe or malicious and block in the latter case. This segment includes such solutions as firewalls, signature-based engines, and proactive technologies using machine learning. They are all, in essence, included in all of our products for Next Gen endpoint protection: <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/endpoint?redef=1&amp;THRU&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security for Business<\/a>, <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/virtualization?redef=1&amp;THRU&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security for<\/a> Virtualization, and others.<\/p>\n<p>These solutions don\u2019t need to be managed by a security expert. Most frequently, such systems are managed by general-purpose IT administrators who can also take care of things like databases or local networks. They need a security solution to be robust and hassle-free.<\/p>\n<p>Such products block up to 99% of threats, blocking not only well-known (70%) but also previously unknown (29%) malware. But what about the remaining 1% of advanced threats, which are the most tricky and dangerous? Especially with that 1% inflicting heaviest damage on attacked businesses?<\/p>\n<h2>Detect<\/h2>\n<p>Some objects and events can be classified as inherently malicious, and some could be inherently safe. However, such classification is not always enough. Some of them are in the gray zone \u2014 for example, advanced threats such as APTs, which go to great lengths to evade or mislead security systems.<\/p>\n<p>To control the gray zone, we need the \u201cDetect\u201d level. Security solutions belonging to this layer do not block threats themselves. They serve to detect and report suspicious activity.\u00a0 Such solutions should be managed not by IT generalists, but by skilled infosec professionals.<\/p>\n<p>\u201cDetect\u201d technologies include behavioral analytic systems and dynamic code analyzers. An example of such technologies is the recently launched <a href=\"https:\/\/www.kaspersky.com.au\/enterprise-security\/anti-targeted-attacks?redef=1&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti-Targeted Attack Platform<\/a>. Among its features, it boasts the Targeted Attack Analyzer, which controls network events. It is based on an approach we call HuMachine Intelligence: a seamless fusion of Big Data-based Threat Intelligence, Machine Learning and Human Expertise. It is highly effective because human and machine intelligence work better when they complement each other, rather than work separately and benefit from most relevant globally acquired knowledge of the threat landscape. The Targeted Attack Analyzer detects suspicious activity by analyzing the system\u2019s working patterns and comparing them to \u2018normal\u2019 picture . If any activity does not match the usual state of things, the system alerts personnel. The normal model is created with the help of machine-learning processes functioning both on Kaspersky Lab servers and on customer\u2019s premise. Thus, the system knows what is normal and what is not in certain environment.<\/p>\n<p>As an example, let\u2019s look at a medium-size company that works in the sphere of trade. It does not conduct business with, say, Vietnam. None of the employees are Vietnamese. And one day a computer in the enterprise network connects to a .vn Web resource in the dead of night. The Targeted Attack Analyzer knows that no one from within the organization has ever visited Vietnamese websites. Also, according to the <a href=\"http:\/\/ksn.kaspersky.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Network<\/a>, no one has ever connected to that server. Therefore, the .vn connection is a reason to employ some deep analysis tools. Of course, it could be entirely innocent and coincidental, but it is abnormal, so it makes sense to double-check the incident.<\/p>\n<h2>Respond<\/h2>\n<p>\u201cRespond\u201d is the next logical step in this framework. In our case, the threat can be neutralized with help of both technologies and services, and by the latter we mean work of analysts who investigate attacks and prepare reports.<\/p>\n<p>Kaspersky Lab offers a wide <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/intelligence-services?redef=1&amp;THRU&amp;reseller=gl_kbusinesspost_pro_ona_smm__onl_b2b_kbusiness_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">range of these services<\/a>, including incident research and malware analysis. In addition, we are working on a toolset to optimize these processes by automating evidence collection, searching for compromised endpoints, employing remote configuration, and more.<\/p>\n<p>In the meantime, further development of Kaspersky Anti Targeted Attack platform involves introduction of Endpoint Detection and Response capabilities, which would not only greatly enrich detection context, but also provide response functionality on the scale of the extensive enterprise network. Also, it provides forensic specialists with extended range of data crucial for subsequent incident investigation.<\/p>\n<p>The collected data also helps us to better understand today\u2019s cyberthreat landscape, thus creating more effective protection solutions. This is what the next level is all about.<\/p>\n<h2>Predict<\/h2>\n<p>Various data feeds, obtained through both automatic acquisition (data on malicious links and files) and by expert analysts (APT research), are indispensable assets that can be used to predict future attacks and attack vectors and thus improve security posture. This data, constantly fed into Kaspersky Lab internal analytical systems, is thoroughly assessed. The results of the analysis are used to improve security mechanisms, including adjustments to machine learning processes.<\/p>\n<p>To improve our technologies, we also use data obtained during pentesting and application security analysis (see the \u201cPrevent\u201d section above). Having processed all available information, our technologies can automatically block more threats \u2014 which brings us back to the \u2018Prevent\u2019 level we started our article with.<\/p>\n<p>And there you have it: the never-ending cycle of Adaptive Security Architecture. Ideally, it enables us to stay ahead of cybercriminals, creating and improving security systems according to the current state of the threat landscape and preventing huge losses for businesses.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The never-ending cycle of Adaptive Security Architecture. Ideally, it enables us to stay ahead of cybercriminals, creating and improving security systems.<\/p>\n","protected":false},"author":610,"featured_media":15219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2488,2486,2642,2483],"class_list":{"0":"post-6678","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-asa","10":"tag-humachine","11":"tag-next-gen","12":"tag-true-cybersecurity"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/asa-key-to-true-cybersecurity\/6678\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/asa-key-to-true-cybersecurity\/4599\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/asa-key-to-true-cybersecurity\/16220\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/asa-key-to-true-cybersecurity\/6678\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/asa-key-to-true-cybersecurity\/6678\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/humachine\/","name":"HuMachine"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/610"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=6678"}],"version-history":[{"count":12,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6678\/revisions"}],"predecessor-version":[{"id":33751,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6678\/revisions\/33751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15219"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=6678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=6678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=6678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}