Newly patented technology using machine learning will support businesses fighting advanced threats, by discovering lateral movement in corporate networks – even through encrypted traffic
In the last 12 months, enterprise businesses paid up to 1.2 million dollars for recovery from targeted attacks. But to fight off one of these attacks, a business needs multiple methods of defense. These include experienced security teams, global security intelligence and immense cybersecurity tools. An innovation from Kaspersky Lab is set to help businesses cope with this challenge - as part of its mission to arm businesses with the cutting-edge cybersecurity solutions they need, the leading cybersecurity company, has patented new technology that automates the detection of one of the most effective weapons in a cybercriminal’s arsenal – remote control tools.
Cybercriminals take remote control of victims’ computers in order to conduct malicious activities unnoticed, often reaching out to Command-and-Control servers through encrypted communication channels. Once installed on a user's computer, remote control tools gain administrator access, giving cybercriminals the capacity to obtain confidential information about the user, and allowing them to perform any activity on that computer, including transmitting information about the results of their operations to computer network attackers. This is especially dangerous in corporate networks, where intellectual property can be unearthed and unlimited damage caused, if remote control goes undetected.
To efficiently and effectively detect remote control programs, antimalware solutions need to leverage complex behavioral protection systems. With its latest patent, Kaspersky Lab has expanded its abilities in this area, with new technology capable of detecting remote control applications, even if they run on encrypted channel.
The new technology works by analyzing application activity, and searching for anomalous behavior across a user’s computer. It picks up on any dependencies between activities occurring on the computer, and their causes. By comparing these dependencies with defined patterns of behavior, the technology can then make a decision about the registration of the remote attacker's computer. It can then identify the remote control being used via unknown or even compromised safe applications, or their components.
“The detection of remote control attacks in encrypted channels is crucial for targeted attack protection, as this is the early stages of the kill chain. Remote control tools are distributed within the network during the search for, and theft of, valuable data. That’s why it is important to be able to detect such behavior in a very beginning. This technology will allow security officers to prevent incidents where previous layers of protection have failed to work,” Artem Serebrov, Head of Research & Development of Anti Targeted Attack Platform at Kaspersky Lab, commented.
The newly patented technology will become the part of Kaspersky Anti Targeted Attack solution starting 2018. Kaspersky Anti Targeted Attack is part of the Kaspersky Lab enterprise security portfolio, which covers different areas of IT security such as endpoint protection, DDoS protection, cloud security, advanced threat defense and cybersecurity services. To learn more about our Next Generation enterprise portfolio, please visit our website.