Toward the end of the 1980s, computer virology came about as a response to the growing proliferation of malicious programs. Fast-forward 30 years, and virology has evolved (rather, merged \u2013 in ecstasy \u2013 with adjacent fields) into the cybersecurity industry, which now often dictates the development of being<\/span> IT: given inevitable competition, only the technology with the best protection survives.<\/p>\n In the 30 years since the end of the 1980s, we (AV companies) have been called quite a few different colorful and\/or unsavory names. But the most accurate in recent years, IMHO, is the meme cyber-paleontologists<\/em>.<\/p>\n Indeed, the industry has learned how to fight mass epidemics: either proactively (like we protected users from the largest epidemics of recent years \u2013 Wannacry<\/a> and ExPetr<\/a>), or reactively (using cloud-based threat-data analysis and prompt updates) \u2013 it doesn\u2019t matter. But when it comes to targeted<\/em> cyberattacks, there\u2019s still a long way to go for the industry on the whole: only a few companies have sufficient technical maturity and resources to be able to cope with them, but if you add an unwavering commitment to expose any and all cyber-baddies no matter where they may come from or what their motives might be \u2013 you\u2019re left with just one company: KL! (Which reminds me of something Napoleon Hill once said: \u2018The ladder of success is never crowded at the top\u2019.) Well it\u2019s no wonder we\u2019re in a lonely position (at the top of the ladder): maintaining that unwavering commitment to expose literally anyone is waaaaay more expensive than not maintaining it. And it\u2019s waaaay more troublesome given the ongoing geopolitical upheavals of late, but our experience shows it\u2019s the right thing to do \u2013 and users confirm this with their wallets<\/a>.<\/p>\n A cyber-espionage operation is a very long, expensive, complex, hi-tech project. Of course, the authors of such operations get very upset and annoyed when they get caught, and many think<\/a> that they try to get rid of \u2018undesirable\u2019 developers by using different methods via manipulation of the media<\/a>. There are other, similar theories too:<\/p>\n But I digress\u2026<\/p>\n Now, these cyber-espionage operations can remain under the radar for years. The authors take good care of their investments<\/span> kit: they attack just a few specially selected targets (no mass attacks, which are more easily detected), they test it on all the popular cybersecurity products out there, they quickly change tactics if the need arises, and so on. It\u2019s no stretch of the imagination to state that the many targeted attacks<\/a> that have been detected are just the tip of the iceberg. And the only really effective means of uncovering such attacks is with cyber-paleontology<\/a>; that is, long-term, meticulous collection of data for building the \u2018big picture\u2019; cooperation with experts from other companies; detection and analysis of anomalies; and subsequent development of protection technologies.<\/p>\n In the field of cyber-paleontology there are two main sub-fields: ad hoc investigations (after detecting something by chance and pursuing it), and systemic operational investigations (the process of planned analysis of the corporate IT landscape).<\/p>\n The obvious advantages of operational cyber-paleontology are highly valued by large organizations (be they state or commercial ones), which are always the primary target in targeted attacks. However, not all organizations have the opportunity or ability to undertake operational cyber-paleontology themselves: true specialists (for hire) in this niche line of work are few and far between \u2013 and they\u2019re expensive too. We should know \u2013 we\u2019ve plenty<\/a> of them all around the world<\/a> (with outstanding experience and world-renowned names). Thus, recently, given our strength in this field and the great need for it on the part of our corporate customers \u2013 true to the market principles of supply and demand \u2013 we decided to come up with a new service for the market \u2013 Kaspersky Managed Protection<\/em><\/a><\/em>.<\/p>\n Kaspersky Managed Protection, essentially, is our outsourcing of cyber-paleontology.<\/p>\n First, our cloud service collects metadata of network and system activity. This then gets aggregated with data from our KSN<\/a>; then all that is analyzed by both smart systems and cyber-paleontologists<\/span> experts (thus, the HuMachine<\/a> approach).<\/p>\n Back to the collection of metadata\u2026 \u2013 what\u2019s really cool about it is that Kaspersky Managed Protection doesn\u2019t require installation of extra sensors for the collection of metadata. The service works in unison with already installed products (in particular, Kaspersky Endpoint Security<\/a> and Kaspersky AntiTargeted Attack<\/a>; and in the future, potentially, other developers\u2019 products), whose telemetry it uses as the basis of its \u2018medical examination\u2019 > diagnosis > treatment prescription.<\/p>\n But more interesting is what\u2019s hidden in the aggregation with KSN data.<\/p>\n![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2018\/10\/08102125\/tweet_dino.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2018\/10\/08102133\/regin_dino.jpg\")
<\/a><\/p>\n