Empowering Cyber Defenses: Kaspersky's Cyber Immunity Conference Unveils Next-Gen Concept

In today's cyber landscape, where threats are prevalent and vulnerabilities are widespread, Kaspersky is recognized for its commitment to enhancing digital resilience and combating these challenges.

At the core of Kaspersky's efforts is the concept of ‘Cyber Immunity’, a pioneering approach that was introduced at the Cyber Immunity Conference held at Dubai's Museum of the Future. The event brought together cybersecurity experts, scientists, business leaders, and government officials from more than 20 countries to exchange insights on the evolving cyber threat landscape and recognize the inaugural Cyber Immunity Champions.

Durov's Code had the privilege of participating in the conference and engaging in a thought-provoking discussion with Andrey Suvorov, Global Director of KasperskyOS Business Unit, where we explored the intricacies of Cyber Immunity and its potential impact on digital security.

Join us as we delve into the key themes from the conference and our conversation with Andrey Suvorov, unraveling the complexities of Cyber Immunity and its significance for the future of digital security.

-  As one of Kaspersky's main goals has always been and continues to be raising awareness of the importance of cybersecurity, today you introduced the new concept of 'Cyber Immunity.' Could you tell us what cybersecurity means to you?

Andrey Suvorov: For 27 years, Kaspersky has successfully protected various operating systems and solutions. By monitoring more than 400,000 new malicious samples per day for Windows, Linux, and MacOS, we have gained deep insights into vulnerabilities. Our extensive experience has led us to recognize limitations in traditional operating systems in terms of protection against viruses, phishing, and vulnerabilities. We aim to revolutionize this by introducing a new solution that will eliminate over 90% of these vulnerabilities.

Despite recognizing the need for change, we are also aware that transitioning to a new operating system would impact our current product portfolio. In a market crowded with over 33,000 cybersecurity companies, we are contending with intense competition. For operating systems, we have 90 competitors (companies that produce and develop OS). Now, feel the difference between 30,000 and 90. This is an elite club, about 14 out of 90 are true competitors, and others are trying to imitate operating systems. Our company decided to be among the top ten of these operating system players. Because we did not reshape, reengineer, and change some existing OS, we did create it from scratch.

Cyber Immunity is our new term, and we believe that in the future, Cyber Immunity will be a general term for many companies. Like it is for 5G, quantum computing, and artificial intelligence. It’s for everyone, but for everyone who can invest and who can understand. We want to establish a new market for Cyber Immunity.

-  It seems that Cyber Immunity is not quite the same as a vaccine. When it comes to business and other technologies, how to achieve Cyber Immunity and most importantly, how to strengthen it afterwards?

Andrey Suvorov: Yes, you’re right, but partially. Cyber Iimmunity is not equal to human immunity. It represents a marketing and technological approach to ensuring our systems remain impervious to new, unknown threats. In our context, Ccyber Iimmunity means we remain resilient against whatever threats hackers might invent and unleash on our digital solutions tomorrow. However, it's crucial to recognize that while we emphasize prevention, we still value top cybersecurity measures. This entails developing new prohibitions and components to address emerging threats.

Unlike human immunity, which allows for recovery from unknown threats, Cyber Immunity focuses on prevention rather than recovery. While we strive for a future where Cyber Immunity includes the ability to recover from attacks, we currently stand out from other cybersecurity companies in our ability to withstand unknown threats.

-  What is the main difference between cyber security and Cyber Immunity?

Andrey Suvorov: Cybersecurity provides an approach that protects existing vulnerabilities and threats. Everything that is not protected by these components requires new development and new investment. It has limitations because if we have a small digital device, which will be equipped with 5, 10, and 15 cybersecurity components, it will execute only cybersecurity functions, not useful workloads.

Cyber Immunity, on the other hand, has no on-top cybersecurity components but has a set of security policies. A device designed and developed with Ccyber Iimmune principles will follow only these strict security policies. As I said, we don’t care about what threats or new techniques are developed by hackers; we will only execute these rules and policies.

-  Explain the process behind selecting the frameworks for your cybersecurity solution. How do these frameworks contribute to the development of your Cyber Immunity technology?

Andrey Suvorov: For the first time in the history of real implementations, we have separated business logic from cybersecurity by adopting the Flask methodology and framework to incorporate a specific security monitor. In our case, we have developed the Kaspersky security system, which serves as a security policy engine. After evaluating various international frameworks, technical research, and scientific studies, we selected three and designed our own microkernel operating system.

Firstly, TCB, or Trusted Computing Base, utilizes a microkernel approach, which means that our operating system is based on a very small code base on microcode. Notably, Google with Fuchsia and Huawei with Harmony have also pursued this direction, prompting Kaspersky to adopt microeconomics.

Secondly, MILS, or Multiple Independent Levels of Security, involves isolating each digital solution component into distinct domains. Let's consider a practical example. Suppose we're designing a video camera with a Linux analytic operating system. By implementing MILS, we compartmentalize components such as the camera lens and internal program into distinct domains. This isolation ensures that each component communicates exclusively with the microkernel, minimizing vulnerabilities. For instance, it prevents the camera from being exploited for unintended purposes like serving as a mail server or a Bitcoin miner.

The third aspect involves establishing stringent security policies, validated by a high-privileged microkernel component. These policies dictate the functionality of each component, such as ensuring a camera operates solely as intended. We aim to prevent vulnerabilities at the operating system level, contrary to traditional cybersecurity methods focused on addressing existing threats. By adhering strictly to predetermined security policies, we remain resilient to emerging threats. This approach led us to develop our microkernel operating system, integrating elements from selected frameworks like TCB and MILS.

-  Could you provide examples of companies that currently have achieved that level of Cyber Immunity?

Andrey Suvorov: I mentioned that Google and Huawei are betting on microkernels, but they don’t use MILS and Flask as a complete solution. Every framework, TCB, MILS, and Flask, was not designed and developed by us. There are a huge number of strong teams that apply different proofs of concept for microkernels, but it’s not about business; it is still some research. We are the only one who provides a commercial product. Currently, we have four directions for commercial products: IoT gateways, automotive gateways, Thin Client, and controller of a smartphone.

-  Let’s talk about KasperskyOS. What are the main benefits of KasperskyOS comparing it to iOS and Android?

Andrey Suvorov: Let me be more precise with Android because currently, we don’t compete with iOS. Android is based on an open-source and Linux model; this is a monolithic operating system. Monolithic OS means that there's a big size of code and a higher probability of mistakes because people develop programs, they can make mistakes. To compare, our microkernel, our operating system for IoT applications has a size of 100,000 lines of code, while the same open-source as Android has 27 million lines of code.

If you have a big size of the program like an operating system, and if there is some vulnerability inside, we have a chance that they will come back again. It means that if you get this vulnerability within a big operating system, you can easily bypass all protection. In our case, it’s not possible because we have a much smaller size of the operating system. And if you may identify a vulnerability in some component, it will be blocked and isolated. So it’s different behavior of the operating system.

-  How are you dealing with open source?

Andrey Suvorov: We have a different architecture of the operating system with the microkernel and isolated domains. This means we need to make some adjustments. For instance, if we need to migrate a Linux-based application, we must ensure it aligns with our architecture, but from another perspective. We will eliminate all cybersecurity functions from this component because we put all security policies separately. We don't need to spend time and money developing different points within the business logic code anymore. It will incur some additional costs to migrate, but as is usually said, depending on the software, we may experience a 5-10 percent degradation or spend more time. However, we have a special Linux compatibility component for migration, so it's not a big issue.

-  Speaking of the UAE market, has there been any interest in your OS from UAE companies? If so, could you share some examples?

Andrey Suvorov: Yes. For example, today we signed a memorandum with Moro Hub (UAE), which is the digital branch of DEWA, the Dubai Electricity and Water Authority. And of course, at first, when we started discussions with DEWA, we understood what the main points were, how we could help manage such infrastructure, and it is exactly about the necessity to think about Cyber Immunity.

If you’re managing every tree, pipe, and every hatch in the city, every air conditioning unit in a business center, you are so happy to reduce the surface of attacks and you are so happy to pay less for future threats. It creates a big opportunity.