IT Intelligence Bulletin – Newly patented technology using machine learning will support businesses fighting advanced threats, by discovering lateral movement in corporate networks – even through encrypted traffic.
In the last 12 months, enterprise businesses paid just under 1 million pounds for recovery from targeted attacks. But to fight off one of these attacks, a business needs multiple methods of defense. These include experienced security teams, global security intelligence and immense cybersecurity tools.
An innovation from Kaspersky Lab is set to help businesses cope with this challenge – as part of its mission to arm businesses with the cutting-edge cybersecurity solutions they need, the leading cybersecurity company, has patented new technology that automates the detection of one of the most effective weapons in a cybercriminal’s arsenal – remote control tools.
Cybercriminals take remote control of victims’ computers in order to conduct malicious activities unnoticed, often reaching out to Command-and-Control servers through encrypted communication channels. Once installed on a user’s computer, remote control tools gain administrator access, giving cybercriminals the capacity to obtain confidential information about the user, and allowing them to perform any activity on that computer, including transmitting information about the results of their operations to computer network attackers. This is especially dangerous in corporate networks, where intellectual property can be unearthed and unlimited damage caused, if remote control goes undetected.
This report continues after the following message from HG Insights:
To efficiently and effectively detect remote control programs, antimalware solutions need to leverage complex behavioral protection systems. With its latest patent, Kaspersky Lab has expanded its abilities in this area, with new technology capable of detecting remote control applications, even if they run on encrypted channel.
The new technology works by analysing application activity, and searching for anomalous behavior across a user’s computer. It picks up on any dependencies between activities occurring on the computer, and their causes. By comparing these dependencies with defined patterns of behavior, the technology can then make a decision about the registration of the remote attacker’s computer. It can then identify the remote control being used via unknown or even compromised safe applications, or their components.
“The detection of remote control attacks in encrypted channels is crucial for targeted attack protection, as this is the early stages of the kill chain. Remote control tools are distributed within the network during the search for, and theft of, valuable data. That’s why it is important to be able to detect such behavior in a very beginning. This technology will allow security officers to prevent incidents where previous layers of protection have failed to work,” commented Artem Serebrov, Head of Research & Development of Anti Targeted Attack Platform at Kaspersky Lab.
The newly patented technology will become the part of Kaspersky Anti Targeted Attack solution starting 2018. Kaspersky Anti Targeted Attack is part of the Kaspersky Lab enterprise security portfolio, which covers different areas of IT security such as endpoint protection, DDoS protection, cloud security, advanced threat defense and cybersecurity services.
Send HG Insights your news
Have you got IT news you would like the HG Insights news team to cover? Maybe you have the inside track on a major IT news story or have heard something significant or of interest to the global IT sector. We value all contributions.
Email all press releases / information to News@HGInsights.com and one of our journalists will get back to you.