Kaspersky Lab response clarifying the inaccurate statements published in a Bloomberg Businessweek article on July 11, 2017
Woburn, MA, June 6, 2017 – Kaspersky Lab has released a new generation of its Kaspersky Embedded Systems Security (KESS), a targeted enterprise-grade solution that provides advanced protection for a variety of embedded systems involved in highly sensitive financial operations. The latest version provides multilayered security while allowing businesses to address pressing regulatory requirements.
Cybercriminals today are successfully adopting tactics and techniques of the APT groups involved in bank robberies, giving financial organizations increasing security problems. With the tactics of cybercriminals getting ever more sophisticated and with regulatory pressures also mounting, financial enterprises are up against increasing hurdles when it comes to future-proofing their ATMs, Point of Sale systems and Point of Service machines.
In 2016, there was a rapid development in hi-tech attacks on financial organizations – such as the Metel, GCMAN and Carbanak 2.0 attacks. In 2017, Kaspersky Lab experts ran into even more sophisticated examples. These included mysterious attacks where criminals used fileless in-memory malware to infect banking networks, as well as ATMitch, the traceless malware that cashed out ATMs via remote administration. All of these APT-style attacks combined reconnaissance, social engineering, specialized malware, lateral movement tools and long-term persistence to steal money from financial institutions.
In response to the rise in these cyberthreats techniques, world-leading financial organizations like SWIFT are introducing new mandatory regulations to protect themselves from cybercriminals. These establish security standards and guidelines for the financial sector, including the need for anti-malware protection, vulnerability assessment and security awareness. To support requirements and to boost the protection of financial companies, Kaspersky Lab is providing its enterprise-level customers with efficient security that meets major global compliance standards and gives them the visibility they need.
Multiple cutting-edge innovations within the Kaspersky Embedded Systems Security solution make the infrastructure more transparent, so if an incident or breach occurs, it can be audited or investigated easily. With the new File Integrity Monitor functionality, security specialists can track actions performed with specified files and folders and make sure no alteration of files goes unnoticed. The new version also enables Log Inspection for analyzing activity within a protected system, identifying breaches or abnormal behavior and saving logs for further analysis. With added SIEM Integration, the solution can now also export application logs to the corporate Security Operation Center. All these technologies provide security teams and external auditors with the tools they need to ensure that the infrastructure is compliant and secure.
Even while traditional and widely-used malware can make the low-end hardware and obsolete operating systems often found in embedded systems, an easy target, there are also more sophisticated threats – such as fileless malware that operates in memory. To address these threats, Kaspersky Embedded Systems Security ensures security at both file and memory level with real-time anti-malware protection, on-demand scan and Process and Memory Protection.
Additional security features include USB/CD/DVD access control and centralized firewall management along with Default Deny mode that blocks attempts to run any unauthorized executable code or drivers on ATMs and POS terminals.
"Enterprise-grade organizations, especially in the financial industry, will be under increasing regulatory pressure in the next year, considering the recent rise in incidents with critical embedded systems, like ATMs and POS terminals,” said Dmitry Zveginets, solution business lead, Kaspersky Lab. “Currently, they need to implement several protection tools to meet requirements. To help, we’re offering a dedicated single solution with complete functionality, including File Integrity Monitor and Log Inspector, to address the many protection and compliance concerns of our customers at once.”
To learn more about Kaspersky Embedded Systems Security, visit our corporate website. The solution is available globally as a part of Kaspersky Lab’s enterprise portfolio.
About Kaspersky Lab
Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.
Woburn, MA, July 13, 2017 – Kaspersky Lab has released a new generation of its Kaspersky Endpoint Security Cloud, a multi-tenant cloud console solution for small and medium-sized businesses (SMBs) and managed service providers (MSPs) overseeing customer infrastructures remotely.
New multi-year partnership adds next-generation on and off-track cybersecurity