Kaspersky Lab is Russian in origin and is still majority-owned by its Russian founder. However, the company should now be regarded as a multi-national rather than a Russian business. The parent company of the group is officially resident in the United Kingdom and much of the research team originally based in Russia has now been moved to Switzerland.
The company’s commercial success was severely damaged in 2017 when the US Department of Homeland Security accused it of assisting the espionage efforts of Russia’s secret service, the FSB. These accusations were never brought to court.
Despite playing a major role over the last decade in uncovering incidences of state-sponsored cyber-attacks, the company’s products are now regarded with contempt in the West. Its software has been banned from US government departments.
CrowdStrike was founded as a cybersecurity consultancy in 2011. It moved into the software market in 2013 with the release of Falcon. The company has achieved fame by uncovering state-sponsored cyber-attacks. As a US-based company, CrowdStrike has prospered and its consultancy branch still attracts positive media attention, giving its brand a publicity boost.
Both companies are well known for their research and consultancy divisions, but Kaspersky is under pressure while CrowdStrike thrives. Let’s take a look at the endpoint protection software of each company.
Kaspersky Lab began operations in 1997. As an early player in the antivirus market, Kaspersky followed the business model of successful US AV enterprises by combining a heavy investment in virus identification research with the sale of AV software. Symantec and McAfee both have the same business model as Kaspersky, using research labs to provide virus databases for its AV products and also to attract media attention, reinforcing their brands.
The history of Kaspersky’s antivirus software pre-dates the company’s creation. Eugene Kaspersky created his own antivirus system in 1989 while working for another company. That system evolved into AntiViral Toolkit Pro (AVP), which was released in 1992. When Kaspersky took the software into his own company, he renamed AVP as Kaspersky Anti-Virus.
Once Kaspersky went independent with his own company, his name, now carried by the business and its key product began to attract media attention outside of his native Russia. Kaspersky grew to become Europe’s largest cybersecurity software provider. Eugene Kaspersky still leads the company.
The business version of Kaspersky Anti-Virus is called Kaspersky Endpoint Security. The company produces anti-virus software for small businesses, which is called Kaspersky Small Office Security. Kaspersky Endpoint Security is aimed at medium-sized businesses. The endpoint protection software needs to be loaded onto each computer that is being defended. However, the systems administrator is able to monitor the performance of each instance through a central management console, which is called Kaspersky Security Center.
Like other traditional AV producers, Kaspersky overhauled its software to incorporate extra protection measures. This has resulted in Kaspersky Endpoint Security being a suite of security software that operate simultaneously. The processes of the suite specialize in application, device, and web controls and also protect data and log files from theft or tampering.
The main elements in the suite are:
- Dynamic Whitelisting – a database created by the company’s central research lab which lists approved applications rather than looking for suspicious programs to block. The database includes 2.5 billion trusted programs. It reduces the incidences of zero-day attacks by blocking unknown software from launching.
- Host-based Intrusion Prevention System – the HIPS watches log files and event data stored on the protected device for signs of intrusion. These searches are able to spot and block manual hacker attacks that use valid software already resident on the device for malicious purposes.
- Behavior Detection – uses AI machine learning techniques to reduce the risk of “false positives” from disrupting the normal activities of the endpoint’s users.
- Adaptive Anomaly Control – this is a variation on Behavior Detection it focuses on learning the typical behavior of users. This enables the security system to spot when a user account gets hijacked by a hacker.
- Exploit Prevention – monitors known entry points of viruses, such as file downloads, infected Web pages, and USB devices. The prevention system also pays attention to applications known as convenient disguises for malware, including Adobe Acrobat files, Flash scripts, and Microsoft Office utilities, such as macros.
- Alerting and Remediation – the Kaspersky system creates rollback points and data backups that enable it to restore the endpoint to its undamaged state once an attack has been detected. The Remediation Engine is able to suspend user accounts and kill processes in order to end the attack.
- Network Threat Protection – guards against infection from arriving on the endpoint over the network. This is a suite of protection processes that includes guards against network address spoofing and other system hijacking techniques that hackers use to disguise their intrusion.
- Permissions Hardening – the Kaspersky system protects usernames and passwords in transit and roots out abandoned accounts that can assist hackers.
- Endpoint Detection and Response (EDR) – threat intelligence sharing reported by the endpoint security software to a central database. This data is analyzed through automated processes and also human cybersecurity analysts, then summarized and distributed as “indicators of compromise” (IoCs).
- Security Persistence – the software is able to protect itself from being tampered with or shut down by malicious processes.
- Full Disk Encryption (FDE) – the option to secure a disk with encryption is a unique feature in the endpoint protection market. Kaspersky uses 256-bit AES encryption. This is a particularly useful feature when companies use mobile devices that could easily get lost or stolen.
- Kaspersky’s File Level Encryption – an alternative data security strategy to FDE. Systems administrators can enforce automatic file encryption according to file type and location. Users can also encrypt files on demand for transfer by email or onto USB memory sticks.
- Endpoint Access Control – this is a utility in the Security Center console and it integrates with Active Directory to protect access to endpoints.
Kaspersky Endpoint Security is a very comprehensive protection package. It even extends to securing data, which is a task that most endpoint protection platforms do not include.
CrowdStrike began operations in 2011 as a cybersecurity consultancy. Within the first few years of its existence, the company achieved great renown by discovering some of the biggest security breaches in history and helping the victims secure their systems. For example, the company discovered the major data theft event that occurred in the SONY Pictures database in 2014 and has worked for the USA’s Democratic Party since the email hack of 2016 to help them harden their digital defenses. The head of the company’s consultancy division is former FBI cyber division leader, Shawn Henry.
CrowdStrike Falcon was the company’s big move into the software market. The system is an “endpoint protection platform” (EPP), which means that it is a suite of applications.
CrowdStrike advertises Falcon as being “delivered from the Cloud.” In reality, much of the tasks that protect endpoints are performed by applications resident on the device itself. An unusual aspect of the CrowdStrike Falcon system is that it includes plans that include the services of human cybersecurity analysts.
Another distinctive feature of CrowdStrike Falcon is that it is sold in editions. This enables the customer to select which modules to include with the platform. Those modules are:
- Falcon Prevent – Next-gen antivirus software and firewall.
- Falcon X – A threat intelligence engine.
- Falcon Insight – Endpoint detection and response (EDR) to combat advanced persistent threats.
- Falcon Overwatch – Threat hunting by human experts.
- Falcon Discover – A vulnerability scanner.
- Falcon Device Control – A monitoring system for USB memory sticks.
The packages offered by CrowdStrike enabler the customer to buy just some or most of these modules. The editions of CrowdStrike Falcon are:
- Falcon Pro – includes Falcon Prevent and Falcon X.
- Falcon Enterprise – includes Falcon Prevent, Falcon X, Falcon Insight, and Falcon Overwatch.
- Falcon Premium – includes Falcon Prevent, Falcon X, Falcon Insight, Falcon Overwatch, and Falcon Discover.
- Falcon Complete – A managed endpoint security service that includes the resources of all modules.
None of the packages include Falcon Device Control. This is an add-on to the editions and it controls the access granted to USB memory sticks. The application blocks the USB ports on the protected device and prevents any USB devices from attaching to the computer’s operating system. Through a management console, an administrator can authorize certain devices. Those cleared memory sticks will then be able to interact with the computer while all other USB devices remain blocked.
Falcon Complete is a managed service. That means you don’t need to train any of your IT support staff in using the CrowdStrike system. A team of technicians at the CrowdStrike HQ monitor the security of your endpoints and take action where necessary. Then agent software still has to be installed on each protected computer. The Falcon Complete package includes the use of all of the Falcon modules and human analysts as well.
The Falcon Premium edition is the highest plan that you can manage yourself. It includes all of the modules except for the Falcon Device Control. The Falcon Discover module is only available in the Premium package, which is a shame. Falcon Discover is a vulnerability scanner, which is becoming an increasingly necessary tool in cybersecurity. It is possible that some customers would just want the basic endpoint protection bundle of the Falcon Pro plus Falcon Discover without having to pay for Falcon Insight and Falcon Overwatch as well.
The base edition, Falcon Pro is a very good offer and provides all of the protection features that represent the entire EPP in some rival endpoint protection systems. The Pro deal includes a net-gen AV, which looks for patterns of behavior rather than scanning for the presence of files that are written on a blacklist. The Falcon X module is a machine learning AI-based system the also looks for suspicious behavior. While Falcon Prevent examines each process for anomalous behavior, Falcon X tracks sequences of events, which would indicate hacker intrusion. Falcon X is an intrusion prevention system. All installed instances of the application around the world contribute to a threat intelligence system by uploading reports of the incidences that they have combatted.
Falcon Enterprise adds on Falcon Insight and Falcon Overwatch to the modules available in the Falcon Pro edition. Falcon Insight searches for evidence of advanced persistent threats (APTs). These intrusions are long-term unauthorized invasions of the system with the hacker setting up an account for regular access. Falcon Overwatch is a signature module. It makes the services of the company’s well-regarded cybersecurity analysist. These experts comb through the log data uploaded by Falcon X to look for intrusion signals that the automated threat hunters might have missed.
Kaspersky Endpoint Security and CrowdStrike Falcon
Kaspersky Endpoint Security and CrowdStrike Falcon have many factors in common. Both systems include traditional AV and firewall elements but implement the tasks of blocking malware in innovative ways. Both require software to be installed ion the endpoint while making a central management console available to system administrators.
Looking down the lists of modules that each platform includes, it is impossible not to conclude that the Kaspersky system is more comprehensive. Despite this, the accusations of ‘Russian spying’ leveled by the US Department of Homeland Security means that many businesses in the USA are likely to cross this option off their list.
The process that triggered the US security alert was the EDR module of the software. This uploaded attack details to the global threat database of Kaspersky, which is also accessible to Kaspersky’s cybersecurity analysists in Moscow. Unfortunately, the user of that specific endpoint was a National Security Agency (NSA) operative. This, together with unfounded accusations that Kaspersky secretly liaises with Russia’s FSB may make you opt for CrowdStrike’s software despite the fact that the company openly collaborates with American national security agencies.
Take advantage of a 15-day free trial of Falcon Pro to put it to the test. Kaspersky sells its Endpoint Security software as part of Kaspersky Total Security which is available on a 30-day free trial. It is also available as Kaspersky Endpoint Security for Business Advanced on a 30-day free trial, Kaspersky Endpoint Security for Business Select on a 30-day free trial, and Kaspersky Endpoint Security Cloud on a 30-day free trial.
Once you have tested these two systems, leave a message in the Comments section below to share your opinions with the community.