http://www.eweek.com/article2/0,1895,2074772,00.asp By Ryan Naraine December 19, 2006 MOSCOW - Clickety, clack. Clickety, clack. The rhythmic sounds of fingers tapping away at keyboards are coming from Eugene Kaspersky's "woodpeckers," who make up a virus-hunting crew responsible for tracking computer threats in real time and who work around the clock to write and ship virus definition updates to millions of computer users. This is Kaspersky Lab's secret sauce, the ability to ship anti-virus signatures every hour on the hour, seven days a week, 365 days a year. "We're losing this game with computer criminals. There are just too many criminals active on the Internet underground, in China, in Latin America, right here in Russia. We have to work all day and all night just to keep up," Kaspersky said in an interview with eWEEK during an international press tour of his company's headquarters. Kaspersky, a talkative man who founded the company in 1997 and managed its expansion into markets in the United States, Europe and Asia, is banking heavily on quick response time and added layers of protection to help this 700-employee outfit survive the entrance of Microsoftand an aggressive push by bigger incumbentsinto its bread-and-butter business. He dismissed talk that security improvements in Windows Vista will make anti-virus software redundant, but was willing to concede that malicious hackers have defeated the stand-alone, signature-based approach to protection. Security analysts are already writing eulogies for stand-alone, signature-based anti-virus, arguing that the industry will be forced to roll out converged security clients, offering multiple capabilities including anti-spyware, personal firewall, end-point policy enforcement and intrusion prevention as the foundation. "We're already there," Kaspersky declared, when confronted with the dire predictions. "There are no stand-alone anti-virus products anymore. It's now anti-everything. You have to do things like behavior blocking and heuristic detections and add anti-spam, anti-spyware and anti-rootkit capabilities or your software won't be any good." Add data leak prevention and patch and configuration management into a single console and this is your new enterprise anti-virus product. "You need information backup, you need parental controls, you need anti-phishing. It's a different world today. 10 years ago, we were fighting against smart kids who hacked as a hobby. Now, we're dealing with criminal gangs that control your computer to make money. Different world, different protections," Kaspersky said. During the press tour in Moscow, Kaspersky was bombarded with questions about Microsoft's emergence as a legitimate security vendorwith Windows OneCare for consumers and the Forefront line of products for the enterprisebut there was no visible sign of fear among the company's employees. "What do you expect us to do? Just throw up our hands and say we should shut down because Microsoft is a competitor?" asked Natalya Kaspersky, the company's chief executive. "We can't sit back and be afraid. We have to work harder and get better at what we do. Everything else will take care of itself." Jon Oltsik, a senior analyst with Enterprise Strategy Group, said he believes the security improvements in Windows Vista and Microsoft's aggressive approach to selling its security software, directly and via the channel, will definitely affect smaller players like Kaspersky Lab. However, in a discussion with eWEEK he stressed that the Big ThreeSymantec, McAfee and Trend Microwill feel it even more. "I don't think these guys [Kaspersky Lab] should be underestimating Microsoft," Oltsik said, pointing out that Microsoft has pushed into the market through smart acquisitions of Sybari for anti-virus and Giant Company for anti-spyware protection. Sybari has undergone a major makeover and been rebranded as Forefront, and Giant's technology is now powering the Windows Defender software. Interestingly, Microsoft resells Kaspersky's anti-virus scanner to enterprise customers as part of Forefront's multiscanner strategy. The Kaspersky anti-virus kernel is also integrated into products sold by a range of IT vendors, including Aladdin Knowledge Systems, Nokia ICG, F-Secure, G Data Software, Deerfield.com, Alt-N Technologies, MicroWorld Technologies and BorderWare Technologies. This puts the company in the unique position of competing against its OEM partners. As a differentiator, Kaspersky said the company is shipping a brand-new Version 6.0 engine in its own product suite and is licensing the 5.0 version to partners. According to research statistics from Gartner, the global market for computer security protection could top $10 billion in 2007, making it a lucrative target even for a company the size of Microsoft. Natalya Kaspersky, who keeps a close watch on the company's the day-to-day operations in the United States, United Kingdom, France, Germany, the Netherlands, Poland, Japan and China, shrugged aside questions about Microsoft and painted a picture of a company on the rise, building out new technologies and pushing into new markets. One such rollout is InfoWatch, a separate subsidiary that offers a multilayered approach to data leak detection and prevention. Founded in 2003 and launched primarily in the Russian market, InfoWatch provides monitoring software for e-mail, Internet and Web usage, mail storage and mobile devices. The company is positioning InfoWatch as a way to help businesses manage compliance requirements and track internal data theft, even from mobile devices. Nikolai Grebennikov, deputy director in Kaspersky's department of innovative technologies, said the new Kaspersky Internet Security 6.0 software will hold its own against the competition. "We have the best virus detection rates and the fastest response time to new threats. We do hourly updates and support more than 1,200 formats of archives and compressed files," he said. Grebennikov said the company has worked hard on improving scan speeds and system loads by scanning new and modified files only, caching data from previous scans and suspending scanning in case of increased user activity. The new security suite has also been fitted with a new system for anti-virus scanning of compound objects, optimizing system performance. This helps to address a longstanding complaint that anti-virus software with multiple executables eating away at system resources is an impediment to proper computer usage. Another improvement, Grebennikov said, is the addition of rootkit detection and removal to the software. He said new proactive detection technology will block hidden objects such as stealth rootkits, keystroke loggers, buffer overflow attacks, data execution attacks and backdoors that turn infected machines into zombies in botnets. "These integrated threats are the scariest. Any time you find malware that's using rootkit techniques to hide, you have to get really nervous. Some of these threats are very, very sophisticated," Grebennikov said. Eugene Kaspersky said he sees the enemy as being the sophisticated malware writer who is very familiar with the way anti-virus software works. "They know about anti-virus technologies and they're developing new ways to bypass the protection software. Sometimes, when I look at the volume of threats we are detecting, I think we are losing this cat-and-mouse game," he said. That's why Kaspersky Lab has invested heavily in full-time "woodpeckers," clickety-clacking 24 hours a day, seven days a week. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Dec 19 2006 - 23:13:28 PST