Kaspersky Lab has successfully patented technology that enhances the effectiveness of network traffic scanning for the presence of cyber threats. Patent 8650646 issued by the United States Patent and Trademark Office (USPTO) describes a method for minimizing the volume of checked data without affecting the reliability of a protection system. Rospatent, the Russian Federation Patent office, earlier issued patent RU2488880 for the same invention.
Thanks to Intrusion Detection Systems (IDS) that analyze the data that passes through a corporate or home network, comprehensive security solutions are capable of detecting and intercepting cyber threats before they penetrate a computer. However, as network streams grow, more and more resources are required to analyze the data in them, which causes delays when working on a network. In a corporate environment this can have a negative effect on business processes.
There are a number of methods to speed up scanning of network data streams in order to identify threats, but they often entail a loss of effectiveness; an increase in processing speed brings with it an increased likelihood of network threats passing through unnoticed in the data stream.
However, the patented technology can reduce data processing times without impacting the level of security. This is achieved by selectively checking data in network streams. These selective checks are generated using databases that store statistics about previously detected threats.
For the method to operate properly, at least one element in the security system has to check all network traffic for the presence of threats. This enables the databases to receive new information that can optimize the work of other network nodes that are monitoring traffic streams. Traps set to attract the attention of cybercriminals – so-called honeypots – can also act as a source of information. These resources can gather information about cybercriminal activity and the types of tools they use.
Implementation of the system does not require all its elements to be deployed in a single local network. The security solution vendor can maintain the databases and resources used to gather information about threats. This allows customers to enjoy the benefits of the patented method and receive up-to-date information about the latest network threats from the vendor’s online services without having to deploy their own honeypots.
The patented technology is currently implemented in Kaspersky Lab solutions for home users, small businesses and corporate customers that are equipped with the IDS module. This includes Kaspersky Internet Security, Kaspersky PURE, Kaspersky Small Office Security and Kaspersky Endpoint Security for Business.
As of early February 2014, Kaspersky Lab’s intellectual property portfolio included over 190 patents issued in the US, Russia, EU and China. Over 240 other patent applications have been filed with patent authorities.