Kaspersky Lab has announced that it has obtained a patent for a method of protecting cloud services used by antivirus solution developers to more effectively combat cyber-threats and prevent the illegitimate use of cloud services by cybercriminals. Patent no. 8661547 was issued by the US Patent and Trademark Office and describes a technology that safeguards cloud services against false information that might be sent to them.
Manufacturers of security solutions use cloud services to ensure a faster response to emerging Internet threats. Client applications use cloud services as a source of information about new cyber-threats, and to send suspicious files to be assessed by antivirus analysts. However, cybercriminals may try to use the feedback channel to send corrupted data for processing. This may be done to disguise a malicious programme as a secure one, or to compromise legitimate applications.
The newly patented system performs a number of tests before using any information uploaded from a device. The server checks whether the data communication protocol specifications were violated: an unusual sequence of operations or other anomalies while sending data may indicate an attempt by cybercriminals to interfere in the server’s operation. The user-side security application, in turn, analyses the configuration of the user device. The developer can also use other methods to confirm the legitimacy of any uploaded data.
When the collected information has been analysed, the system decides what to do with the data it has received: it can use it to enlarge the database, or ignore it due to the risk of forgery. In addition, a new level of trustworthiness can be assigned to the device based on the results of the device check. Initially this value is set at a low value. This value is taken into consideration on subsequent occasions when the device communicates with the cloud service.
“Kaspersky Security Network is a key element in Kaspersky Lab’s infrastructure. It ensures information about new threats is promptly delivered to users’ computers,” comments Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research at Kaspersky Lab and co-author of the new patent. “Of course this is an attractive target for cybercriminals who want to compromise the security of hundreds of thousands of computers at one time. Therefore, it is important for us to protect Kaspersky Lab’s infrastructure against these attacks and prevent fake information from penetrating into antivirus databases.”
The patented technology is implemented in Kaspersky Security Network – the cloud infrastructure supported by Kaspersky Lab’s home user, SMB and corporate security products. With Kaspersky Security Network, the vendor’s products can always maintain maximum security levels against online threats.
As of late March, Kaspersky Lab held 195 patents issued in the USA, Russia, the European Union and China. 242 more patent applications were being processed by the appropriate authorities. Most patents held by Kaspersky Lab cover technologies related to the operation of security solutions.