Kaspersky’s hybrid cloud security offering now boasts protection for supply-chain attacks on software development tools including protection for containers, as well as image and repository scanning capabilities for continuous integration and delivery pipelines (CI/CD).
In addition, there’s now integration with Google Cloud, supporting the increasing number of businesses in the public cloud.
Andrey Pozhogin, senior product marketing manager at Kaspersky, explained that continuous software development requires a specific approach to cybersecurity that may not have always been considered.
“To stay nimble, devops may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey,” Pozhogin said. “However, it is important to leverage containers securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases.”
Kaspersky Hybrid Cloud Security helps businesses solve this challenge, enabling IT security and devops to cooperate. The solution provides tools for devops that don’t affect their processes. i
“It helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered,” said Pozhogin.
An example of a supply-chain attack that affects software development might be when a malicious piece of code is added to legitimate software. This method was used in a ShadowPad attack where a backdoor was embedded into the code library of a popular business-software product.
Supply-chain attacks also strike open-source repositories, such as when Docker Hub found 17 backdoored container images, or when RubyGems caused users to download 725 malicious packages nearly 100,000 times, according to Kaspersky.
Essential tools of this sort can be hard to find, Kaspersky said in its announcement, because of the technical difficulty of validating the integrity of fast-changing development environments on-demand. Additionally, devops needs flexibility and time-to-market should be fast.
Devops teams should still be able to scale cloud workloads up and down, or use different open source tools.
Meanwhile, Docker containerisation environments can benefit from granular antivirus scanning, while public repositories and supply chains are safeguarded across a range of cloud workloads, such as AWS, Azure and now Google Cloud as well.
Reviewer rates Kaspersky – vs Norton
Kaspersky has long held a strong reputation for its range of internet security products, as well as its innovation hub and threat intelligence. Gartner’s Peer Insights reviewers gave its hybrid cloud security offerings a full five stars this year.
The bottom line? “Both Kaspersky and Norton offer a diverse range of antivirus suites to match your protection needs,” wrote Anwar. “However, Kaspersky is a better option than Norton as its security suites not only offer more security-related features and utilities but also provide better malware protection.”
Anwar noted also that it was surprising that even in today’s mobile/remote working business environment, Norton had not yet added file shredder, hardened web browser, and webcam protection to even the top-of-the-line Norton plans.
Both Kaspersky and Norton have a good user interface and are light on system resources, but Kaspersky is slightly better than Norton when it comes to resource use, he went on to add.
Kaspersky is currently promoting a bundled offer. Distributors in the UK include GNR.