wonderfully unique software solutions

Kaspersky fights supply chain threats to developer tools in hybrid cloud environments

Kaspersky’s hybrid cloud security offering now boasts protection for supply-chain attacks on software development tools including protection for containers, as well as image and repository scanning capabilities for continuous integration and delivery pipelines (CI/CD).

In addition, there’s now integration with Google Cloud, supporting the increasing number of businesses in the public cloud.

Andrey Pozhogin, senior product marketing manager at Kaspersky, explained that continuous software development requires a specific approach to cybersecurity that may not have always been considered.

“To stay nimble, devops may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey,” Pozhogin said. “However, it is important to leverage containers securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases.”

Kaspersky Hybrid Cloud Security helps businesses solve this challenge, enabling IT security and devops to cooperate. The solution provides tools for devops that don’t affect their processes. i

“It helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered,” said Pozhogin.

An example of a supply-chain attack that affects software development might be when a malicious piece of code is added to legitimate software. This method was used in a ShadowPad attack where a backdoor was embedded into the code library of a popular business-software product.

Supply-chain attacks also strike open-source repositories, such as when Docker Hub found 17 backdoored container images, or when RubyGems caused users to download 725 malicious packages nearly 100,000 times, according to Kaspersky.

Essential tools of this sort can be hard to find, Kaspersky said in its announcement, because of the technical difficulty of validating the integrity of fast-changing development environments on-demand. Additionally, devops needs flexibility and time-to-market should be fast.

Devops teams should still be able to scale cloud workloads up and down, or use different open source tools.

Meanwhile, Docker containerisation environments can benefit from granular antivirus scanning, while public repositories and supply chains are safeguarded across a range of cloud workloads, such as AWS, Azure and now Google Cloud as well.

View Kaspersky case studies

Reviewer rates Kaspersky – vs Norton

Kaspersky has long held a strong reputation for its range of internet security products, as well as its innovation hub and threat intelligence. Gartner’s Peer Insights reviewers gave its hybrid cloud security offerings a full five stars this year.

Proficient Blogging tech reviewer Umair Anwar ranked Kaspersky against Norton for features and function for 2020 – with Kaspersky leading overall.

The bottom line? “Both Kaspersky and Norton offer a diverse range of antivirus suites to match your protection needs,” wrote Anwar. “However, Kaspersky is a better option than Norton as its security suites not only offer more security-related features and utilities but also provide better malware protection.”

Anwar noted also that it was surprising that even in today’s mobile/remote working business environment, Norton had not yet added file shredder, hardened web browser, and webcam protection to even the top-of-the-line Norton plans.

Both Kaspersky and Norton have a good user interface and are light on system resources, but Kaspersky is slightly better than Norton when it comes to resource use, he went on to add.

Kaspersky is currently promoting a bundled offer. Distributors in the UK include GNR.

Recent Articles

N-able rebrands RMM as N-sight – targeting IT teams and emerging MSPs

N-able has relaunched its RMM remote monitoring and management as N-able N-sight RMM, with a view to attracting more IT departments and...

Stormshield and partners warn of cybersecurity risks to Paris 2024

Giant global events -- such as the Paris 2024 Olympic Games -- can expect to continue to be targeted by cyber criminals...

Usecure builds security awareness focus, adds platform functionalities

MSP-focused security vendor Usecure is continuing to expand the capabilities of its human risk management focused software for partners.

Phishing attacks still plague common file types, Hornetsecurity warns

Phishing via archive, HTML, Excel or PDF files remain the leading email-based cyber attack on organisations, according to cybersecurity specialists at Hornetsecurity.

How TechSmith video-based learning can boost diversity and inclusion

When Hillsborough Community College in the USA wanted to create a remote-learning platform to assist students who use sign language, it turned...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox