The private version of the Kaspersky Security Network, aimed mainly at regulated organizations, broadens reputation-based analysis, adds whitelisting capability, and improves third-party integration.
Kaspersky Lab has rolled out the second version of its Kaspersky Private Security Network [KPSN], the private version of its Kaspersky Security Network [KSN] designed for organizations who want to access security from the cloud, but don’t want their data to leave the corporate network. The revamped product adds reputation-based analysis for certificates and for URLs. Organizations can now also add customized lists of these – and of files – that they wish to be white-listed. Kaspersky has also enhanced support for their unidirectional gateway, enhanced third party integration capabilities, and improved the Web interface.
Kaspersky introduced KPSN in January 2016. It is a private cloud that places KSN on a server inside the customer’s network. This allows the organization to receive real-time security protection from the Kaspersky cloud. KPSN uses a data diode protocol – a unidirectional gateway. This ensures that data can be received from the cloud, where cloud-based threat intelligence analyzes suspicious files. However, the data can’t leave the premises, as nothing goes back to the cloud.
“For some customers, talking to the cloud may not be an option,” said Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America. “For them, KPSN ensures that while they can get their security from the big Kaspersky cloud, the information goes one way. It sends nothing to us.”
Pozhogin said that KPSN has performed well in the market since its release.
“It is geared towards larger enterprises with global deployments, and has been received pretty well,” he said. “By design, it is not vertically-specific, but it is used principally by regulated industries, particularly under HIPAA regulations. We have health care system customers, as well as in other regulated industries like financials.” KPSN is scalable to networks with up to 500,000 nodes.
Pozhogin said that Kaspersky considers this a major release of the product.
“It has a lot of things developed specifically in response to requests from the customers,” he said. “It addresses the change in the threat landscape, and enhances the reputation-based analysis.
Analysis of file reputation by hashsum [SHA256 or MD5] was in the product before. This version expands reputation-based analysis to assess certificates and URLs.
“Several recent hacks used stolen certificates, which had been revoked, but this was never checked,” Pozhogin said. “We also didn’t assess URL reputation before. Now whenever someone visits a website, its reputation can be checked against the database.”
The new release also adds the ability of the customer to whitelist files to eliminate false positive detections.
“This provides greater customization of threat intelligence,” Pozhogin indicated. “Customers can use this to whitelist any customer-specific things they want, that we might otherwise flag.”
The platform’s APIs have also been opened up to allow cybersecurity teams to upload third party threat intelligence about file and URL reputation directly to KPSN.
“We have appreciated that KPSN could really become a broader threat intelligence platform if we made it easy to put other providers into it,” Pozhogin said. “So we opened up the APIs in order to do that kind of integration. This particular level of integration is somewhat new for us. We have co-operated with other vendors on endpoints and SIEMs, but we sent our information to their systems. With this platform being the centre of the intelligence, aggregating the information, we had to facilitate their information coming into our system.”
The new release adds support for the CentOs operating system. It also makes significant enhancements to the web interface.
“The interface changes were based on feedback from customers, who thought that some features could have been more intuitive,” Pozhogin noted. “The new interface has a much better look and feel.”
Pozhogin said Kaspersky expects that the new version of KPSN will appeal to partners.
“We are already seeing big partner interest, specifically within the MSP community,” he said. “This is a product that allows them to have conversations with customers who have regulation concerns.”