wonderfully unique software solutions

Kaspersky fights supply chain threats to developer tools in hybrid cloud environments

Kaspersky’s hybrid cloud security offering now boasts protection for supply-chain attacks on software development tools including protection for containers, as well as image and repository scanning capabilities for continuous integration and delivery pipelines (CI/CD).

In addition, there’s now integration with Google Cloud, supporting the increasing number of businesses in the public cloud.

Andrey Pozhogin, senior product marketing manager at Kaspersky, explained that continuous software development requires a specific approach to cybersecurity that may not have always been considered.

“To stay nimble, devops may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey,” Pozhogin said. “However, it is important to leverage containers securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases.”

Kaspersky Hybrid Cloud Security helps businesses solve this challenge, enabling IT security and devops to cooperate. The solution provides tools for devops that don’t affect their processes. i

“It helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered,” said Pozhogin.

An example of a supply-chain attack that affects software development might be when a malicious piece of code is added to legitimate software. This method was used in a ShadowPad attack where a backdoor was embedded into the code library of a popular business-software product.

Supply-chain attacks also strike open-source repositories, such as when Docker Hub found 17 backdoored container images, or when RubyGems caused users to download 725 malicious packages nearly 100,000 times, according to Kaspersky.

Essential tools of this sort can be hard to find, Kaspersky said in its announcement, because of the technical difficulty of validating the integrity of fast-changing development environments on-demand. Additionally, devops needs flexibility and time-to-market should be fast.

Devops teams should still be able to scale cloud workloads up and down, or use different open source tools.

Meanwhile, Docker containerisation environments can benefit from granular antivirus scanning, while public repositories and supply chains are safeguarded across a range of cloud workloads, such as AWS, Azure and now Google Cloud as well.

View Kaspersky case studies

Reviewer rates Kaspersky – vs Norton

Kaspersky has long held a strong reputation for its range of internet security products, as well as its innovation hub and threat intelligence. Gartner’s Peer Insights reviewers gave its hybrid cloud security offerings a full five stars this year.

Proficient Blogging tech reviewer Umair Anwar ranked Kaspersky against Norton for features and function for 2020 – with Kaspersky leading overall.

The bottom line? “Both Kaspersky and Norton offer a diverse range of antivirus suites to match your protection needs,” wrote Anwar. “However, Kaspersky is a better option than Norton as its security suites not only offer more security-related features and utilities but also provide better malware protection.”

Anwar noted also that it was surprising that even in today’s mobile/remote working business environment, Norton had not yet added file shredder, hardened web browser, and webcam protection to even the top-of-the-line Norton plans.

Both Kaspersky and Norton have a good user interface and are light on system resources, but Kaspersky is slightly better than Norton when it comes to resource use, he went on to add.

Kaspersky is currently promoting a bundled offer. Distributors in the UK include GNR.

Recent Articles

Responsibility shifts towards vendors with US National Cybersecurity Strategy

The US government has called for aggressive regulation as part of its National Cybersecurity Strategy for 2023, ITops company Automox has warned.

Four critical challenges for cybersecurity provision in 2023

Skill sets, AI, co-operation, and climate have become the critical challenges for cybersecurity provision this year, according to Europe-based IT/OT security software...

Snow adds certifications to partner programme to drive Atlas sales

Technology intelligence software platform Snow Atlas has achieved ISO 27001 certification and completed the Service Organisation Control (SOC) 2 Type 1 examination...

Arista says edge threat defences could have safeguarded Tallahassee health

Tallahassee Memorial Health might not have been disrupted in February, requiring systems downtime and patient inconvenience, had it deployed strong edge threat...

OpenText Cloud Editions aim for accelerated AI and digital transformations

Information software company OpenText has whipped the covers off its Cloud Editions (CE) 23.1, which it says will support AI adoption and...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox