Kaspersky Security Solutions for Enterprise 2016

Kaspersky Security Solutions for Enterprise 2016
ENTERPRISE SECURITY. POWERED BY INTELLIGENCE.
Kaspersky Security
Solutions for Enterprise
2016
SECURING THE ENTERPRISE
Cyber-threats are becoming ever more sophisticated. Without effective solutions to mitigate them, enterprises are at
the mercy of cyber-attacks that drain financial resources, disrupt business continuity, leave confidential data exposed
and cause reputational damage. A successful attack is extremely damaging to any enterprise, regardless of the
industry in which it operates.
TAKING ENTERPRISE SECURITY SERIOUSLY
The costs of a security breach are substantial: In Kaspersky Lab’s
2015 Global IT Security Risks Survey, we found that the average
direct recovery cost to an enterprise is US$551,000 – in addition
to indirect costs averaging US$69,000. To avoid these costs and
the disruption associated with them, enterprises must strengthen
the type and level of protection within their IT infrastructure.
Based on the security intelligence which is fundamental to all
our products and services, Kaspersky Lab solutions provide
prediction, prevention, detection and response capabilities
across a variety of enterprise infrastructure segments and
emerging technologies: endpoints, online and mobile, virtual
infrastructure, data centers, industrial control systems, and more.
Kaspersky Lab is a pioneer in helping businesses to upgrade their
security strategies to better defend against the latest advanced
threats and targeted attacks. We offer a unique combination
of technologies and services – all underpinned by world-leading
security intelligence – to help businesses to detect targeted
attacks and mitigate the risk at an earlier stage, before severe
damage is caused.
By addressing every possible stage of IT incidents, Kaspersky
Lab solutions deliver a holistic, adaptive and strategic approach
to enterprise security. Our philosophy is straightforward: best
intelligence combined with the best technologies delivers the
best protection.
2
ENDPOINT SECURITY
Next-generation protection against known, unknown and advanced threats targeting
your endpoints and users
Vulnerabilities in popular programs such as Java, Internet Explorer and Adobe are responsible for some of the biggest
security breaches. And it’s not only zero-day vulnerabilities that are the problem: In 2015, more than 40% of breaches
came from well-known vulnerabilities that were between two and four years old. A full 84% of all cyberattacks occur
on the application layer.
Enterprise IT environments are complex. Hackers and cybercriminals use increasingly sophisticated methods of attack
against them. Without adequate measures to manage their
IT security, enterprises expose themselves to unnecessary risk.
The majority of enterprise cyberattacks are initiated through the
endpoint. If an enterprise can effectively secure every corporate
endpoint, be it static, virtual or mobile, it has a strong foundation
for an effective security strategy.
To deliver zero-second protection against unknown and
advanced threats and the effective detection of targeted attacks,
Kaspersky Lab technologies and threat intelligence continually
evolve to protect your business from even the latest, most
sophisticated threats and exploits.
This protection is further enhanced by powerful control and
data protection tools: Application Control with Default Deny and
System Hardening, integrated Full Disk and File Level Encryption
with Secure Preboot, Intelligent applications and System
Patching, and Centralized Security Management with Kaspersky
Security Center.
3
THE SOLUTION: KASPERSKY ENDPOINT SECURITY FOR
BUSINESS
Kaspersky Lab offers a range of security solutions with tailored
tools and technologies that deliver a range of tools and
capabilities with increasing functionality. All components are
developed in-house and form a common platform which can be
easily adapted to meet the changing needs of business.
EDITIONS OF KASPERSKY ENDPOINT SECURITY FOR BUSINESS
Centralized
Security
Management
Advanced
malware
protection
Server
protection
Web,
Application
and Device
controls
Enterprise
mobility
management
Data
Encryption
Patch
Management
Protection of collaboration
servers, mail servers
and internet gateways
SELECT
ADVANCED
TOTAL
SELECT
ADVANCED
TOTAL
Our SELECT edition includes tools to
manage and protect endpoints, servers
and mobile devices. There are also control
tools inside: including device control
and application control with Default
Deny mode. These allow administrators
to effectively apply policies, ensuring
the security of critical IT infrastructure
elements of any organization. This edition
also includes server protection with anticryptor for shared folders functionality.
The ADVANCED edition includes all
the tools from SELECT as well as data
encryption, including Full Disk and
File Level, and Removable Storages
encryption.
Vulnerability
assessment
tools and the automatic patching of
operating systems and applications are
also included the ADVANCED edition, as is
application control for servers.
Kaspersky TOTAL Security for Business
includes additional technologies to
protect mail servers, internet gateways
and collaboration servers.
4
VIRTUALIZATION SECURITY
Superior, flexible and efficient protection for virtual servers and VDI
When it comes to virtual systems security, enterprises look for the right balance between protection and performance,
as well as the most advanced security capabilities to keep business critical processes safe.
As enterprises continue to roll out virtualized environments across
more of their IT estate, there is an increasing need for security
designed specifically for virtualization. But finding a solution
which provides security capabilities both for your growing Virtual
Desktop Infrastructure (VDI) and your virtual server environment,
while retaining all the performance benefits of virtualization, is not
easy. With all the benefits it provides, virtualization also creates a
number of additional ‘attack surfaces’, presenting cybercriminals
with even more opportunities to target very large businesses.
The solution securing your virtualized infrastructure should deliver
uninterrupted protection, providing enhanced functionality while
still preserving the efficiency of virtual infrastructure.
The unique architecture of Kaspersky Lab’s specialized solution
provides efficient multi-layered virtual machine (VM) protection
without sacrificing performance. The result is significantly
higher consolidation ratios than with traditional anti-malware
solutions. Scanning and update storms are now eliminated,
together with windows of vulnerability or ‘instant-on’ gaps. With
additional layers of protection combined with network attack
blocking mechanisms, Kaspersky Lab’s solution takes corporate
virtualization platform security to a new level.
5
$942K
On average, data breaches involving virtual systems
were more than twice as costly as those involving
physical machines.
Total Direct Damages and Cost
Total Reactive Spend
$454K
No Involverment
Source: KasperskyLab_Global Risks Survey 2015
Involving virtual
systems
Enterprises
For a large Enterprise, the average cost of recovering from a
virtual security breach is over US$940.000, twice as much as for a
comparable incident involving only physical infrastructure.
While an attack on physical nodes leads to the temporary loss
of access to business critical information in 36% of incidents
reported, this rises to 66% when the breach affects virtual servers
and desktops.
servers and VDI
Kaspersky Lab offers two technologies which
KASPERSKY LAB’S UNIQUE LIGHT AGENT TECHNOLOGYallow you to achieve that perfect balance of
LUTION: KASPERSKY SECURITY
KASPERSKY LAB’S UNIQUE LIGHT AGENT
TECHNOLOGY
THE SOLUTION: KASPERSKY SECURITY
optimum
security and preserved performance.
RTUALIZATION
FOR VIRTUALIZATION
right
balance
between
protection
and
performance,
our
agentless solution operates in
ky Lab offers two technologies which
Light Agent
Security virtual Machine (SVM)
tiestoto
keep
business
critical
safe.
Kaspersky
offers
twoprocesses
technologies
which allow
harness
withenqine
core hypervisor technologies, our
ou
achieve
that Lab
perfect
balance
of
• Enhanced security for servers and VDI
• Full scanning
•
Memory
and
Processes
protection
light
agent
solution
offers additional layers of
you
to
achieve
that
perfect
balance
of
optimum
•
Complete
full-sizes
AV databases
m security and preserved performance.
• Apps, Device, Web and Mail control
• Scan task orchestration
protection
to each VM.
security
and
preserved
performance.
ur agentless solution operates in
• Automatic Exploit Pervention technology
• Redundancy and fault-tolerance
To protect VMs, enterprises need only deploy a
Whilehypervisor
our agentless
solution our
operates in harness
with core
technologies,
single Security Virtual Machine SVM , to which
with core
our light agent
ent solution
offershypervisor
additionaltechnologies,
layers of
file-level scan tasks can be offloaded
SVM
solution
on to each
VM. offers additional layers of protection to
provides
centralized
anti-malware
protection
for
each
VM.
ect VMs, enterprises need only deploy a
all
VMs
on
the
host
with
no
extra
resource
ecurity Virtual
Machine
SVM
, to which need only deploy
To protect
VMs,
enterprises
consumption. Built-in fault tolerance and
a single
Machine (SVM), to
l scan tasks
can beSecurity
offloadedVirtual SVM
redundancy gives your security solution the
whichanti-malware
file-level scan
tasks for
can be offloaded.
s centralized
protection
reliability you need for successful business
SVMno provides
centralized anti-malware
on the This
host with
extra resource
operations.
protection
all VMsand
on the host with no extra
vSphere
ption. Built-in
faultfor
tolerance
ХenServer
Deploying a Light gent on each VM means
resource
consumption.
Built-in fault tolerance
ancy gives
your security
solution the
that multi-layered protection and feature-rich
and for
redundancy
gives your security solution
y you need
successful business
Kaspersky
Security
for Virtualization
is tightly
withbe added
security
controls
can
to thepopular
mix.
the reliability you need for successful
business
ons.
Kaspersky
Security for Virtualization
isintegrated
tightly
integrated
with most
most
popular
virtualization
platforms
VMware
vSphere,
KVM,
Microsoft
Security
for
your
VMs,
whetherHyper-V
agentless,and
light
operations.
ona large
each Enterprise,
VM meansthe average cost of recovering
ng a Light gentFor
virtualization
platforms
VMware
vSphere,
KVM,
Microsoft
fromOur
a security solutionagent
Hyper-V
and
Citrix
XenServer.
is
optimized
to
safeguard
based
or
both,
can
be
managed,
together
lti-layered
protection
and feature-rich
Deploying
a Light
Agent on each VM means that Citrix XenServer. Our security solution is optimized to safeguard platform
platformsecurity
performance
by fully by
exploiting
your hypervisor’s
own own
corecore technologies –
multi-layered
protection
and feature-rich
controls
can be added
to the mix.
performance
fully exploiting
your hypervisor’s
technologies
– complementing
security in,
in,for
forexample,
example,VMware Horizon and
controls
can beagentless,
added to
the mix.
Security for
for your
VMs, whether
light
complementingand
and enhancing
enhancing security
Horizon
Citrix
XenDesktop
whether
agentless,
lightVMware
agent based
or and
Citrix
XenDesktop
VDI.VDI.
ased or your
both,VMs,
can be
managed,
together
both,
can be managed,
together
ur physical
endpoints
servers and
your with your physical
servers
and your mobile devices, from
devices endpoints
from a single
console..
a single console.
ky SecurityKaspersky
for Virtualization
be licensed incan
two
depending
on your
businesson
needs
the characteristics
your
Security can
for Virtualization
beways,
licensed
in two ways,
depending
your and
business
needs and theof
characteristics
of your virtual
nfrastructure:
by
the
number
of
virtual
machines
(desktops
plus
servers)
or by
the
number
of
host
server
physical
processor
cores.
infrastructure: by the number of virtual machines (desktops plus servers) or by the number of host server physical processor
cores.
9
6
K
m
H
p
te
V
MOBILE SECURITY
Advanced security, management and control for smartphones and tablets
In Q3 2015, Kaspersky Lab Mobile Security solutions detected 323,374 new malicious mobile programs –
a 1.1-fold increase on Q2 2015 and a 3.1-fold increase on Q1.
Malicious software, websites and phishing attacks aimed at
mobile devices continue to proliferate, while the capabilities of
mobile devices are still developing. As an important productivity
tool at home and at work, mobile devices are tempting targets
for cyber-criminals. The rising use of personal devices for
business purposes (BYOD) expands the range of devices within
the corporate network and creates additional challenges
for IT administrators trying to manage and control their IT
infrastructures.
EMPLOYEES’ PERSONAL DEVICES ARE AN ENTERPRISE RISK
Employees using their mobile devices for work as well as
personal use increase the chance of a company’s IT security
being breached. Once hackers access unsecured personal
information on a mobile device, gaining access to users’
corporate systems and business data is simple.
7
NO PLATFORM IS SAFE
Cybercriminals use a variety of methods to gain unauthorized
access to mobile devices, including infected applications,
public Wi-Fi-networks with low security levels, phishing attacks
and infected text messages. When a user inadvertently visits a
malicious website – or even a legitimate website infected with
malicious code – it puts the security of their device and the data
stored on it at risk. Even connecting an iPhone to a Mac to
charge its battery can result in malicious threats passing from
Mac to iPhone (These threats are relevant to all common mobile
platforms: Android, iOS and Windows Phone.)
THE SOLUTION: KASPERSKY SECURITY FOR MOBILE
Kaspersky Security for Mobile solves these issues by providing
multi-layered protection and a wide range of mobile device
management (MDM) and mobile application management
(MAM) functions. These significantly reduce the time needed
for maintenance of mobile devices and provide secure mobile
access to corporate systems.
The combination of functional encryption and protection against
malware enables Kaspersky Security for Mobile to proactively
protect mobile devices rather than merely isolating a device and
its data.
•Mobile Security: Our mobile security technologies deliver
multi-layered defense against the latest mobile threats plus
a whole host of anti-theft features that can be operated
remotely.
•
Mobile Device Management: Integration with all major
platforms allows the scan and control of devices over-theair (OTA), which significantly improves the protection and
management of devices based on Android, iOS and Windows
phones.
•
Mobile Application Management: Isolated containers for
applications and the option to selectively clear the device’s
memory enables corporate and personal information stored
on the employee’s device to be containerized.
Solution architecture
8
ANTI TARGETED ATTACK
Specialized intelligence-led protection against targeted attacks
Targeted attacks are long-term processes that compromise security and give the attacker control over the victim’s IT,
while evading detection through traditional security technologies.
While some attackers use Advanced Persistent Threats (APTs), which can be very effective but expensive to
implement, other ‘targeted attacks’ are much cheaper to mount and can be just as devastating.These targeted attacks,
using basic techniques - social engineering, stolen employee credentials, legitimate software or even malware
covered by a stolen certificate – may not make the headlines, but they are everywhere.
Most enterprises have already made a major investment
in intraditional IT security solutions, located primarily at gateway
level. However, while these preventative security technologies
can be very effective in protecting against common threats –
including malware, data leakage, network attacks and more –
they are clearly not enough: the overall number of business
security incidents and breaches has not decreased one iota.
Advanced, targeted threats can typically remain undetected for
200 days or more, while cybercriminals silently gather valuable
information and / or impact vital business processes. Preventionbased security technologies may well detect individual incidents,
but will generally fail to recognize that these are just a part of a
far more dangerous and complex ongoing attack.
Left unchecked, a targeted attack is likely to cause severe
damage to the business, including:
• High losses
According to Kaspersky Lab statistics, even a single targeted
attack incident can cost an Enterprise more than $2.5
million,compared to a starting point of $80k for the average
small to medium business.
• Competitive espionage
• Confidential data loss
• Remote control by the attacker of apparently ‘authorized’
business processes
• Stealth manipulation of financial and other critical data
In a survey of Enterprise organizations conducted by Kaspersky
Labin 2015, 1 in 4 organizations (23%) confirmed that they had
already been subjected to at least one targeted attack.
9
The Kaspersky Anti Targeted Attack Platform is part of an
adaptive, integrated approach to enterprise security. Real
time monitoring of network traffic, combined with object
sandboxing and endpoint behavior analysis, delivers detailed
insights into precisely what’s happening right across a business’s
IT infrastructure. This adaptive security approach protects
businesses against the most sophisticated threats, targeted
attacks, new malware – including ransomware and crimeware –
and of course APTs.
By correlating events from multiple layers – including
network,endpoints and the global threats landscape – the
Kaspersky Anti Targeted Attack Platform delivers the near realtime detection of complex threats, as well as generating critical
forensic data to empower the investigation process.
Our industry-leading Global Security Intelligence is one reason
why we can deliver this superior detection performance. No
other security vendor can match the quality and breadth of our
security intelligence, enabling us to protect businesses from an
ever-widening range of threats.
But Global Security Intelligence is just the beginning - the
Kaspersky Anti Targeted Attack Platform also incorporates
powerful detection and analysis technologies, including:
• Multi-layered sensor architecture – for ‘all-round’ visibility.
Through a combination of Network Sensors, Web and Email
Sensors and Endpoint Sensors, the Kaspersky Anti Targeted
Attack Platform provides advanced detection capabilities at
every level of your corporate IT infrastructure.
• Advanced Sandbox – to assess new threats.The result of over
10 years of continuous development, our Advanced Sandbox
offers an isolated, virtualized environment, where suspicious
objects can be safely executed and their behavior observed.
• Powerful analysis engines – for rapid verdicts and fewer
False Positives. Our Targeted Attack Analyzer assesses data
from network and endpoint sensors, rapidly generating threat
detection verdicts for your security team.
Kaspersky Anti Targeted Attack Platform
THE SOLUTION: KASPERSKY ANTI TARGETED ATTACK PLATFORM
Network sensors
web
Analysis
Center
proxy
email
Advanced
Sandbox
Endpoint Sensors
10
KASPERSKY PRIVATE SECURITY
NETWORK
KSN
All the benefits of cloud-based threat intelligence within your perimeter
It takes up to four hours for standard security solutions to receive the information needed to detect and block the
almost 310,000 new malicious programs discovered by Kaspersky Lab every day. Threat intelligence sharing via
Kaspersky Private Security Network provides this information in 30-40 seconds.
Cybercrime is growing not just in volume, but in sophistication
too; while 70% of threats faced by enterprises every day are
known, 30% are unknown, advanced threats that traditional,
signature-based security on its own cannot tackle.
Kaspersky Security Network delivers Kaspersky Lab’s security
intelligence to every system connected to the Internet, ensuring
the quickest reaction times, lowest false positive rates and
maintaining the highest level of protection – even against
unknown, advanced threats.
While all information processed by Kaspersky Security Network
is completely anonymized and disassociated from source, we
recognize that some enterprises require absolute data lockdown. Traditionally this has meant that enterprises haven’t been
able to avail themselves of cloud-based security solutions.
THE SOLUTION: KASPERSKY PRIVATE SECURITY NETWORK
For customers with these specialized needs, Kaspersky Lab
has developed Kaspersky Private Security Network, allowing
enterprises to take advantage of most of the benefits of cloudassisted security without releasing any data whatsoever outside
their controlled perimeter. It’s an enterprise’s personal, local and
completely private version of Kaspersky Security Network.
Kaspersky Private Security Network addresses critical enterprise
cybersecurity concerns without a single piece of data leaving the
local network. Kaspersky Private Security Network:
• Identifies the source of malware and prevents it from spreading
• Identifies and differentiates between targeted attacks and
more general threats
• Minimizes damage caused by cybersecurity incidents
• Assesses incident investigation and remediation requirements
• Reduces false positives
• Complies with strict regulatory, security and privacy standards.
11
Kaspersky Private Security Network can become a source of unique threat intelligence and information for other solutions the
enterprise may be running: Security Operations Center (SOC), SIEM, governance, risk management and compliance, forensics
and remediation processes. All these capabilities can be integrated with Kaspersky Private Security Network data feeds, delivering
a unique insight into your organization’s security and threat readiness.
Secured perimeter
Kaspersky Private
Security Network
Kaspersky
Security Network
Kaspersky
Security
Center
Reputation
updates
• file reputation
• url reputation
• patterns
Statistics
Reputation
requests/answers
Kaspersky Security
Kaspersky Security
Kaspersky
for Mobile Devices Endpoint Security for Virtualization
12
SECURITY FOR DATA CENTERS
Specially designed security technologies for critical areas of data center infrastructure
Business continuity remains a critical factor for enterprises choosing a security solution.
Large enterprises are processing ever-increasing levels of
data. To keep pace with this escalation, organizations need to
rethink not just how they store and access data, but how they
preserve its safety and integrity. The larger the infrastructure, the
greater the quantity of sensitive business data retained, and the
more power and reliability demanded of the security solution
protecting it.
Regardless of whether you operate your own data center or use
the services of third party (through Infrastructure-as-a-Service
or IaaS), your security solution should not only protect all
critical data effectively and continuously: it should also preserve
the performance of data center infrastructure.
Any data center offers numerous attack surfaces vulnerable
to potential exploitation. And as your data center grows in
size, it’s bound to grow in complexity also, offering even more
opportunities to the cybercriminal fraternity. Your security
solution must scale effectively, which means fully integrating
with your existing IT environment, or it will drag down data
center performance levels and reduce overall operational
efficiency as you grow.
THE SOLUTION: KASPERSKY SECURITY FOR DATA CENTERS
We offer solutions that focus on protecting the two essential
areas of you data center: your virtual infrastructure and your data
storage systems. Ideally suited to multi-hypervisor and multiple
storage systems environments, Kaspersky Lab’s solution features:
• Security specifically built for major virtualization platforms,
including VMware, Citrix, Microsoft and KVM.
• Security for network attached storage (NAS) systems including
EMC, NetApp, DELL, IBM, Hitachi and Oracle.
Kaspersky Security for Data Centers is based on our
award-winning security engine and operates as a single
integrated platform, making it easy to integrate with different
data center configurations, and to manage. Centralized
administration means your team can apply unified security
policies across your entire data center, helping to reduce
operating costs.
THIS COMPREHENSIVE SOLUTION:
• Protects your data and systems against cyber-attack
• Provides effective tools for maintaining high levels of
performance and business continuity
• Lets your team manage the security of all virtual and physical
machines in the data center from a single centralized console
13
HYPERVISOR
HYPERVISOR
CORPORATE
USERS
Kaspersky
Security for
Virtualization |
Agentless
Kaspersky
Security for
Virtualization |
Light Agent
Kaspersky Security
for Storage
Kaspersky Security
for Storage
NAS
SAN
14
SECURITY INTELLIGENCE SERVICES
World-leading threat intelligence, expert services and security training
60% of large enterprises plan to utilize threat intelligence services in their security strategy.
Sophisticated threats are constantly emerging and cybercriminals
are developing innovative techniques to outsmart established
security technologies. Traditional security solutions such as antivirus, firewall and intrusion prevention systems alone are no longer
enough for comprehensive protection – today, a new security
approach based on human reaction is required to fill this security
gap.
Cybersecurity awareness and education are critical requirements
for enterprises faced with increasing volumes of constantly
evolving threats.
By sharing our up-to-the-minute intelligence with our customers,
Kaspersky Lab helps enterprises to guard against threats. Our broad
range of intelligence services helps ensure a business’s Security
Operations Center (SOC) and/or IT security team is equipped to
protect the business from the latest online threats.
15
CYBERSECURITY TRAINING
Security employees need to be skilled in the advanced security
techniques that form a key component of effective enterprise
threat management and mitigation strategies, while all employees
should have a basic awareness of the dangers and how to work
securely.
We offer a portfolio of Cybersecurity Awareness training as well
as a broad curriculum of training programs ranging from basic to
expert level in digital forensics and malware analysis.
•Cybersecurity Awareness helps enterprises improve their
employees’ security knowledge – and their company security
as a result.
•Security Education for IT Security Professionals, all levels,
improves the skills of your in-house security experts and
minimizes the risk of incidents.
THREAT INTELLIGENCE
EXPERT SERVICES
Does your SIEM system have adequate cyberthreat detection
capabilities? Can you be sure that you’ll be warned in good
time about the most dangerous threats? Our portfolio of Threat
Intelligence Services is designed to equip enterprises to manage
these risks:
Is your in-house expertise enough to resolve a cyber incident?
Is your IT infrastructure or are your specific applications fully
secured against potential cyberattacks? Our Expert Services are
designed to mitigate and resolve these risks:
• Threat data feeds: Enhance your SIEM solution and improve
forensics capabilities using our up-to-the-minute cyberthreat
data feeds.
•APT Intelligence Reporting delivers exclusive, proactive
access to descriptions of high-profile cyber-espionage
campaigns, including Indicator of Compromise (IOCs).
• Customer-specific Threat Intelligence reporting identifies
externally available critical components of your network.
•Penetration Testing: Learn how to identify the weakest
points in your infrastructure and avoid damage caused
by cyberattacks. Comply with government, industry and
corporate standards (e.g. PCI DSS).
•Application Security Assessment uncovers vulnerabilities in
applications, from large cloud-based solutions, ERP systems,
online banking and other specific business apps to embedded
and mobile apps on different platforms.
• Digital Forensics and Malware Analysis: Reconstruct a detailed
picture of any incident using comprehensive reports, including
incident remediation steps.
16
PROTECTION AGAINST DDOS ATTACKS
Total defense against all types of DDoS attacks
A single DDoS attack can cost a company between US$52,000 and US$444,000, depending on the size of the
business. The cost of organizing a DDoS attack? Around US$200…
As the cost of launching a Distributed Denial of Service (DDoS)
attack has decreased, the number of attacks has increased.
Attacks have become more sophisticated and difficult to guard
against. The changing nature of these types of attacks calls for
more rigorous protection.
Unlike virus attacks that tend to propagate automatically,
DDoS attacks rely on human expertise and insight. The attacker
will research the business they are targeting – assessing
vulnerabilities, and carefully choosing the most appropriate
attack tools to achieve their objectives. Then, working in real time
during the attack, the cybercriminals constantly adjust their tactics
and select different tools to maximize the damage they inflict.
To defend against DDoS attacks, enterprises need a solution that
detects attacks as quickly as possible.
THE SOLUTION: KASPERSKY DDOS PROTECTION
Kaspersky DDoS Protection delivers a total, integrated DDoS
attack protection and mitigation solution that takes care of
every stage necessary to defend your business against all types
of DDoS attack.
17
Kaspersky DDoS Protection starts with special sensor software
that runs on client infrastructure to monitor network traffic.
By continually building up statistical and behavioral analysis data,
the sensor enhances its ability to detect even subtle anomalies
that may signal the start of a DDoS attack. In the event of an
attack, we at Kaspersky Lab alert the customer and offer the
option of redirecting traffic to one of our Cleaning Centers for
remediation. To protect customer privacy, none of our processes
views the content of customer traffic – they only view metadata.
KASPERSKY DDOS PROTECTION ARCHITECTURE
This total defense solution provides:
• Special software sensors, operating within the client’s IT
infrastructure
• A distributed network of traffic clearing centers
• Alerts about possible attacks
• Safety of traffic: the clearing center filters traffic only during an
attack
• Detailed post-attack analysis and reporting on where and how
the attack took place
INTERNET
Kaspersky DDoS
Protection Infrastructure
Cleaning
Center 1
Virtual Tunnels
Cleaning
Center 2
Virtual Tunnels
Your Network
Border
Router
Switch
SPAN
Web Server
Statistics
Kaspersky DDoS Protection
KASPERSKY DDOS PROTECTION ARCHITECTURE
18
FRAUD PREVENTION
Reducing fraud risk for online and mobile financial transactions
In Q1 of 2015 alone, Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online
banking on the computers of 929,082 users. This figure represents a 64.3% increase compared to the previous quarter.
Cyber-criminals have become increasingly adept at developing
sophisticated tools that bypass traditional protection, provide a
route into banking systems, gain access to customer accounts,
and allow them to initiate and tamper with transactions.
THE SOLUTION: KASPERSKY FRAUD PREVENTION
Reacting to fraud attacks after they occur may have been
acceptable a few years ago, but today this simply doesn’t deliver
the protection that banks and customers demand.
Kaspersky Fraud Prevention boosts a bank’s existing security system,
providing a new level of protection against fraud. The solution
protects users’ digital accounts, computers, mobile devices, and the
bank’s systems. By protecting customer accounts and transactions,
Kaspersky Fraud Prevention helps banks to increase customer
loyalty.
Deloitte believes that the financial services sector faces the
greatest economic risk related to cybersecurity and will be
forced to devote greater resources to enhancing the security,
vigilance and resilience of their cybersecurity model.
Kaspersky Fraud Prevention helps financial institutions to stop
hackers from achieving their goal by actively preventing Account
TakeOver, Transaction Tampering, and Identity Theft - eliminating
the threat of fraud before it happens.
The solution also enables the bank’s anti-fraud team to gather
accurate information about each incident, including the details
used to gain access to the account. This information may show, for
example, that a bank is not liable for a fraud incident, subsequently
reducing costs for damages and compensation.
19
Kaspersky Fraud Prevention adds a vital defensive layer to a
bank’s existing fraud protection.
This comprehensive fraud prevention solution:
• Kaspersky Fraud Prevention Clientless Malware Detection
provides server-side technologies that protect 100% of
your customers regardless of what device or platform they
are using. The system allows your bank to detect access by
infected customers at the earliest possible point.
•Provides proactive, root-cause fraud prevention that allows
your bank to react faster
• Kaspersky Fraud Prevention for Mobile helps to protect users
who access their bank accounts from mobile devices (Android,
iOS and Windows Phone).
• Helps banks to boost customer retention, attract new
customers, and increase the adoption and usage of highmargin online and mobile banking.
• Adds multi-channel security for digital banking and payments
• Helps protect all kinds of users – regardless of device
• Delivers ‘frictionless’ security, for a seamless user experience
• Kaspersky Fraud Prevention for Endpoints runs on your
customers’ Windows PCs and Mac computers to provide
powerful root-cause prevention against malware and Internetbased attacks.
• Kaspersky Fraud Prevention User Assessment Service
protects digital banking accounts from Account TakeOver
attempts from criminals trying to gain fraudulent access to
your legitimate customer accounts.
20
EMBEDDED SYSTEMS SECURITY
Powerful protection specifically designed for critical payment systems
Embedded systems are a particular security concern as they tend to be geographically scattered, challenging to
manage and rarely updated. Operating as they do with real money and credit card credentials, ATMs and Point of Sale
devices are targets of choice for cybercriminals, so require the highest levels of focused, intelligent protection.
The Payment Card Industry Data Security Standard (PCI DSS)
regulates many technical requirements and settings for credit
card data based systems. However, security regulations for
ATMs and Point of Sale devices appear to cover only antivirus
based security. A purely antivirus approach is of limited
effectiveness against current ATM/POS threats, as has been
amply demonstrated in recent attacks. Now is the time to apply
approaches like Device Control and Default Deny, already wellproven technologies in other security contexts, to your critical
embedded systems. Most ATMs still run on the Windows XP
OS family even though, after 12 years, support for Windows
XP Embedded ended on January 12, 2016 and for Windows
Embedded for Point of Service on April 12, 2016. There will be no
further security updates or technical support for the Windows XP
operating system.
The overall replacement of ATM and POS systems software is a
long, expensive, and painful process. Besides which, replacing
software often means replacing still-functional, but obsolete,
hardware as well.
21
THE SOLUTION: KASPERSKY EMBEDDED SYSTEMS SECURITY
Kaspersky Lab has created a security solution specifically for
organizations operating ATM and POS systems, reflecting their
unique functionality and OS, channel and hardware requirements,
while focusing on the unique threat environment faced by these
systems and fully supporting the Windows XP family.
Default Deny for Application, Drivers and Libraries, boosted by
Device Control functionality, is the only approach which can ensure
the safety of obsolete critical systems still in use.
Kaspersky Embedded Systems Security offers a ‘Default Deny only’
operational mode, where system requirements start from 256Mb of
RAM and 50Mb HDD space for Windows XP for low- end hardware
systems. There is also an on-demand scan mode supplied by an
optional Antivirus module. This module is powered by the Kaspersky
Security Network, with patch management facilities as required.
So this single solution meets three key objectives:
- Efficient security for ‘difficult to manage’ systems
- Compliance with PCI DSS requirements 5.1, 5.1.1, 5.2, 5.3 and 6.2
- A soft timeline for obsolete systems and hardware replacement
Kaspersky Embedded Systems Security mitigates security risks for embedded systems. The solution has been designed specifically for
ATM and POS systems, protecting the attack surfaces unique to these architectures while respecting related hardware and efficiency
considerations. A single intuitive console gives you the control and visibility you need to manage effective multi-layered security for
your endpoints, your critical systems and your whole IT infrastructure.
Default Deny
Device Control
USB Storages
Drivers
Applications
Antivirus
Libraries
Kaspersky
Embedded Systems
Security
Applications
Drivers
Libraries
USB Storages
22
INDUSTRIAL CYBERSECURITY
Specialized protection for industrial control systems
Although air gaps between industrial floors and the outside world used to be sufficient to offer
a good level of protection, that’s no longer the case. Recent research found that cyberattacks
caused 35% of industrial network malfunction incidents.
Malicious attacks on industrial environments have increased
significantly in recent years. Risk to supply chains and interruptions
to business operations have ranked as the number one business
risk concern globally for the past three years; cyber incident risk
is the number one emerging concern. For businesses operating
industrial or critical infrastructure systems, the risks have never
been greater.
THE SOLUTION: KASPERSKY INDUSTRIAL CYBERSECURITY
Industrial security has consequences that reach far beyond
business and reputational protection. In many instances,
there are significant ecological, social and macro-economic
considerations when it comes to protecting industrial systems
from cyberthreats. All critical infrastructure needs the highest
possible level of protection against a growing range of threats.
The solution is designed to protect complex environments, built
on various industrial control systems. The numerous possibilities
of Kaspersky Industrial CyberSecurity allow organizations to
configure a solution in strict accordance with the requirements
of their specific industrial control system environment. Optimal
configuration for the security technologies and services will
be selected after a full infrastructure audit is carried out by
Kaspersky Lab experts.
At the same time, industrial environments need an integrated
solution that increases the availability of technological processes
by detecting and preventing actions (intentional or accidental)
that result in the disruption or halting of vital processes.
23
Kaspersky Industrial CyberSecurity is designed specifically with
the unique needs of industrial organizations in mind, including
a special focus on preserving the continuity of technological
processes. Flexible, versatile settings mean the solution can
be configured to meet the unique needs and requirements
of individual industrial facilities.
Kaspersky Lab’s approach to protecting
industrial systems is based on more than
a decade’s expertise in discovering and
analyzing some of the world’s most
sophisticated industrial threats. Our deep
knowledge and understanding of the nature
of system vulnerabilities, coupled with our
close collaboration with the world’s leading
law enforcement, government and industrial
agencies, including Interpol, Industrial
Internet Consortium, various CERTS and
regulators has enabled us to take a leadership
role in addressing the unique requirements
of industrial cybersecurity.
KASPERSKY INDUSTRIAL CYBERSECURITY
TECHNOLOGIES
VULNERABILITY
MANAGEMENT
INTEGRATION WITH
OTHER SYSTEMS
This highly specialized solution:
• Provides holistic cybersecurity for
industrial environments
ANTI-MALWARE
INTEGRITY CONTROL
• Offers the full cycle of security services,
from cybersecurity assessment to incident
response
• Supplies unique security technologies that
were developed specifically for industrial
systems
• Minimizes downtime and technological
process delays.
SERVICES
EDUCATION AND INTELLIGENCE
EXPERT SERVICES
•CYBERSECURITY
TRAINING
• CYBERSECURITY
ASSESSMENT
•INTELLIGANCE
REPORTING
•SOLUTION
INTEGRATION
•SIMULATIONS
•MAINTENANCE
•INCIDENT
RESPONSE
CENTRALIZED
MANAGEMENT
INCIDENT
INVESTIGATION
INTRUSION
PREVENTION
SYSTEM
24
TARGETED SECURITY SOLUTIONS
A cost-effective way to put Kaspersky Lab technologies precisely where you need them
One-size-fits-all solutions can’t meet the specific requirements of different devices – all devices within the corporate
network need reliable, specialized protection. Kaspersky Lab’s range of targeted security solutions ensures the security
of individual network components – file and mail servers, internet gateways, collaboration servers.
SECURITY FOR MAIL SERVER
Kaspersky Security for Mail Server protects mail traffic against
spam, phishing links and malware. It supports common email
platforms such as Microsoft Exchange, Linux Mail Server and
IBM Domino. In addition, a Data Loss Prevention (DLP) module
to control the spread of confidential information has been
implemented for the Microsoft Exchange email platform.
SECURITY FOR FILE SERVER
Kaspersky Security for File Server is an efficient, reliable and
scalable solution for the protection of general-access file storage,
with no noticeable effect on system performance. The solution
provides protection against malware for servers based on Linux
and Windows.
25
SECURITY FOR INTERNET GATEWAY
Kaspersky Security for Internet Gateway checks HTTP and
FTP traffic and provides comprehensive protection for your
perimeter against malware and dangerous programs by blocking
the latest current and potential threats.
SECURITY FOR COLLABORATION
Kaspersky Security for Collaboration provides the maximum
level of security for the entire SharePoint environment and its
users. The solution combines effective technologies to protect
against malicious attacks and confidential data leaks with ease
of management and use.
PREMIUM SUPPORT AND PROFESSIONAL
SERVICES
A choice of services to ensure that enterprises extract maximum benefit from Kaspersky Lab
products
When a security incident results in IT system downtime, the
consequences can affect all aspects of a company’s operations.
To avoid such an eventuality, Kaspersky Lab offers a choice of
premium support programs that treat your IT security issues as
high priority at all times and help keep your business running
smoothly.
PREMIUM SUPPORT: MSA ENTERPRISE
Kaspersky Lab’s Maintenance Service Agreement (MSA)
programs are for enterprises that depend on their IT
infrastructure for business continuity and the ongoing delivery of
mission-critical processes. MSA Enterprise is specially designed
for large enterprises with complex environments that require
dedicated, personalized, proactive support around the clock.
• The Implementation Service offers expert assistance and
support to make Kaspersky Lab product deployment seamless
and trouble-free, and to ensure you operate according to best
practices, have optimal settings and make the best use of
Kaspersky Lab’s centralized management software.
• Health Check Service: Following a complete audit of
a customer’s product settings and network environment,
our experts generate a comprehensive report with actionable
recommendations on how to improve security and/or systems
management efficiency.
Kaspersky premium support and professional services deliver
access to the security experts who know the quickest, safest
and most effective way to resolve your issues, as well as:
• Incident response SLAs
PROFESSIONAL SERVICES
• Tailor-made patches
Working in accordance with our established best practices and
methodologies, our security experts are available to assist with
every aspect of deploying, configuring and upgrading Kaspersky
Lab products across your enterprise IT infrastructure and
working with your change control policy.
• High priority response to malware incidents
• Monitoring and reporting
• Single point of contact
26
ABOUT KASPERSKY LAB
Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest one that is privately owned.
Our independence allows us to be more agile; to think differently and act faster. We are constantly innovating, delivering protection
that’s effective, usable and accessible. We pride ourselves on developing world-leading security that keeps us – and every one of our
400 million users and 270,000 corporate clients – a step ahead of potential threats.
Our commitment to people as well as advanced technology also keeps us ahead of the competition. Firmly positioned as one of the top
four leading vendors of security solutions for endpoint users, we continue to improve our market position. Our company is named
a ‘Leader’ in endpoint protection by the ‘big three’ analyst agencies (Gartner, IDC and Forrester).
Visit kaspersky.com/enterprise to find out more about Kaspersky Lab’s unique expertise and our Security Solutions for Enterprise.
27
© 2016 Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property of their respective owners.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement