Nota Bene

Hi folks!

As you’ll probably have noticed, the news stream around our small (but very technologically progressive) IT company has of late turned into a veritable Iguazu Falls. But that doesn’t prevent good news coming down that stream too – apolitical, technological, and based on named sources ). So here’s some of just that: the latest bit of good news…

There are several large and respected research agencies in the world, and Gartner is one of them. It’s known most of all for its expert assessments of how well vendors manufacture IT equipment and software: how well their products meet the needs of their customers and help them deal with problems.

Some time ago Gartner decided to add to its already multi-faceted evaluations another important dimension: the opinion of customers themselves. This was to make the overall ratings yet more accurate and objective and thus more practically useful. Thus, a little over a year ago Gartner announced its new peer review program – Gartner Peer Insights – in which business customers could voluntarily and anonymously (that is, being able to say absolutely anything they might not be happy about without the risk of any negativity boomeranging back at them) rate the products of different developers. And that includes ‘Endpoint Protection Platforms’.

Gartner approached adding this new facet to its analysis very seriously. Gartner Peer Insights hopes to “transform the way enterprise software is bought and sold by creating another source of trusted information in the software buying process. Gartner’s review platform is a place for all IT buyers to find advice they can trust from fellow IT professionals. Gartner Peer Insights includes more than 40,000 verified reviews in more than 190 markets. For more information, please visit www.gartner.com/reviews/home.”

Collecting and collating all the feedback took a year, while our industry – of course including us – eagerly awaited the results. In order to win, the vendor must have at least one product designated by research analysts as relevant to the market, and the vendor must have 50 or more reviews published during the submission period (12 months). To ensure that the awards are given to vendors who represent the Peer Insights’ end user base, vendors are eligible for Gold, Silver or Bronze awards subject to three criteria: 1) Maximum 75% of the deployments reported by the reviewers from non-North America regions; 2) Maximum 75% of reviews from one industry; and 3) Maximum 50% of reviews from non-enterprise end users. ‘Enterprise end user’ is defined as the reviewer’s company size being >$50M USD. If vendors qualify for the award but don’t meet the three criteria above, they may still be eligible for an honorable mention for their focus.

Read on: The real litmus test…

Hi folks!

I think it’s always possible – if you try hard enough – to be able to find something good in a bad situation.

The recent negative campaign against KL in the U.S. press hasn’t been pleasant for us, but we have tried hard – and found – some good things: it allowed us to make certain curious observations and deductions, and also gave a magic kick up the proverbial on planned KL business initiatives that never really came to anything long ago – one of which initiatives I’ll be telling you about in this post.

The cybersecurity business is based on trust: trust between users and the developer. For example, any antivirus, in order to do its job – uncover and protect against malware – uses a number of technologies that require broad access rights to users’ computers. If they didn’t have them, they’d be defunct. But it can’t be any other way: the cyber-bandits use all available methods to be able to penetrate computers to then lodge their malware in those computers’ operating systems. And the only way to be able to detect and smoke that malware out is to have the same deep system access privileges. Problem is, such a truism also acts as fertile ground for all sorts of conspiracy theories in the same vein as the old classic: ‘antivirus companies write the viruses themselves’ (with that kind of reasoning I dread to think what, say, the fire service or the medical profession get up to themselves when not putting out fires and treating the sick). And the latest theory growing out of that fertile ground is the one where a cyber-military has hacked our products and is spying on another cyber-military via those same products.

There are three things that all the separate U.S. media attacks on KL have in common: (i) a complete lack of evidence provided as a basis for their reports; (ii) use of only anonymous sources; and (iii) the most unpleasant – abuse of the trust relationship that necessarily exists between users and us. Indeed, it has to be admitted that that trusting relationship – built up over decades – has alas been impaired. And not just for KL, but the whole cybersecurity industry – since all vendors use similar technologies for providing quality protection.

Can this crisis of trust be overcome? And if so – how?

It can. And it must. But it needs to be done only by taking specific, reasoned steps that technically prove how trust is, in fact, being threatened by nothing and no one. Users, just as before, can trust developers – who always have, currently have, and will always have, one single mission: protecting against cyberthreats.

We’ve always been as open as possible with all our plans and undertakings, especially technological ones. All our key tech is documented to the fullest (falling short of revealing trade secrets) and publicly cataloged. Well a few days ago we went one step a huge leap even further: we announced our Global Transparency Initiative. We did so to dispel any remaining doubts as to the purity of our products, and also to emphasize the transparency of our internal business processes and their conformity to the highest standards in the industry.

So what are we actually going to do?

First, we’ll be inviting independent organizations to analyze the source code of our products and updates. And they can analyze literally everything – right down to the last byte of the very oldest of our backups. The key word here is independent. Closely behind it is another key word: updates; the analysis and audit won’t be just of the products but the equally important updates as well.

Second, we’ll have a similarly independent appraisal of (i) our secure-development-lifecycle processes and software, and (ii) our supply-chain risk-mitigation strategies that we apply in delivering our products to the end user.

Third, we’ll be opening three Transparency Centers – in the U.S., Europe and Asia – where customers, partners and government representatives can get exhaustive information about our products and technologies and conduct their own analyses and evaluations.

And that’s only the start of it. We’ve plenty more plans to become even more transparent – as transparent as air (and no jokes please about pollution or smog in large cities:). We’re only just kicking off this project, but we’ll be regularly sharing with you more as we go along. Stay tuned…

PS: If you have any ideas, suggestions or other comments – do let us know, here.

Hi folks!

Ok. After yesterday’s brief female topic, today, logically… yes – you’ve read the title of this post.

No, this isn’t locker room talk. Nor is it about football, or fishing, or fast cars… Not even about beer or (computer) gaming. Nope, it’s about a particularly curiously shaped Danxia rock formation. Yes – it’s about 阳元石, or Male Rock!

Oh my Guangdong! So this will be another 18+ rated blogpost!

Read on: Keep your sniggering to yourself, children…

The Danxia Range of rocky outcrops in Goangdong, China, is so insanely beautiful that it for sure deserves inclusion in my Top–100 Must-See Places in the World. Massive lumps of red rock with vertical sides some several hundred meters high, scattered over a territory stretching some 10×15 kilometers.

Our first glimpse of Danxia came early morning, when none of the redness is visible; actually, there was redness, but only of the sensational skies as the sun came up. Then the redness gets bizarrely transferred to the rocks, which we set off to get closer to…

If ever you fancy getting here yourself, be warned: checking out all the beautifulness here entails a lot of walking – and that includes a lot of ups and downs on steep steps. In a day you could be looking at some 15 to 20 kilometers. Then you need to take into account the extreme climatic conditions too. Not only can it be 28-35 degrees Centigrade, it also gets horrendously humid. But what else do you expect in the tropics?! Just make sure to wear breathable sporty kit for your trekking; regular cotton shorts and t-shirts just get soaked through (even breathable kit gets soaked too, but it’s much more bearable somehow).

Read on…

Hi folks!

Herewith, I continue may tales from the Chinese side…

As per the template, this won’t be a simple photographic mini-series with explanations of the pics, but also a how-to guide for folks who might want to visit the place one day themselves, which, as is often the case, I heartily recommend.

Today I start with the Danxia landforms. Now, Danxia in Chinese means ‘red hills’; that is, any hills that happen to be red or reddish-colored. And in China there are dozens of different sets of red hills all over the southeast, southwest and northwest of the country. However, there is a specific Danxia Shan – Mount Danxia (confused?!). I wonder what came first – the egg or the chicken Danxia – the mount, or Danxia – the general term for red rock formations in China? The internet returns contradicting results. And locals don’t seem to know themselves. In short: one of China’s many mysteries.

Btw, Danxia is pronounced ‘Dansya’. Danxia isn’t an English term; it’s Chinese in the Latin alphabet – pinyin. There!

So, where do I begin my narrative? There are so many options – so much to show. Ok, let’s keep it simple and logical – let’s start with the break of dawn…

Read on…

Hi folks!

I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.
Read on

Howdy folks!

Now, you know I’ve a soft spot for cliffs…

…So you can imagine my rapture upon arriving at these here beauties – the Danxia rocks in China. But, ohhh was it hot – 35 degrees Centigrade and tropically humid. Harder to take than a sizzling sun in the desert!

This somewhat… odd shaped formation is called… Male Rock )).

The formation above is called… Teapot! The fable goes something like this: there were two sisters who brewed up some too-weak tea for some companions, then something happened to them. That’s all I recall. Anyway, the moral to the legend is, kids – never be mean when adding the loose-leaf tea to the teapot for guests…

This is just the appetizer folks. As per custom – a lot more to come…

Hi folks!

The other week we had our annual conference on industrial security – our fifth: our first jubilee. Hurray!

This year it was a truly international event, with many of the speakers giving their presentations in English (since they knew no Russian:). In all there were ~300 participants from 170 companies! Thanks to all sponsors and partners, especially:

• SAP – general partner
• Rostelecom – IoT partner
• MARSH – cyber-insurance partner

And thanks to everyone else too whose names you can find at the above link.

Read on: Most interesting bits…

In recent years there’s been all sorts written about us in the U.S. press, and the article last Thursday in the Wall Street Journal at first seemed to be just more of the same: the latest in a long line of conspiratorial smear-articles. Here’s why it seemed so: according to anonymous sources, a few years ago Russian government-backed hackers, allegedly, with the help of a hack into the product of Your Humble Servant, stole from the home computer of an NSA employee secret documentation. Btw: our formal response to this story is here.

However, if you strip the article of the content regarding alleged Kremlin-backed hackers, there emerges an outline to a very different – believable – possible scenario, one in which, as the article itself points out, we are ‘aggressive in [our] methods of fighting malware’.

Ok, let’s go over the article again…

In 2015 a certain NSA employee – a developer working on the U.S. cyber-espionage program – decided to work from home for a bit and so copied some secret documentation onto his (her?) home computer, probably via a USB stick. Now, on that home computer he’d – quite rightly and understandably – installed the best antivirus in the world, and – also quite rightly – had our cloud-based KSN activated. Thus the scene was set, and he continued his daily travails on state-backed malware in the comfort of his own home.

Let’s go over that just once more…

So, a spy-software developer was working at home on same spy-software, having all the instrumentation and documentation he needed for such a task, and protecting himself from the world’s computer maliciousness with our cloud-connected product.

Now, what could have happened next? This is what:

Malware could have been detected as suspicious by the AV and sent to the cloud for analysis. For this is the standard process for processing any newly-found malware – and by ‘standard’ I mean standard across the industry; all our competitors use a similar logic in this or that form. And experience shows it’s a very effective method for fighting cyberthreats (that’s why everyone uses it).

So what happens with the data that gets sent to the cloud? In ~99.99% of cases, analysis of the suspicious objects is done by our machine learning technologies, and if they’re malware, they’re added to our malware detection database (and also to our archive), and the rest goes in the bin. The other ~0.1% of data is sent for manual processing by our virus analysts, who analyze it and make their verdicts as to whether it’s malware or not.

Ok – I hope that part’s all clear.

Next: What about the possibility of hack into our products by Russian-government-backed hackers?

Theoretically such a hack is possible (program code is written by humans, and humans will make mistakes), but I put the probability of an actual hack at zero. Here’s one example as to why:

In the same year as what the WSJ describes occurred, we discovered on our own network an attack by an unknown seemingly state-sponsored actor – Duqu2. Consequently we conducted a painstakingly detailed audit of our source code, updates and other technologies, and found… – no signs whatsoever of any third-party breach of any of it. So as you can see, we take any reports about possible vulnerabilities in our products very seriously. And this new report about possible vulnerabilities is no exception, which is why we’ll be conducting another deep audit very soon.

The takeaway:

If the story about our product’s uncovering of government-grade malware on an NSA employee’s home computer is real, then that, ladies and gents, is something to be proud of. Proactively detecting previously unknown highly-sophisticated malware is a real achievement. And it’s the best proof there is of the excellence of our technologies, plus confirmation of our mission: to protect against any cyberthreat no matter where it may come from or its objective.

So, like I say… here’s to aggressive detection of malware. Cheers!

Hi folks!

Herewith, my final post on Iguazu! All good things come to an end…

On our last day at Iguazu the sun came out to play – for the first time while we were there. This is quite normal, of course, but what was less normal was how the clear skies (no rain) that began the previous night led to the water levels falling by more than two meters! Haven’t seen that often. Have a look for yourself:

Read on: Dry season and floods…