Notes on Kaspersky
InfosecI’ve been asked a lot recently on my opinion regarding Kaspersky, and whether or not they can be considered a trusted player in the cybersecurity field. Obviously recent events in Ukraine have caused IT departments all over the world to re-evaluate their decision to rely on Kaspersky, but this isn’t a new issue. In IT, we’ve been discussing the possible risks with Kaspersky since before the Crimea annexation.
If you’re looking for a clear answer, sorry to disappoint. I can’t do the risk assessment for you. But I can give you my thoughts based on having worked closely with the company for some years.
Kaspersky get a bad reputation for being Russian, but they’ve consistently done everything possible to prove to Western markets that they attempt to keep the Kremlin out of their affairs. Do they succeed? Maybe, maybe not. But when it comes the threat intel from Eastern Europe/Russia, their reports, code analysis and contributions to the cyber security industry, their work is some of the best in the world.
Some of the best engineers I’ve worked with are from Kaspersky, and they routinely attempt to distance themselves from the government, such as hosting various parts of their infrastructure in other countries, allowing visitors, code reviews and obtaining western certifications.
I suspect Russia have been trying to breach Kaspersky for years, both technically and politically - and Kaspersky keep pushing them out. But now more than ever, Russia may be using all possible methods to tap into western resources, including a company that already has a strong foothold over many organisations.
While governments have been quick to ban the company, very little evidence actually exists of collaboration between the Kremlin and Kaspersky. There’s been rumours, and leaked documents which may or may not provide the right context for this issue, but for the most part, it’s based on possible connections which may or may not exist. Unless you’re Critical National Infrastructure, I wouldn’t recommend ending your contract early just yet. Especially if you’ve not determined a suitable alternative.
Of course there’s the moral issue as well (being a Russian company). We’re going to steer clear of that here at The Serpent since there’s plenty of other websites giving their two cents on that issue. But I will say one thing; Given all the hard work Kaspersky have put in attempting to be a transparent company - it would go a long way for them to acknowledge the terrible actions Russia is taking against Ukraine, to speak up - and truly show the west that they have their own voice.