Kaspersky Private Security

Network (KPSN)
CYBERCRIME IS GROWING, NOT ONLY IN VOLUME, BUT IN SOPHISTICATION

Targeted Attacks Increased

And Malware
360,000 Threats To
Campaigns New Malicious Files Are Mac
Detected By Kaspersky Lab Machines
every day

Continued Exploitation Growth In Mobile

Of Vulnerabilities Malware
In 3rd Party Software
Supply chain
attack
TYPES OF THREAT AND APPROACHES TO FIGHTING THEM

Look for the solution with the highest detection ratio

Advanced persistent threats

Advanced Manual detection and
0.1 % and cyber-weapons
detection response makes demands
solutions on resources

Targeted attacks
More effective threat
prevention saves Time and
9.9 % and advanced malware
Money

Advanced
automated
prevention
platforms
90 %
Generic malware
WHAT IS NEEDED TO SECURE YOUR BUSINESS?

Multi-layered protection Innovative Security A

against known, unknown technology comprehensive
and advanced threats
Intelligence security platform
that leverages
all three
GLOBAL SECURITY INTELLIGENCE
KASPERSKY SECURITY NETWORK GLOBAL INTELLIGENCE CLOUD

Global security intelligence

• 7 datacenters in 5 regions
KSN

Threat related information from

60 million+ users Kaspersky
• 1.4 Gb incoming global Security Network
statistics per second

Provide data to protection Kaspersky Global

components Users
• More than 600 000 requests
per second
 GLOBAL INTELLIGENCE CLOUD
Global real-time monitoring and responding to new threats and their sources of origin

x2
Kaspersky
Security Network x2

40% of KL users were successfully protected by KSN services

when threats were not listed in offline AV data base

KL solutions proactively detecting more than 93% malicious links

and resources,
20% of them detected by using KSN global statistics
WHY REPUTATION SERVICES ARE MANDATORY?

FAST RESPONSE ON NEW THREATS

Malicious file Upload to Update

Analysis Detection Testing
intercepted update server delivered to user

Several hours with standard signatures

New threat
propagation Protection
Metadata
Detection Upload to KSN Signature DB size in place
begins analysis
Malicious resource lifetime
Several minutes with KSN Updates delivery speed

For advanced threats delay even for few hours can lead to serious negative consequences
and demands immediate response and reaction
KSN DATA FLOW

CATEGORIZED
NETWORK

Kaspersky Kaspersky
Security Center Security Network

Statistics

KSN KL Analyst
Reputation Data
HTTP

Reputation
request / Statistics
response

Mail
Security KATA/EDR
Mobile Virtualization Endpoint
Security Security Security

CUSTOMER Kaspersky Lab

Customers
KSN – PROACTIVE, BUT CLOUD

Segments Physically Data should Cloud

intelligence
isolation divided not leave the can not be
GOVERNMENT requirement infrastructure network used!

Restrictions for High risk of Cloud

intelligence
outbound data Regulatory targeted can not be
FINANCE transfer requirements attacks used!

Cross border Cloud

LARGE Isolated data transfer
intelligence
can not be
ENTERPRISE segments control Unique threats used!
KASPERSKY PRIVATE SECURITY
NETWORK (KPSN)
GLOBAL BENEFITS, LOCALLY DELIVERED
KASPERSKY PRIVATE SECURITY NETWORK (KPSN)
Real-time, cloud-assisted cybersecurity for privacy and compliance-restricted networks

Unique intelligence and Regulatory and security Protection against advanced

global statistics about standards critical networks threats in real time without
threats and modern isolation requirements data transfer outside of
attacks methods within compliance organization infrastructure
organization
infrastructure
KASPERSKY PRIVATE SECURITY NETWORK: KEY FEATURES

On-premise
— Placing KL intelligence data inside organization

Unidirectional & no data out

— Eliminate outbound data transfer
— Updates from KSN in inbound only mode

High performance
— Tens of thousands of clients
Kaspersky Private
Security Network Real-Time updates
— Tens of thousands of clients

Open API
— Integration with 3rd party solutions:
File and URL reputation
KASPERSKY PRIVATE SECURITY NETWORK

CATEGORIZED
NETWORK

Kaspersky Kaspersky
Kaspersky
Private Secutity Network Security Network
Security Center

Reputation Data
Updates

KSN

Reputation
— File Reputation request / Statistics
response
— URL Reputation
— Anomaly
Behavior
Patterns
Mail
KATA/EDR — Anti-spam
Security
Mobile Virtualization Endpoint — Cert info
Security Security Security

Kaspersky Lab
KMP
Customers
FILE REPURATION SERVICES: FILE REPUTATION

Provides file reputation data

Request:
- MD5 / sha256
Response:
- File verdict: good / bad / unknown
- File categories: browsers / dev. tools /
multimedia / internet / etc
- File extended information
FILE REPURATION SERVICES: PATTERN-BASED SIMILARITY

Detects malware behavior patterns

Request:
- File hash sum
- PBS pattern
- Pattern tuning parameters: heuristic
level, scan type
Response: verdict:
- Сancel / detect / suspicious
URL REPUTATION SERVICE

Provides URL reputation data

Request: URL
Response:
- Verdict: reputation (good / bad /
unknown)
- URL categories: phishing / malware /
social networks / porn / etc
ADDITIONAL SERVICES: CERT INFO

Certificates’ reputation
Request:
- Public key’s sha256
- Public key
- Mobile app’s name
- Application store
Response:
- Certificate’s reputation
ANTI-APT SERVICES: HASH SERVICE

Statistical data about running processes,

active network connections
Request:
- File MD5
- Network connections metadata
- Client ID
Response: object popularity data
ANTI-APT SERVICES: HOST INTELLIGENCE SERVICE

Reputation data of IP addresses and domain

names in network traffic
Request:
- Host name
- IP address (IPv4, IPv6)
Response:
- Popularity
- Reputation
- WHOIS
ANTI-SPAM SERVICE

Provides spam reputation data

Request:
- Sender’s IP
- Sender’s name MD5
- Attachment’s name MD5
- URLs from mail body
Response: verdict (spam / not spam)
KPSN DEPLOYMENT (OPTION 1): STANDARD

Internal network

 One-way
interaction
KSN

KPSN KPSN
Kaspersky
services Monitoring
Security Network
system

KL products KPSN
administrator
KPSN DEPLOYMENT (OPTION 2): WITH PROXY SERVER

Internal network

KSN

Kaspersky KPSN KPSN

KL products
Security Network Proxy services

KPSN monitoring KPSN

system administrator
KPSN DEPLOYMENT (OPTION 3): DATA DIODE

EXTERNAL KPSN
NETWORK CATEGORIZED
NETWORK

KSN

DATA DIODE KPSN Internal

Monitoring
KPSN
Kaspersky KPSN System + File
GWO + URL
Security Network GWI + External Reputation +
Reputation +
Monitoring Additional
Anti-Spam
System Services +
KMP
KL Products

Anti – APT
 DATA DIODE: COLLATERAL GENERAL INFORMATION

How Does Data Diode Technology Work?

A "diode" is an electronic component that only allows current to flow in one direction. Similarly,
data diode technology lets information flow safely in only one direction, from secure areas to less
secure systems, without permitting reverse access. A data diode also creates a physical barrier or
“air gap” between the two points. This one-way connection prevents data leakage, eliminates the
threat of malware, and fully protects the process control network. Moreover, a single data diode
can handle data transfers from multiple servers or devices simultaneously, without bottlenecking.

Data diode versus firewall

The primary difference between hardware-based data diodes versus firewalls and unidirectional
gateways is that it is physically impossible to send data of any kind in the reverse direction.
Therefore data diodes are inherently immune to the misconfiguration, back-doors and
vulnerabilities present in these other technologies.
Internet Secret
Certifications
Because of the different nature of data diodes and firewalls, they can be certified up to certain
levels. Some DataDiode, for example, has been certified up to the highest Common Criteria
Evaluation Assurance Level: EAL7+. The highest evaluation level a firewall can achieve is EAL4+.