This summer (2017), the US House Science Committee asked nearly two dozen US government agencies for information related to their usage of Kaspersky Lab security software. The committee raised concerns that usage of the 20-year-old Russian anti-virus vendor could compromise national security and potentially provide adversaries with sensitive domestic intelligence.
The move is the first step towards a national ban, at the federal level, of Kaspersky products from federal agencies. The move obviously smells of political power exertion to distance the Russian antivirus maker from doing business in the US and in fact, retailer Best Buy already announced that it will no longer sell security products from Kaspersky Lab. The implications to Kaspersky, who enjoy a healthy portion of their revenues from the US market, could potentially be severe.
The move poses several issues and sets a precedent that could have wide and sweeping implications:
Kaspersky Lab is not the only non-US vendor to be doing business with American federal agencies. The precedent being set here could be used to eliminate other vendors from doing business with not only the US government but also commercial businesses in the US. Such moves will impeded innovation and stall technological advances.
Eliminating Kaspersky from conducting business with US federal agencies does not preclude Kaspersky from servicing state and local agencies. This is like putting a band aid on a gaping, bleeding wound.
Even if it is proven that Kaspersky had ties to Russian political powers and its technology could indeed compromise US national security interests, the damage has already been done. US agencies will have 90 days to remove Kaspersky instances from their networks. However, this also provides a time frame for Russian intelligence to exfiltrate any data they may already have access to. It is important to note that none of the allegations (of Kaspersky/Kremlin connection) have been proven true and the US is simply taking a pre-emptive and presumptive approach. However, even if true, the damage has already been done.
If anything, this highlights the fact that relying on legacy, signature-based detection technology is not only dangerous, but largely ineffective. As evidenced by the rapid growth of Managed Detection and Response (MDR) services and vendors, to effectively increase the security posture of an organization, a proactive, always-on, aggressive approach must be taken. The truth is, you should have been rid of Kaspersky already in favour of a platform approach.
MDR based services do not rely on existing, legacy technologies, nor do they rely on ANY technology. The philosophy behind MDR is that organizations will already have protected themselves with various tools and controls and implemented what they consider are effective products (enter NGFW, SIEM, EPP, ...). However, that is not sufficient. In order to continuously protect themselves, organizations must take a proactive approach whereby they hunt for threats and for compromises in their network. Some do this themselves. Others employ MDR vendors to assist.
IntelliGO Networks' MDR service is a cost-effective yet powerful service that answers the following questions:
Can my network be compromised?
Is my network compromised right now?
Once these questions have been answered, IntelliGO's MDR service provides an always-on, proactive, data-intensive threat hunting services that uses both machine and human elements to continually hunt within a network for breaches.
Contact us to perform a FREE Preventive Posture Assessment whereby our team will deploy our proprietary technology and prepare a comprehensive report on the state of your organization's cybersecurity posture.