The United States Patent and Trademark Office (USPTO) has granted patent 8739287 to Kaspersky Lab for a technology that detects threats in corporate IT infrastructure without compromising confidential information (CI).
Not all threats can be detected using locally installed solutions – some of them require more extensive analysis. To do this, suspicious files are delivered to a special infrastructure operated by the security vendor. This infrastructure has more resources to carry out comprehensive analysis in isolated conditions.
However, most companies use their IT infrastructure to store confidential data. Often it is strictly prohibited to share this information with third parties, either by corporate rules or regulatory requirements.
This means storage space for confidential files is often vulnerable, especially to sophisticated malware that cannot be detected on the client side. These threats include malware with rootkit functions, for example. Kaspersky Lab has developed a new technology that allows corporate network administrators to sift through the content sent for analysis and prevent potentially infected confidential data from leaking.
The technology works by integrating the security solution’s components into the corporate IT infrastructure and collecting metadata. Metadata is information that makes it possible to investigate the characteristics of the data without directly accessing the data itself. This metadata is transferred to an external server for analysis. If that analysis requires further information, the server requests the objects it needs from the corporate infrastructure.
Admins can examine this list, determine which items can be freely shared, and approve the transmission. Once it gets the information it requested, the server completes its analysis in autonomous mode and, if any malware is detected, it will send a notification and – if possible – the tools to fix the problem.
“Companies working with sensitive data become hostages of their privacy – by protecting valuable information from disclosure they expose it to other dangers. However malware infects all files regardless of whether it’s secret or non-secret. It is usually safe to transmit at least part of the infected files for verification, and that enables Kaspersky Lab’s technology to detect the threat and find an appropriate solution without having to access confidential resources,” says Alexey Polyakov, head of the Global Emergency Response Team at Kaspersky Lab and one of the authors of the patented technology.
The technology is already integrated into Kaspersky Endpoint Security 8.0 for Windows and Kaspersky Endpoint Data Protection Edition (Endpoint 10).
Kaspersky Lab continues to obtain more and more patents for its cutting-edge digital security technologies. At present Kaspersky Lab’s portfolio includes 213 patents issued in Russia, the US, the EU and China. In addition to that, 217 patent applications are currently under consideration by the patent authorities in these countries.