Kaspersky Labs Secret Sauce Uses Woodpeckers

News Analysis: Can the Russian anti-virus vendor innovate fast enough to stay relevant in a hypercompetitive security market?

MOSCOW—Clickety, clack. Clickety, clack. The rhythmic sounds of fingers tapping away at keyboards are coming from Eugene Kasperskys "woodpeckers," who make up a virus-hunting crew responsible for tracking computer threats in real time and who work around the clock to write and ship virus definition updates to millions of computer users.

This is Kaspersky Labs secret sauce, the ability to ship anti-virus signatures every hour on the hour, seven days a week, 365 days a year.

"Were losing this game with computer criminals. There are just too many criminals active on the Internet underground, in China, in Latin America, right here in Russia. We have to work all day and all night just to keep up," Kaspersky said in an interview with eWEEK during an international press tour of his companys headquarters.

Kaspersky, a talkative man who founded the company in 1997 and managed its expansion into markets in the United States, Europe and Asia, is banking heavily on quick response time and added layers of protection to help this 700-employee outfit survive the entrance of Microsoft—and an aggressive push by bigger incumbents—into its bread-and-butter business.

He dismissed talk that security improvements in Windows Vista will make anti-virus software redundant, but was willing to concede that malicious hackers have defeated the stand-alone, signature-based approach to protection.


Security analysts are already writing eulogies for stand-alone, signature-based anti-virus, arguing that the industry will be forced to roll out converged security clients, offering multiple capabilities including anti-spyware, personal firewall, end-point policy enforcement and intrusion prevention as the foundation.

"Were already there," Kaspersky declared, when confronted with the dire predictions. "There are no stand-alone anti-virus products anymore. Its now anti-everything. You have to do things like behavior blocking and heuristic detections and add anti-spam, anti-spyware and anti-rootkit capabilities or your software wont be any good."

Add data leak prevention and patch and configuration management into a single console and this is your new enterprise anti-virus product.

"You need information backup, you need parental controls, you need anti-phishing. Its a different world today. 10 years ago, we were fighting against smart kids who hacked as a hobby. Now, were dealing with criminal gangs that control your computer to make money. Different world, different protections," Kaspersky said.

During the press tour in Moscow, Kaspersky was bombarded with questions about Microsofts emergence as a legitimate security vendor—with Windows OneCare for consumers and the Forefront line of products for the enterprise—but there was no visible sign of fear among the companys employees.

"What do you expect us to do? Just throw up our hands and say we should shut down because Microsoft is a competitor?" asked Natalya Kaspersky, the companys chief executive. "We cant sit back and be afraid. We have to work harder and get better at what we do. Everything else will take care of itself."

Jon Oltsik, a senior analyst with Enterprise Strategy Group, said he believes the security improvements in Windows Vista and Microsofts aggressive approach to selling its security software, directly and via the channel, will definitely affect smaller players like Kaspersky Lab. However, in a discussion with eWEEK he stressed that the Big Three—Symantec, McAfee and Trend Micro—will feel it even more.

"I dont think these guys [Kaspersky Lab] should be underestimating Microsoft," Oltsik said, pointing out that Microsoft has pushed into the market through smart acquisitions of Sybari for anti-virus and Giant Company for anti-spyware protection. Sybari has undergone a major makeover and been rebranded as Forefront, and Giants technology is now powering the Windows Defender software.

Interestingly, Microsoft resells Kasperskys anti-virus scanner to enterprise customers as part of Forefronts multiscanner strategy. The Kaspersky anti-virus kernel is also integrated into products sold by a range of IT vendors, including Aladdin Knowledge Systems, Nokia ICG, F-Secure, G Data Software, Deerfield.com, Alt-N Technologies, MicroWorld Technologies and BorderWare Technologies.

This puts the company in the unique position of competing against its OEM partners. As a differentiator, Kaspersky said the company is shipping a brand-new Version 6.0 engine in its own product suite and is licensing the 5.0 version to partners.

According to research statistics from Gartner, the global market for computer security protection could top $10 billion in 2007, making it a lucrative target even for a company the size of Microsoft.

Natalya Kaspersky, who keeps a close watch on the companys the day-to-day operations in the United States, United Kingdom, France, Germany, the Netherlands, Poland, Japan and China, shrugged aside questions about Microsoft and painted a picture of a company on the rise, building out new technologies and pushing into new markets.

One such rollout is InfoWatch, a separate subsidiary that offers a multilayered approach to data leak detection and prevention. Founded in 2003 and launched primarily in the Russian market, InfoWatch provides monitoring software for e-mail, Internet and Web usage, mail storage and mobile devices.

The company is positioning InfoWatch as a way to help businesses manage compliance requirements and track internal data theft, even from mobile devices.

Nikolai Grebennikov, deputy director in Kasperskys department of innovative technologies, said the new Kaspersky Internet Security 6.0 software will hold its own against the competition. "We have the best virus detection rates and the fastest response time to new threats. We do hourly updates and support more than 1,200 formats of archives and compressed files," he said.

Grebennikov said the company has worked hard on improving scan speeds and system loads by scanning new and modified files only, caching data from previous scans and suspending scanning in case of increased user activity.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The new security suite has also been fitted with a new system for anti-virus scanning of compound objects, optimizing system performance. This helps to address a longstanding complaint that anti-virus software with multiple executables eating away at system resources is an impediment to proper computer usage.

Another improvement, Grebennikov said, is the addition of rootkit detection and removal to the software. He said new proactive detection technology will block hidden objects such as stealth rootkits, keystroke loggers, buffer overflow attacks, data execution attacks and backdoors that turn infected machines into zombies in botnets.

"These integrated threats are the scariest. Any time you find malware thats using rootkit techniques to hide, you have to get really nervous. Some of these threats are very, very sophisticated," Grebennikov said.

Eugene Kaspersky said he sees the enemy as being the sophisticated malware writer who is very familiar with the way anti-virus software works. "They know about anti-virus technologies and theyre developing new ways to bypass the protection software. Sometimes, when I look at the volume of threats we are detecting, I think we are losing this cat-and-mouse game," he said.

Thats why Kaspersky Lab has invested heavily in full-time "woodpeckers," clickety-clacking 24 hours a day, seven days a week.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.