On the occasion of the Ukraine war, the BSI issued a warning against Kaspersky protection software. The BSI warns that the anti-virus program could be used to carry out backdoor attacks on companies. Users are now probably wondering how they can best protect themselves against it.
The answer is simple: It is important to have a comprehensive overview of all activities in the company network - whether on end devices, in your own data center or in the cloud. Frank Kölmel, General Manager EMEA at Cybereason, summarizes what is important when your own security measures turn against you in a backdoor attack.
Defend backdoor attacks with software
Suitable technologies already exist today to prevent backdoor attacks on companies. Reducing risk starts with giving security leaders or defenders visibility into the entire attack history across devices, applications, cloud deployments and cloud workloads. By shifting away from an alert-centric way of working towards predictive, operation-centric models (so-called “operation-centric” models) that use AI-based XDR (Extended Detection and Response) the next steps of the attackers are predicted.
With this knowledge, backdoor attacks can also be proactively repelled. A year ago, Cybereason patented MalOp (Malicious Operation), for example. This reduces human error, improves the capabilities of security officers and achieves a XNUMXx faster response time to potential risks throughout an organization's network.
Check behavior at the endpoint
In addition, Cybereason can use various mechanisms to detect suspicious behavior of various processes at the endpoint. For example, the exfiltration of large amounts of data or a general connection to specific targets can be traced. The attempt of a process to read sensitive data can also be logged and reported. These mechanisms can be adjusted both by Cybereason and individually (custom detection rules) so that a reaction/detection to new behavior can take place in almost real time. The coexistence of the Cybereason solution with other solutions (multi-vendor) is often desired in order to be able to evaluate such situations better and faster.
More at Cybereason.com
About Cybereason Cybereason offers future-proof protection against attacks by means of a uniform security approach, across all endpoints and across the company, wherever the attack scenarios are relocated. The Cybereason Defense Platform combines the industry's best detection and response methods (EDR and XDR), next generation antivirus solutions (NGAV) and proactive threat hunting to provide contextual analysis of every element within a Malop ™ (malicious operation). Cybereason is a privately held international company headquartered in Boston with customers in over 45 countries.