[ISN] Kaspersky Lab's Secret Sauce Uses 'Woodpeckers'

From: InfoSec News (alerts@private)
Date: Tue Dec 19 2006 - 23:03:35 PST


http://www.eweek.com/article2/0,1895,2074772,00.asp

By Ryan Naraine
December 19, 2006 

MOSCOW - Clickety, clack. Clickety, clack. The rhythmic sounds of 
fingers tapping away at keyboards are coming from Eugene Kaspersky's 
"woodpeckers," who make up a virus-hunting crew responsible for tracking 
computer threats in real time and who work around the clock to write and 
ship virus definition updates to millions of computer users.

This is Kaspersky Lab's secret sauce, the ability to ship anti-virus 
signatures every hour on the hour, seven days a week, 365 days a year.

"We're losing this game with computer criminals. There are just too many 
criminals active on the Internet underground, in China, in Latin 
America, right here in Russia. We have to work all day and all night 
just to keep up," Kaspersky said in an interview with eWEEK during an 
international press tour of his company's headquarters.

Kaspersky, a talkative man who founded the company in 1997 and managed 
its expansion into markets in the United States, Europe and Asia, is 
banking heavily on quick response time and added layers of protection to 
help this 700-employee outfit survive the entrance of Microsoftand an 
aggressive push by bigger incumbentsinto its bread-and-butter business.

He dismissed talk that security improvements in Windows Vista will make 
anti-virus software redundant, but was willing to concede that malicious 
hackers have defeated the stand-alone, signature-based approach to 
protection.

Security analysts are already writing eulogies for stand-alone, 
signature-based anti-virus, arguing that the industry will be forced to 
roll out converged security clients, offering multiple capabilities 
including anti-spyware, personal firewall, end-point policy enforcement 
and intrusion prevention as the foundation.

"We're already there," Kaspersky declared, when confronted with the dire 
predictions. "There are no stand-alone anti-virus products anymore. It's 
now anti-everything. You have to do things like behavior blocking and 
heuristic detections and add anti-spam, anti-spyware and anti-rootkit 
capabilities or your software won't be any good."

Add data leak prevention and patch and configuration management into a 
single console and this is your new enterprise anti-virus product.

"You need information backup, you need parental controls, you need 
anti-phishing. It's a different world today. 10 years ago, we were 
fighting against smart kids who hacked as a hobby. Now, we're dealing 
with criminal gangs that control your computer to make money. Different 
world, different protections," Kaspersky said.

During the press tour in Moscow, Kaspersky was bombarded with questions 
about Microsoft's emergence as a legitimate security vendorwith Windows 
OneCare for consumers and the Forefront line of products for the 
enterprisebut there was no visible sign of fear among the company's 
employees.

"What do you expect us to do? Just throw up our hands and say we should 
shut down because Microsoft is a competitor?" asked Natalya Kaspersky, 
the company's chief executive. "We can't sit back and be afraid. We have 
to work harder and get better at what we do. Everything else will take 
care of itself."

Jon Oltsik, a senior analyst with Enterprise Strategy Group, said he 
believes the security improvements in Windows Vista and Microsoft's 
aggressive approach to selling its security software, directly and via 
the channel, will definitely affect smaller players like Kaspersky Lab. 
However, in a discussion with eWEEK he stressed that the Big 
ThreeSymantec, McAfee and Trend Microwill feel it even more.

"I don't think these guys [Kaspersky Lab] should be underestimating 
Microsoft," Oltsik said, pointing out that Microsoft has pushed into the 
market through smart acquisitions of Sybari for anti-virus and Giant 
Company for anti-spyware protection. Sybari has undergone a major 
makeover and been rebranded as Forefront, and Giant's technology is now 
powering the Windows Defender software.

Interestingly, Microsoft resells Kaspersky's anti-virus scanner to 
enterprise customers as part of Forefront's multiscanner strategy. The 
Kaspersky anti-virus kernel is also integrated into products sold by a 
range of IT vendors, including Aladdin Knowledge Systems, Nokia ICG, 
F-Secure, G Data Software, Deerfield.com, Alt-N Technologies, MicroWorld 
Technologies and BorderWare Technologies.

This puts the company in the unique position of competing against its 
OEM partners. As a differentiator, Kaspersky said the company is 
shipping a brand-new Version 6.0 engine in its own product suite and is 
licensing the 5.0 version to partners.

According to research statistics from Gartner, the global market for 
computer security protection could top $10 billion in 2007, making it a 
lucrative target even for a company the size of Microsoft.

Natalya Kaspersky, who keeps a close watch on the company's the 
day-to-day operations in the United States, United Kingdom, France, 
Germany, the Netherlands, Poland, Japan and China, shrugged aside 
questions about Microsoft and painted a picture of a company on the 
rise, building out new technologies and pushing into new markets.

One such rollout is InfoWatch, a separate subsidiary that offers a 
multilayered approach to data leak detection and prevention. Founded in 
2003 and launched primarily in the Russian market, InfoWatch provides 
monitoring software for e-mail, Internet and Web usage, mail storage and 
mobile devices.

The company is positioning InfoWatch as a way to help businesses manage 
compliance requirements and track internal data theft, even from mobile 
devices.

Nikolai Grebennikov, deputy director in Kaspersky's department of 
innovative technologies, said the new Kaspersky Internet Security 6.0 
software will hold its own against the competition. "We have the best 
virus detection rates and the fastest response time to new threats. We 
do hourly updates and support more than 1,200 formats of archives and 
compressed files," he said.

Grebennikov said the company has worked hard on improving scan speeds 
and system loads by scanning new and modified files only, caching data 
from previous scans and suspending scanning in case of increased user 
activity.

The new security suite has also been fitted with a new system for 
anti-virus scanning of compound objects, optimizing system performance. 
This helps to address a longstanding complaint that anti-virus software 
with multiple executables eating away at system resources is an 
impediment to proper computer usage.

Another improvement, Grebennikov said, is the addition of rootkit 
detection and removal to the software. He said new proactive detection 
technology will block hidden objects such as stealth rootkits, keystroke 
loggers, buffer overflow attacks, data execution attacks and backdoors 
that turn infected machines into zombies in botnets.

"These integrated threats are the scariest. Any time you find malware 
that's using rootkit techniques to hide, you have to get really nervous. 
Some of these threats are very, very sophisticated," Grebennikov said.

Eugene Kaspersky said he sees the enemy as being the sophisticated 
malware writer who is very familiar with the way anti-virus software 
works. "They know about anti-virus technologies and they're developing 
new ways to bypass the protection software. Sometimes, when I look at 
the volume of threats we are detecting, I think we are losing this 
cat-and-mouse game," he said.

That's why Kaspersky Lab has invested heavily in full-time 
"woodpeckers," clickety-clacking 24 hours a day, seven days a week.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Dec 19 2006 - 23:13:28 PST