?

ASKING THE RIGHT QUESTIONS:

TODAYS CYBERTHREAT LANDSCAPE
FOR THE ENTERPRISE

When it comes to cybersecurity, the

landscape is constantly changing. It
can be difficult to understand and keep
up with. Not only do you need to make
sure you have the latest information,
you need to make sure you are asking
the right questions.

$1.4

million

The average cost of downtime for enterprises

following a cyberattack.1

Dont ask if. Ask when.

Building a smart IT security policy starts with asking the right questions. And there is one question that
sits at the top of the list: When will our company be the victim of a cyberattack?
In a world where over 90% of businesses have experienced some sort of external threat, the inevitability
of an attack must be accepted. The consequences of an attack, however, do not have to be.
Ensuring the best protection starts with asking the right questions and knowing the answers that will
round out a comprehensive, thoughtful and robust cybersecurity policy. With cybercriminals actively
seeking access to the data of your company, your clients and your employees, the risks are immense.
But so is our capacity to mitigate them.
At Kaspersky Lab, we have an in-depth understanding of the complexities of the threat landscape. With
our real-time intelligence flow that secures over 270,000 businesses around the world, our customers
trust us to track down the bad guys, understand how they operate, and mitigate the most advanced
and comprehensive attacks.
We deliver results with a combination of superior threat intelligence and advanced tools and
technology that provides a formidable line of defense for enterprise organizations all over the globe.

1. Kaspersky Labs Global IT Security Risks Survey 2015

60%

Number of businesses that have experienced

at least one IT security incident which led
directly to, or related to, financial fraud.2

Where are our biggest vulnerabilities?

While the perception is that the number of threats is decreasing, in reality, the opposite is true. At
Kaspersky Lab, we detect 310,000 new malware samples every day. In fact, this number has increased
from 280,000 samples per day in 2014. Its clear that as the threat landscape continues to change,
companies have to change with it.
When even a 1% difference in detection efficacy rates can mean that thousands of malware samples
slip through over the course of a year, no company can afford to be without a robust cyberthreat
solution.
Nowhere is this more evident than in the costs that companies incur to deal with a data breach. For
enterprises, the average cost of a data breach is $551,000. And, 60% of enterprises find their ability to
function severely impaired, making it much more costly to clean up after an incident than to prevent it
from happening in the first place.
But, it would also be a mistake to see threats exclusively as an external event. In 2015, 73% of
companies had an internal security incident, with top threats coming from software vulnerabilities and
accidental actions by staff, including mistakenly leaking or sharing data.3 By implementing the best
technology solutions, you can ensure that you are not containing malware within your perimeter.
Which data is most vulnerable to a security incident? All of it is. But you can protect the financial
downside with a robust security solution that ensures that you are neither containing malware within
your perimeter nor allowing internal security incidents to happen in the first place or go undetected.

2. Kaspersky Labs Financial Fraud: The Impact on the Corporate Spend

3. Kaspersky Labs Global IT Security Risks Survey 2015

57%

The number of companies that report needing

to pay significant additional costs to remediate
an attack, including legal and consulting fees.4

Have we implemented a robust, multi-layered security system that

protects against all levels of threats?
With risks from all sides of the cyber landscape, it is crucial for your security solution to guard against
many different types of threats.
At Kaspersky Lab, our solutions protect against known, unknown and advanced threats through a
multi-layered approach that uses advanced behavioral technology.
For the 1% of threats that are advanced, our System Watcher tool, Automatic Exploit Prevention (AEP)
and Rollback functionality ensure that your organization is protected against the most pernicious
threats that can inflict serious damage on your business. By applying more advanced heuristic, dynamic
whitelisting and application control tools, we can fight unknown threats that make up 29% of the threat
landscape. Our core, award-winning technology blocks known threats that make up 70% of the threat
landscape.
By understanding the inner workings of some of the most common and the most advanced threats, we
have developed a multi-layered security platform to protect against the threats you can seeand those
you cant.
Our solutions are developed in-house on a single code base, providing the most robust, thorough and
comprehensive threat detection and prevention engine you can ask for, all through a single pane of
glass that allows you to set policies with ease.

4. Kaspersky Labs Global IT Security Risks Survey 2015

205
days

The median number of days for organizations

to detect a security breach.5

Are we focusing on the most dangerous threats that we facethe ones

that can do the most damage?
In the case of advanced persistent threats (APTs), having 205 days of unrestricted access to your system means
that cybercriminals can access your data, your client information and all of your companys files for about six
months before they are discovered. Thats a lot of time to do a lot of damage before you even know theyre there.
Because these attacks target your companys most sensitive data, they are the most important threats your
company can faceand they require a solid, secure defense. Thats where Kaspersky Labs advanced threat
detection technologies come in, using a range of sophisticated behavioral technologies to discern suspicious
patterns, block malicious activities and roll back any harmful actions, including cryptors.
SYSTEM WATCHER
This monitors and collects data on application and other important system activities using
tracking to discern behavioral patterns. This information is provided to the other Kaspersky
Lab protection components weve described. Any activity that corresponds to threat patterns
is dealt with according to administrator-set policiesor by using the default setting, which is
used to terminate the malicious process and quarantine for later analysis.
The driver that intercepts file operations for Kaspersky Labs anti-malware component also
gathers information on changes made to the registry, while the firewall gathers data on the
network activity of applications. All of this information is fed into System Watcher which, in turn,
has its own module capable of reacting to complex system events, such as installation of drivers.
Malicious actions and destructive behavior patterns suggestive of malware are blocked.

10

5. Global Incident Response from HP and Mandiant

AUTOMATIC EXPLOIT PREVENTION (AEP)

As part of System Watcher, this technology specifically targets malware that exploits software
vulnerabilities. Developed through in-depth analysis of the features and behaviors of the most
widespread exploits, the resulting technology is capable of identifying exploit-characteristic behavior
patternsand blocking them from completion.
AEP acts like a safety net, an extra layer of security that complements Kaspersky Labs other
technologies. It works in conjunction with Kaspersky Labs System Watcher.

ROLLBACK
Also part of System Watcher, this continuous, detailed monitoring of systems enables exceptionally
accurate system Rollback functionality, limiting the impact of any infection and returning systems
to previous, secure parameters. Rollback mechanisms are updateable and work with created and
modified executable files, MBR modifications, important Windows files and registry keys.

DEFAULT DENY
Increasingly viewed as the most effective security posture to adopt in the face of ever-evolving,
advanced threats, Default Deny simply blocks all applications from running on any workstation
unless they have been explicitly allowed by the administrator. Since most malware is delivered as an
executable file that cannot be found on any whitelist, organizations that adopt this approach can
thus prevent any malicious file from executing without needing to know what those files actually
are. Default Deny means all new, file based malware varieties are automatically blocked, even for
targeted attacks.

205
21%
days

Percentage of companies that have lost sensitive

data due to internal threats in the past year6

What is the best defense from unknown threats?

Once any file has been checked for known threats, Kaspersky Labs multi-layered technologies then check files as
they execute, relying on behavioral analysis to search for suspicious activity.
How do we determine what constitutes suspicious activity?
Data from the Kaspersky Lab Security Network (KSN) helps us to predict what new threats might look like, how
they might act and how we can reduce their impact. KSN comprises more than 60 million volunteers worldwide
who provide us with real-time information about threats, giving us the information we need to protect against
unknown threats. Traditional signature based responses can take hours; KSNs approach shrinks this time to about
40 seconds.

HEURISTICS
Heuristic analysis provides proactive protection from threats that cant be detected using
signature databases. Kaspersky Labs heuristics enable the detection of new malware or
unknown modifications to known malware. Static analysis scans code for signs of suspicious
patterns associated with malware, while dynamic analysis examines the machine code the file
might try to execute.

HEURISTIC ANTI-PHISHING
In very new phishing attacks where only a small number of users have been affected, Kaspersky
Labs technology can look for additional evidence of suspicious activity. Phishing-based threats
have been the starting point for many recent, highly dangerous advanced threats.

12

6. Kaspersky Labs Global IT Security Risks Survey 2015

HOST INTRUSION PREVENTION SYSTEM (HIPS)

Kaspersky Labs HIPS adds an additional layer of protection, detecting and managing suspicious
applications and activity, preventing threats from launching. HIPS helps control how applications
behave, setting trust levels after the initial analysis. These levels define what resources they can
use, what kind of data they can access or modify. It restricts the execution of potentially dangerous
programs without affecting the performance of authorized, safe applications. An untrusted
application will not be allowed to do anything, including launch.

WHITELISTING
Application control blocks or allows administrator specified applications. Kaspersky Labs approach
is built on Dynamic Whitelistingcontinuously updated lists of trusted applications and software
categories that are only allowed to run according to specified rules and policies. Kaspersky Lab has
a dedicated whitelisting lab and database of more than one billion files, growing at a rate of one
million per day.

KASPERSKY SECURITY NETWORK (KSN)

Effectively a global, cloud-based threat laboratory, Kaspersky Security Network detects, analyzes
and manages known, unknown and new threats and online attack sources in secondsand delivers
that intelligence straight to customer systems.
Using real-time, anonymized data from 60 million endpoint sensors globally, every file that passes
through Kaspersky Lab protected systems is analyzed based on relevant threat intelligence. The
same data ensures the most appropriate action is taken; working together with all the other
components of Kaspersky Labs engine, Kaspersky Security Network enables protection from
unknown threats before signatures are available. While traditional signature-based responses can
take hours, KSNs approach shrinks this time to about 40 seconds.

75.4

million

Unique URLs that were recognized as

malicious by web antivirus components.7

What security technology can I put in place to protect my company

from known threats?
Kaspersky Labs systems for detecting known malware are efficient and effective at dispensing of these threats
so that resources can be spent on analysis of more dangerous threats. For the protection of your systems, this
means that the focus of your security is where it needs to beon advanced threats, while taking care of the 70%
of threats that we classify as known.
There are certain fundamental key technologies that make this possible:
NETWORK ATTACK BLOCKER
Scans all network traffic, using signatures to detect and block network-based attacks, including port
scanning, denial of service (DoS) attacks, buffer overruns and other remote malicious activity.
BLACKLISTING
Kaspersky Labs dedicated team of malware analysts supervise sophisticated, anti-malware robots
that constantly learn from experience through machine learning algorithms. This team also keeps
our database up to date with the latest malware signatures and data.
URL FILTERING
Scans and checks URLs from inbound and outbound traffic against Kaspersky Labs database of
known malicious and phishing sites.
FIREWALL
Unauthorized connections are blocked, decreasing the possibility of infection. Infected or
otherwise compromised machines have their network activity limited, reducing their ability to
spread malware and limiting damage caused by security policy violations.

14

7. Kaspersky Labs IT Threat Evolution report for the third quarter of 2015

Why is a multi-layered approach so important?

Your data is a valuable asset, and cybercriminals know it. Protecting it starts with understanding what
you are dealing with on the threat landscape and asking the right questions so that your organization
has the tools to defend itself.
It is absolutely crucial to use a plausible threat model when building protection. A plausible threat
model includes a number of things that can go wrong, including the possibility of every single
detection technology failure. With a multi-layered approach, you can ensure robust detection and
prevention, even in the case of a single layer being penetrated by a threat.
The attacks on todays cyberthreat landscape cast a wide net, dispersed broadly in the hopes that they
hit some company successfully. This means that even more enterprises have to change their focus
from asking if your company will be attacked to when it will be attacked.
But in your overall security toolkit, technology is just one component. Equally as important is how
these technologies work together to form a multi-layered defense that gives you full protection from
known, unknown and advanced threats.
At Kaspersky Lab, we understand that cybersecurity is a process and a journey. To reach your
destination, you need a partner who has the right multi-layered technology that works together
seamlessly. Over the long term, you need the best threat intelligence available so that you can stay on
top of IT security issues without being consumed by them.
Kaspersky Lab is just such a partner, working with enterprises to answer their most pressing questions
with the development of top-rated security software, best-in-class intelligence services and proactive
data analysis.
If you would like to learn more about the latest thinking on Known, Unknown and Advanced Threats,
watch our video Is It Time to Rethink Your IT Security for a discussion by Kaspersky Labs leading
experts on this topic.

ABOUT KASPERSKY LAB

TRY KASPERSKY LAB
Discover how Kaspersky Labs premium security can protect your business from malware
and cybercrime with a no-obligation trial. Register today to download full product versions
and evaluate how successfully they protect your IT infrastructure, endpoints and confidential
business data.

Kaspersky Lab is one of the worlds fastest-growing cybersecurity companies and the
largest that is privately-owned. The company is ranked among the worlds top four vendors
of security solutions for endpoint users (IDC, 2014). Since 1997, Kaspersky Lab has been
an innovator in cybersecurity and provides effective digital security solutions and threat
intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international
company, operating in almost 200 countries and territories across the globe, providing
protection for over 400 million users worldwide. Learn more at usa.kaspersky.com.

GET YOUR FREE TRIAL TODAY

Contact Kaspersky Lab today to learn more about
Kaspersky Endpoint Security for Business and our
other IT security solutions and services:
usa.kaspersky.com/business-security
(866) 563-3099
corporatesales@kaspersky.com

JOIN THE CONVERSATION

2015 AO Kaspersky Lab. All rights reserved. Registered trademarks

and service marks are the property of their respective owners.

Watch us on
YouTube

Like us on
Facebook

Review
our blog

Follow us
on Twitter

Learn more at usa.kaspersky.com/business-security

Join us on
LinkedIn