Kaspersky Lab advances expansion plans with London research centre

Kaspersky Lab launches research centre in London as part of plans to expand network of research hubs beyond Russia, China and the US

Kaspersky Lab has launched a research centre in London as part of plans to expand its network of research hubs beyond Russia, China and the US.

Strategically positioned at the heart of the UK’s business capital with the company’s European headquarters, the centre has dedicated office space and resources to help ensure Kaspersky Lab can monitor the cyber crime landscape 24/7.

The Russian information security firm's research facilities analyse more than 350,000 new malware samples each day – an increase of 10,000 a day from 2014.

Kaspersky Lab’s first European research centre will act as a central point in providing real-time threat intelligence to customers and partners in the UK, Europe and across the globe.

The London research centre will be a UK home to those on the front line of the ongoing battle against cyber threats, including the UK members of Kaspersky Lab’s global research and analysis team, as well as the wider anti-malware team.

Researchers at the European centre will work closely with colleagues in other Kaspersky Lab hubs to share insight and understanding of the latest campaigns targeted at financial institutions, critical infrastructure and individual organisations, groups or sectors.

In the past 12 months, Kaspersky Lab has announced discoveries of several advanced persistent threats (APTs), including CozyDuke, DarkHotel, Carbanak, Equation Group and Desert Falcons.

Committed to researching the cyber threat

“The launch of the new research centre reinforces our ongoing commitment to research and development,” said Kaspersky Lab chief technology officer Nikita Shvetsov.

“We have made it our goal to ensure that customers are provided with access to timely information, as and when they need it. As a result, threat intelligence is the backbone of what we do,” he said.

Kaspersky Lab principal security researcher David Emm said the London centre is an opportunity to bring the London-based malware research team into the same room and connect them with colleagues in other research hubs on a common platform to co-ordinate activities locally and internationally.

Read more about Kaspersky Lab

“It enables us to join up the dots more effectively, as well as enabling us to work in a ‘safe zone’ that ensures that the research work we are doing does not affect the rest of the business, such as sales, marketing and tech support,” he said.

According to Shvetsov, more than a third of Kaspersky Lab’s employees are research and development (R&D) specialists, while its global research and analysis team focuses on the analysis and containment of major international cyber espionage campaigns.

 “We’re determined to detect and neutralise all forms of malicious programs, regardless of their origin, purpose or target – whether that be governments, organisations, consumers or critical infrastructure – and the new research centre provides another hub to continue this fight against cyber crime,” he said.

There are currently three malware researchers permanently based in London, in addition to the local R&D team, but with the launch of the new centre, Shvetsov said the company now has the capacity to train more security researchers locally.

Expanding the operation to tackle global risks

Alexander Moiseev, managing director, Europe, at Kaspersky Lab, said: “Security has no borders, so it is vital that we have research hubs in all major regions worldwide.

“The new European research centre is another significant step in our internationalisation strategy and our ongoing battle against cyber crime,” he said.

Kaspersky Lab also recently announced a co-operation agreement with Swedish bio-hacking community BioNyfiken, to understand and analyse the risks of connecting our bodies to the internet through wearable devices.

It has also made a number of enhancements to its product portfolio over the past couple of years, including new products such as Kaspersky DDos Prevention, Kaspersky Fraud Prevention and Critical Infrastructure Protection, as well as threat intelligence services including threat data feeds, intelligence reports and cyber security education for large enterprises.

In coming months, Kaspersky Lab’s R&D will continue its focus on counteracting APT attacks, Shvetsov told Computer Weekly.

In a further expansion of the research network, the company plans to open a facility in Israel by the end of 2015 that will focus on developing protections against targeted attacks.

Development in APTs and target attack defences will draw on intelligence gathered through sensors on the company’s customer networks, lightweight agents for customer endpoints using third-party security software, and Kaspersky sandbox technologies that analyse the behaviour of malware in real environments.

“We have always used our sandbox technology to help improve our products’ automation capabilities, but we are now piloting sandbox technologies in customer environments to help them prioritise the most serious threats to address,” said Shvetsov.

Threat intelligence and fraud prevention

Threat intelligence is the second big direction of R&D at Kaspersky Lab, which is building infrastructure for Interpol to tap into this data.

“We also see a huge potential for the company to provide our knowledge to enterprises in the form of different threat intelligence feeds and services, some of which are already being piloted by key customers,” said Shvetsov.

This threat intelligence is provided in several forms, including machine-readable XML formats such as Stix and Open IOC. These services are likely to be available to the wider market later this summer.

The third big direction for Kaspersky Lab R&D is to look beyond endpoint protection to fraud prevention.

“The full [client-less] platform is scheduled for release in July 2015, a year after we released the agent-based solution for PC, Mac and mobile,” said Shvetsov.

Kaspersky Lab will work with banks and financial institutions to integrate its full anti-fraud platform with existing systems.

Beyond malware research, the next big research frontiers for Kaspersky Lab are vehicle security, as they become increasingly connected to the internet, and critical national infrastructure protection.

Both these areas, said Shvetsov, will see releases of real products later in 2015. However, he said when it comes to protecting critical infrastructure, this tends to be solution-based, not product-based.

“Beyond the network security assessment, penetration testing and security audits, most customers require a custom solution that is a combination of products and services,” he said.

Shvetsov said Kaspersky Lab’s future technology team is also working on a secure operating system as a basis for secure devices in critical infrastructure, industrial control systems and the internet of things in the long term.

In the short term, he said the first deliverable will be Kaspersky Lab’s endpoint critical infrastructure protection software for control systems that are still running on relatively old and insecure operating systems such as Windows XP.

That will be followed by a trusted monitoring system to alert operators of critical infrastructure and industrial systems of potential threats and malicious activity without affecting existing operations.

Read more on Hackers and cybercrime prevention