The key points and implications of the U.S. government ban on the Russian software giant’s cybersecurity products:
Russian anti-virus software company Kaspersky Lab has landed in hot water of late, amid suspicions surrounding its far-reaching access to U.S. government information. This month, the U.S. Department of Homeland Security issued a directive to ban the use of Kaspersky Lab security software in the executive branch, and the Senate also passed draft bill containing an amendment barring the company from military use.
The reverberations of this legislation will be felt throughout government offices at every level, as well as government-regulated agencies like finance and agriculture. Here’s what to know about the ban on Kaspersky, and what this means for cybersecurity.
What is Kaspserky Lab?
Founded in 1997, Kaspersky Lab is a security software company based in Moscow with an estimated 400 million users around the globe, including customers like the Department of State and the National Institutes of Health. The founder and CEO of the company, Eugene Kaspersky, is a billionaire who was educated at a KGB-sponsored college and served in the Soviet military intelligence.
Kaspersky Lab rose to popularity when signature-based malware detection was prevalent. Since most malware originates in Russia (Kaspersky Lab reported this comprises 75% of new malware), the logic was that a Russian company would be the best choice to understand the signature source and combat it.
However, malware identification has since evolved to be more comprehensive, including products that use machine learning to analyze file DNA (like DeepArmor from SparkCognition). Although Kaspersky Lab is still considered an industry leader in security products, it no longer holds an inherent advantage, and in fact, per our internal testing it has only average performance against zero-day and near-zero-day malware (when malicious files are totally unknown to the anti-virus product).
Why was the company banned?
The case against Kaspersky Lab has been building for some time, although the company maintains that it has not colluded with the Russian government. Bloomberg reported that Kaspersky Lab had undergone significant changes in leadership in 2012, filling high-level management positions with people closer to Russia’s intelligence services.
Attitudes towards Russia have turned particularly frosty after evidence of hacking emerged in the 2016 election. Deteriorating relations with the country and signs pointing to government-sponsored cybercrime worldwide spurred the reactions by the General Services Administration and the Department of Homeland Security.
Earlier this month, Senator Jeanne Shaheen referenced classified assessments by intelligence chiefs that seem to indicate a larger problem. She particularly called out that antivirus software must have access to every file it protects (including emails), and information on these files is stored on Kaspersky’s servers in Russia. By law, Kaspersky is required to make transmission data available to the F.S.B. (Russia’s intelligence agency) if requested, and cooperate with the agency’s needs.
What does this mean for cybersecurity?
Though the intelligence community seems set against Kaspersky, the ban seems largely precautionary based on publicly available information. However, in the connected, lightning-paced world of essential cybersecurity, it’s better to be safe than sorry when systems like electrical grids, manufacturing plants, traffic cameras, and other critical infrastructure are at stake. Russia has previously flexed its cyber muscle against Ukraine, actions some have called a training ground for attacks against the U.S.
As of now, the ban only affects government agencies and companies with government contracts (or those vying for them). However, discouragement from the government will likely affect use of the product, particularly from government-regulated agencies and state and local entities. Some have argued that a ban on Kaspersky products makes the cybersecurity market less competitive.
At SparkCognition, we don’t believe a move away from Kaspersky Lab will affect the overall cybersecurity defenses of the United States. Of course, we continue to evolve and stand behind the technologies that power our own security solution, DeepArmor, which has market-leading efficacy against zero-day and polymorphic threats. In addition, SparkCognition has expertise in the sector, with a specialized Defense and National Security team led by former government officials. However, we encourage concerned Kaspersky Lab clients to compare security products for themselves. We’ll even provide instructions on how to do this via a neutral third-party vendor.