What is digital immunity and who has acquired it?

Recent articles

Eugene Kaspersky, CEO of Kaspersky, provided “golden” information on the digital immunity and cybersecurity scene and its future in an interview with the “Arab Technical News Portal”. He also spoke at length about the new KasperskyOS operating system, which is the first of its kind in the world.

* What are Kaspersky’s reasons for developing a new secure operating system? What is the nature of the difference between this and other secure operating systems on the market?

**The cyber threat landscape is becoming more complex and evolving from year to year, and today’s cybercriminals are more advanced than ever with their skills, determination and motivation, harming businesses with their captivating attacks, targeting various sectors including: health care, information and communication technology, financial services, industrial facilities, critical infrastructure, etc. Thus, there is no longer any safe sector that enjoys complete immunity at all.

In these dangerous circumstances, the traditional approach to cyber security in IT systems becomes less effective at some point, which justifies the importance of the urgent need to find new ways to improve IT security.

In response to these challenges, we have created a fundamentally new concept of protecting IT solutions, or what we can call “digital immunity”. And if cybersecurity is just a reactive measure, “digital immunity” can be defined as a secure proactive concept for any project.

Based on this, we developed Kaspersky’s digital immunity operating system, KasperskyOS, from scratch, which is a platform for building digital immunity products. Its architecture is based on the division of the various components into many isolated modules. Assuming that cybercriminals only gain access to one component, they will not be able to perform any malicious actions to affect system functioning in any way. And here lies the main difference and main advantage of KasperskyOS. To achieve digital immunity when relying on this system, solution developers have to follow a special methodology.

*Can you provide some examples of the types of critical infrastructure that could benefit from using KasperskyOS? What mechanisms does the system follow to address the unique security challenges?

**We are able to protect many critical infrastructure components, such as power plants, transportation systems, oil and gas facilities and much more.

Knowing that our current digital age involves the use of modern industrial facilities and is characterized by many smart digital devices. The more there are within a computer system, the lower the level of protection the system provides. Sometimes, these devices can act as access points to the entire IT system. Video cameras are the most common example.

Products and solutions based on the KasperskyOS operating system provide the answer you need. For example, Kaspersky IoT Security Gateway provides the necessary protection for the perimeter of any factory or for any specific unit within it, thus providing protection for all the different smart devices inside.

Kaspersky Secure Remote Workspace can also be used to protect the customer’s entire infrastructure, which means that it is not necessary to protect every single workstation.

*How does KasperskyOS use kernel microarchitecture to improve security levels and what are the benefits of this approach?

**The operating system microkernel is the primary component responsible for communicating between user applications and hardware.

KasperskyOS is based on a kernel developed by our company, written from scratch, and does not use Linux kernel code. When we look closely at the term “microkernel” itself, we find that it indicates that the most important system operating mechanisms are found only within the kernel, while the least important functions are found in ordinary applications.

This design makes it much easier; Because it ensures that the kernel code is free from bugs and vulnerabilities and that the attack surface is very limited. For comparison: a KasperskyOS microkernel consists of 100,000 lines of code, but a monolithic kernel can contain tens of millions of lines.

*How does the KasperskyOS security module work? And how does only approved code guarantee that it will run on the system?

** KasperskyOS components are divided into isolated security domains that cannot interact directly, but interact through the microkernel, and the Kaspersky security system monitors all these interactions and issues security judgments on each of them.

Any action not permitted by the security policy is blocked before being performed, and the default deny principle followed in this process allows you to create security policies that best meet your specific security objectives, while ensuring that processes that can present a clear risk to the system is blocked.

*Can KasperskyOS be used with other security products, such as firewalls and antivirus software, to provide a higher level of protection?

**Our operating system offers the ability to create IT systems, and while cybercriminals can affect one or more untrusted components, they may fail to launch an attack or impact the performance of critical functions within the system.

It is very unlikely to impact trusted components given a minimal and well-tested trusted calculation basis. Therefore, it is not essential to use antivirus software to ensure the basic level of security of the entire system.

We have designed our operating system especially for devices where it is not possible to install an antivirus, for example Kaspersky Secure Gateway 100, Kaspersky Secure Gateway 1000 or Kaspersky Thin Client.

How does Kaspersky plan to market and distribute its operating system? What kind of organizations are you targeting as potential customers?

**Our system is particularly useful for industrial and critical infrastructure sectors, where IT systems have higher requirements for cyber security, reliability and predictability.

In response, we started with Kaspersky IoT Infrastructure Security and then launched Kaspersky Secure Remote Workspace to secure remote workplaces. We are now developing a solution that can protect connected vehicles. We are also currently conducting extensive research that could lead to the porting of our operating system to mobile platforms.

We are focused on expanding our portfolio from smart city infrastructure and industry to peripherals and connected transportation. Therefore, the range of clients we deal with is increasingly diverse, along with their base.

At the same time, we do not fail to work to expand our network of partners in the technology sector, because together we build products based on this system.

As a software company, we are always looking for hardware suppliers to build long-term strategic partnerships. For example, last year we signed a Memorandum of Understanding with Centerm, the world’s leading manufacturer of thin clients.

We also see our partnerships with enterprise software vendors as one of our top priorities, recognizing the important role that applications play in the functionality of digital immunity solutions. The more hardware platforms and applications of security technologies designed by Kaspersky, the more opportunities there are to tailor them to the specific requirements of our local customers.

* What kind of training or support will be available to organizations that rely on KasperskyOS? What are the experiences required to manage the system?

**Customers don’t just use KasperskyOS, they choose solutions that especially meet their cybersecurity needs. We believe the market is ready for solutions within the digital immunity system.

Not only that, but we see a high demand for solutions that are easy to use and implement, yet demonstrate a very high level of safety and security. Users seek protection from cyberthreats intuitively, not out of a need to fix security vulnerabilities as they are discovered.

We believe “digital immunity” is the best way to achieve both of these goals.

*How did Kaspersky ensure the integrity and security of its KasperskyOS operating system during the development process? And what kind of tests did you do to verify its safety features?

**The original code of this system is constantly subjected to various types of tests, including obfuscation, an automated software testing technique involving incorrect, unexpected or random data. On the other hand, some of the most important components are subject to formal verification and validation of security models.

The code is also subjected to static and dynamic analysis, we conduct regular penetration tests and we also plan a bounty program to encourage bug-finding.

.vjs-texttrack-settings {display: none;}

*What kind of feedback have you received from early adopters of KasperskyOS? And what results have they documented, in terms of improving security and protecting against cyber attacks?

** We are not talking about adopting our operating system as it is, but about those who have adopted products and solutions based on it, or who have already tested it.

For example, we receive feedback from customers using Kaspersky IoT Secure Gateway 100 and Kaspersky Secure Gateway 1000, which securely collect domain data and then transmit it to digital platforms, so customers always have a complete and reliable picture of own devices and production processes. They can use this knowledge to create new business models, perform the best maintenance, without incidents… and much more.

Coupled with the network security capabilities offered by our gateways, customers are assured of cyber security of both data and infrastructure, services highly valued by our customers.

*How does Kaspersky intend to continue to innovate and improve its KasperskyOS operating system, so that it can respond to ever-evolving cyber threats and the changing needs of critical infrastructure systems?

**Our operating system KasperskyOS is a platform for building “digital immunity” products and this is done following a specific methodology. These products have “inherent” protection against most types of cyberattacks. In fact, by taking the “digital immunity” approach, we’ve gone from virus models to fighting them, and from vulnerabilities to patching them,” and we consider that a real achievement.

Our goals can be summarized as follows:

(1) Offering our KasperskyOS operating system as a platform for building products in a broad range of industries with advanced cybersecurity requirements.

(2) Highlight our strengths.

and (iii) emphasizing the fact that building “digital immunity” products on our operating system may be less expensive than similar secure designs using other specialized operating systems of the previous generation.

Thanks to our collaboration with our technology partners, we have already completed the first commercial releases, while we continue to explore new opportunities.

We believe Kaspersky’s “Digital Immunity” approach represents the future of cybersecurity, building the next-level foundation to ensure protection and security in the digital world.

Leave a Reply