Monday, July 16, 2018 4:34:52 PM
Government’s Kaspersky Ban Takes Effect
The government should look to have a better malware defense by incorporating Wave Endpoint Monitor. imo. Having Kaspersky banned should put more emphasis on using better anti-malware products like WEM. If only the right people really knew about WEM and other Wave products.
https://www.nextgov.com/cybersecurity/2018/07/governments-kaspersky-ban-takes-effect/149758/
Pentagon, GSA and NASA contracts will now officially prohibit Kaspersky software.
A new procurement rule took effect Monday barring the Russian anti-virus company Kaspersky Lab or any of its partners or distributors from contracts at the Pentagon, General Services Administration or NASA, despite a last-minute Kaspersky effort to halt the ban.
Kaspersky told a federal appeals court last week that the ban would cause the company “reputational and financial damage” and asked the court to temporarily halt the ban while it considers Kaspersky’s underlying legal challenge.
The U.S. Court of Appeals for the D.C. Circuit denied that request late Friday. The one-sentence ruling stated Kaspersky had “not satisfied the stringent requirements for an injunction pending appeal.”
The December 2017 congressional ban was sparked by intelligence agencies’ allegation that Kaspersky executives are too closely tied to the Kremlin and the Homeland Security Department’s conclusion that a Russian cybersecurity law might compel Kaspersky to help Russian intelligence agencies spy on the U.S. government.
Kaspersky has consistently denied any undue influence by the Kremlin and said the Homeland Security Department is misreading the Russian law.
Kaspersky told Nextgov in a statement that the company “is disappointed that the appellate court did not grant the company’s motion to stay … but remains hopeful that the court will find the law unconstitutional after full consideration of the case on the merits.”
Kaspersky’s broad legal argument against the U.S. ban is that Congress unfairly singled it out for punishment without sufficient legal process—what’s called a “bill of attainder.” A U.S. district court judge dismissed that claim in May, saying Congress’s goal was to protect national security, not to punish Kaspersky.
That’s the ruling Kaspersky is appealing.
Kaspersky software has already been scrubbed from all civilian government systems because of a separate ban imposed by Homeland Security in October. Government lawyers argued that meant it was pointless to stall the congressional ban because it would have no practical effect.
Kaspersky disputed that claim in its unsuccessful argument to the appeal court. Putting the congressional ban into effect will damage Kaspersky’s reputation—and its U.S. private-sector sales—even if the ban itself doesn’t lose the company any business, the motion said.
Kaspersky and the government are scheduled to make oral arguments in the case in September.
Congress is likely to enact similar governmentwide contracting bans targeting the Chinese companies Huawei and ZTE in the 2019 version of an annual defense policy bill that’s currently being squared away by a House-Senate conference committee.
The White House has proposed legislation that would make such bans easier in both civilian and defense agencies
https://www.wavesys.com/malware-protection
Excerpts:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
The government should look to have a better malware defense by incorporating Wave Endpoint Monitor. imo. Having Kaspersky banned should put more emphasis on using better anti-malware products like WEM. If only the right people really knew about WEM and other Wave products.
https://www.nextgov.com/cybersecurity/2018/07/governments-kaspersky-ban-takes-effect/149758/
Pentagon, GSA and NASA contracts will now officially prohibit Kaspersky software.
A new procurement rule took effect Monday barring the Russian anti-virus company Kaspersky Lab or any of its partners or distributors from contracts at the Pentagon, General Services Administration or NASA, despite a last-minute Kaspersky effort to halt the ban.
Kaspersky told a federal appeals court last week that the ban would cause the company “reputational and financial damage” and asked the court to temporarily halt the ban while it considers Kaspersky’s underlying legal challenge.
The U.S. Court of Appeals for the D.C. Circuit denied that request late Friday. The one-sentence ruling stated Kaspersky had “not satisfied the stringent requirements for an injunction pending appeal.”
The December 2017 congressional ban was sparked by intelligence agencies’ allegation that Kaspersky executives are too closely tied to the Kremlin and the Homeland Security Department’s conclusion that a Russian cybersecurity law might compel Kaspersky to help Russian intelligence agencies spy on the U.S. government.
Kaspersky has consistently denied any undue influence by the Kremlin and said the Homeland Security Department is misreading the Russian law.
Kaspersky told Nextgov in a statement that the company “is disappointed that the appellate court did not grant the company’s motion to stay … but remains hopeful that the court will find the law unconstitutional after full consideration of the case on the merits.”
Kaspersky’s broad legal argument against the U.S. ban is that Congress unfairly singled it out for punishment without sufficient legal process—what’s called a “bill of attainder.” A U.S. district court judge dismissed that claim in May, saying Congress’s goal was to protect national security, not to punish Kaspersky.
That’s the ruling Kaspersky is appealing.
Kaspersky software has already been scrubbed from all civilian government systems because of a separate ban imposed by Homeland Security in October. Government lawyers argued that meant it was pointless to stall the congressional ban because it would have no practical effect.
Kaspersky disputed that claim in its unsuccessful argument to the appeal court. Putting the congressional ban into effect will damage Kaspersky’s reputation—and its U.S. private-sector sales—even if the ban itself doesn’t lose the company any business, the motion said.
Kaspersky and the government are scheduled to make oral arguments in the case in September.
Congress is likely to enact similar governmentwide contracting bans targeting the Chinese companies Huawei and ZTE in the 2019 version of an annual defense policy bill that’s currently being squared away by a House-Senate conference committee.
The White House has proposed legislation that would make such bans easier in both civilian and defense agencies
https://www.wavesys.com/malware-protection
Excerpts:
Software can’t always detect malware
The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.
A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.
Wave’s solution: start with the device
If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.