From the sudden need for home office workplaces to targeted attacks on industry – classic tools for protecting the network are no longer enough. Companies need packaged solutions that combine more protection. Peter Aicher, Presales Manager at Kaspersky Labs, provides a webcast of the Computerwoche about the advantages. Specialist journalist Sven Hansel from Computerwoche moderates the webcast and gets on with a current thesis: Especially now that cybercriminals are exploiting weaknesses in the home office infrastructure, companies need more protection.
A survey of webcast viewers shows that 76 percent have to manage laptops in terms of security, 71 percent also have home office workstations and 65 percent also have servers in their own data center. Virtual clients (VDI) are added to 35 percent and servers in the cloud to 18 percent.
Why are endpoints so under fire? It is logical for Aicher: “The endpoint is usually the place where the data is processed.” The number of endpoints is growing, a user often has more than one device. Aicher therefore also expects 1.5 mailboxes, because in addition to its own mailboxes are also used. And the complexity of the threats increased by 15 percent from 2017 to 2019. The financial consequences of a data breach are also increasing.
“Kaspersky continues to focus on the endpoint, which is still the most common entry point. Cybercriminals can also get in relatively easily,” said Aicher. According to figures from the security specialist, 53 percent of companies confirm that their endpoints have been attacked, most of which it took months to discover. The situation is exacerbated by the fact that 65 percent of user companies have difficulty finding employees for cybersecurity.
“What could be a solution?” The moderator wants to know. Aicher outlines the system as follows: First, the company needs a strong endpoint protection platform with URL filter, behavior analysis and other, including file-less threats. Another solution docks onto this, namely the sandbox. The third point is Endpoint Detection and Response (EDR). “Kaspersky provides this integrated with a high degree of automation,” emphasizes Aicher. It is also important to provide users with individual training so that the incident does not happen if possible.
“Everything that we can do automatically in terms of detection technology is in Kaspersky Endpoint Protection,” says Aicher. He differentiates between “protection” (the last option to stop something) and “control”. The latter means “to restrict a lot in advance, that has to be defined,” said the expert. And always applies: “If the base is not properly configured and working, tools above it cannot solve this!”
Aicher takes a closer look at the topic of sandboxes. This consists of a system that makes Windows systems available, whereby conspicuous files get their own Windows system in which they can let off steam. “That means: you can take your time for this analysis without disturbing the user.” The Kaspersky sandbox receives updates and the test methods are updated. “We can always correlate. If an object does nothing bad but then downloads something undesirable, you can take a step back,” says Aicher. Because many attackers try to stay under the radar. “That’s why we have to get more visibility into the systems,” says the expert, who also demonstrates this with a demo.
The aim of the solutions is to understand and ward off threats. So it scans for generated or imported IoCs and responds automatically. The user receives comprehensive information about the incident and the causes are analyzed. Finally, the attack’s path of propagation is considered to understand how this incident occurred in history.
At the end of the webcast, a viewer wants to know whether home office workplaces are integrated into this solution. Aicher said: “Kaspersky has its own solutions for the home office space because you cannot expect the user to make security-related decisions.” He advocates a cloud solution here: “It doesn’t matter where the user is sitting!”
Watch the webcast here