Kaspersky patents technology for optimised scanning of network traffic
By Digital News Asia March 26, 2014
- Minimises volume of checked data without affecting reliability of a protection system
- Patented technology currently implemented in Kaspersky solutions with IDS module
KASPERSKY Lab has successfully patented technology that it claimed enhances the effectiveness of network traffic scanning for the presence of cyber threats.
Patent 8650646 issued by the United States Patent and Trademark Office (USPTO) describes a method for minimising the volume of checked data without affecting the reliability of a protection system.
Rospatent, the Russian Federation Patent office, earlier issued patent RU2488880 for the same invention, the company said in a statement.
Thanks to Intrusion Detection Systems (IDSes) that analyse the data that passes through a corporate or home network, comprehensive security solutions are capable of detecting and intercepting cyber threats before they penetrate a computer.
However, as network streams grow, more and more resources are required to analyse the data in them, which causes delays when working on a network.
In a corporate environment this can have a negative effect on business processes, Kaspersky Lab said.
There are a number of methods to speed up scanning of network data streams in order to identify threats, but they often entail a loss of effectiveness; an increase in processing speed brings with it an increased likelihood of network threats passing through unnoticed in the data stream.
However, Kaspersky Lab’s patented technology can reduce data processing times without impacting the level of security, the company claimed.
This is achieved by selectively checking data in network streams. These selective checks are generated using databases that store statistics about previously detected threats.
For the method to operate properly, at least one element in the security system has to check all network traffic for the presence of threats. This enables the databases to receive new information that can optimise the work of other network nodes that are monitoring traffic streams.
Traps set to attract the attention of cybercriminals – so-called honeypots – can also act as a source of information. These resources can gather information about cybercriminal activity and the types of tools they use.
Implementation of the system does not require all its elements to be deployed in a single local network. The security solution vendor can maintain the databases and resources used to gather information about threats.
This allows customers to enjoy the benefits of the patented method and receive up-to-date information about the latest network threats from the vendor’s online services without having to deploy their own honeypots, Kaspersky Lab said.
The patented technology is currently implemented in Kaspersky Lab solutions for home users, small businesses and corporate customers that are equipped with the IDS module. This includes Kaspersky Internet Security, Kaspersky PURE, Kaspersky Small Office Security and Kaspersky Endpoint Security for Business.
As of early February 2014, Kaspersky Lab’s intellectual property portfolio included over 190 patents issued in the United States, Russia, the European Union and China. Over 240 other patent applications have been filed with patent authorities.
315,000 new malicious files detected every day: Kaspersky Lab
Cloud stoking demand for network security in Asia Pacific: Frost & Sullivan
IBM tops patents list, taps three from Malaysia