Kaspersky Lab’s Senior Security Researcher David Emm talks to TeckComesFirst about working at Kaspersky, what they’re doing in the mobile space and more.





1)   Can you introduce yourself and say what you exactly do at Kaspersky day to day?

I’m David Emm and I’m a Senior Security Researcher in Kaspersky Lab’s Global Research and Analysis Team. Most of my time is spent writing about malware, delivering presentations at conferences and other events, supporting sales and marketing colleagues and communicating with the media.

2)   What was your first day at Kaspersky like?

It was very exciting!  My first day coincided with the first day of Infosec and I spent the day giving stand-presentations on cyber-threats and speaking to journalists.

3)   In the 9 years you’ve been there, what is/are your biggest accomplishment/s?

I’m lucky enough to work in a team containing some very clever people.  I hope I do my bit to contribute to the work of the team, and the company, but I’d find it hard to single out personal achievements.  But one thing that makes me happy is the extent to which Kaspersky Lab has gained recognition in the UK in the time I’ve worked here.  When I joined the company we were well-known to ‘techies’ in the business world.  But few people had heard of us outside this circle.  But with each year that has gone by we’ve seen greater awareness of our products and technologies and the quality of our customer service has been recognised.  As you’d expect, that’s a team effort and I’m happy to be part of it.

4)   In the past, I found the system usage of Kaspersky products quite high (as has been the case with some other AV’s I’ve tried too), how have you tackled this problem in the recent years?

Although we still refer to anti-virus, or ‘AV’, today’s solutions have developed way beyond the signature-based solutions of the past – they now include a wide range of proactive technologies.  Unfortunately, increasing complexity brings with it the risk of an impact on normal operation of the system.  I’m surprised to hear that you experienced such an impact when you used one of our products, since performance is always high on our list of priorities when developing a new version – and once again in the forthcoming release of Kaspersky Internet Security.  Where someone experiences a problem of any sort, I’d always recommend that they speak to my colleagues in our technical support team.  There may be a very particular reason for the problem – once that can be resolved by judicious configuration of the product.

5)   In your own opinion, what do you think about the issues involved with Mobile Security and what is Kaspersky doing in the mobile space to address this issue?

I think there are several factors affecting mobile security.

First, mobile devices are now a mainstream part of business, making ‘always-on’ staff productive wherever they happen to be and at whatever time of the day it is.  So there’s no longer a fixed work place.  As a result, security is having to change, from defending a traditional network perimeter to putting a ‘security wrapper’ around every employee, wherever they work and whatever device they’re using.

Second, many companies allow staff to use their own devices at work – either as a work device, or in addition to their company device.  The result is a blending of business and personal data and activity that can affect corporate security.  Consider, for example, what happens if a device is lost or stolen:  does the company have the right, or the technical capability, of remotely wiping data on the device.

Third, mobile devices can be lost or stolen very easily.  This has clear implications for businesses – the risk of confidential data leakage.  But there are also implications for individuals.  If I lose my device, and it’s not protected with a PIN or passcode, anyone can access my online accounts, e-mail, etc. and steal my online identity.

Fourth, although they are powerful computers, we still think of smartphones as *phones*, i.e. we don’t necessarily realise the security implications of using the device.

Fifth, with all of the above issues as a context for using mobile devices, we’ve seen an exponential rise in mobile malware over the last two years.  We saw the same volume of threats in 2011 that we saw in the period 2004-10.  And in 2012 we saw six times the volume that we saw in 2011.  The reason for this is clear – there is valuable data held on mobile devices and we’re using them to conduct transactions that can generate value for cybercriminals.  It’s not only the fact that we can bank and shop using a mobile device.  It’s also that we’re using them to access social networks and other public forums.  Cybercriminals rely on harvesting personal information to set up the increasing number of targeted attacks on organisations.  So gaining access to a mobile device is very worthwhile to a cybercriminal.

6)   How is the working experience different at Kaspersky compared to McAfee where you worked previously?

There are more than 2,500 staff at Kaspersky Lab.  There are currently around 120 based here in the UK, but when I joined the company there were only a dozen or so people in this office.  So, as you might expect, the biggest change was working as part of a small team, rather than being part of a large organisation.  Kaspersky Lab had a very cosy feel to it; and the family atmosphere is one that the company has been able to retain as it has grown.

7)   How does Kaspersky deal with zero day malware?

We have a number of proactive technologies that help to mitigate the threat from malware.  One that’s specifically designed to block zero-day exploits is called Automatic Exploit Prevention (AEP).  This goes beyond scanning for known application vulnerabilities (which we also do).  AEP analyses and controls the actions of programs containing vulnerabilities, so that they aren’t able to cause harm to the computer.  AEP does this by looking at the behaviour of an application, to distinguish malicious and legitimate activity.

You can find an overview of the technology here and also here

As an indication of its effectiveness, AEP was able to block this Java zero-day

and one of the exploits used in the Red October campaign:

8)   Do you collaborate with your rivals on dealing with high risk/serious viruses?

Yes, there are many areas of discussion and co-operation between researchers working at different security companies.  This includes sharing samples discovered, exchanging ideas at conferences informal communications on the latest threats and shared working groups.  Competition between companies is focused on proprietary information about technologies and products, rather than about malware.

9)   When we briefly spoke, you mentioned Kaspersky sandboxes websites to prevent ID Theft; can you elaborate about how this works exactly and how effective it is?

We provide this through our Safe Money technology.  The aim is to secure financial transactions, such as online banking, shopping sites and payment services, so that someone’s personal data and financial details aren’t stolen by cybercriminals.  We do four things.  First, we verify that the request is going to a genuine site.  Second, we verify the security certificate, to avoid re-direction to a fake site.  Third, we scan the operating system for vulnerabilities critical to online transactions.  Fourth, we offer to open the web site in a secure mode, to protect personal information exchanged with the site.

10)   What is the one breakthrough feature that Kaspersky offers compared to the rivals, which would act as an incentive for anyone to try out your software?

It’s always hard to answer questions like this, because there are so many different technologies that, in combination, deliver great protection for our customers.  But I’d like to offer a couple of perspectives on this.

First, it’s not just about this or that individual feature that enhances security – although I’ve talked about some specific technologies above.  It’s the smart integration of these technologies and their implementation in a way that doesn’t put an undue load on the computer.  So what we’re seeking to do is to define the overall reputation of an application, based on everything we know about it.

Second, this relies not only on what we install on the computer itself, but on the computer’s integration into the Kaspersky Security Network, our global, cloud infrastructure.  This is our ‘eye in the sky’, giving us visibility into what’s happening around the world.  So what’s seen in one place allows us to enhance security for everyone tapped into the system (i.e. anyone using Kaspersky Lab products who’s opted to be part of the system).

Third, it’s about delivering an overall service to customers.  As well as what we believe is top-notch protection technologies, it means being at the end of the phone when someone needs help (as well as the other avenues of support we provide).

Fourth, I work for Kaspersky Lab, so I wouldn’t expect anyone to simply take my word for the quality of the product.  But what people can do is to look at our consistent track record in independent tests – such as those conducted by AV-Test and AV-comparatives.

11)   Anything you can tease about Kaspersky Internet Security 2014?

We’ve got a number of exciting developments in the pipeline for 2014. The main trend that will continue to influence our technology is the change in way that consumers access and consume the internet today. The days where we accessed the internet solely via PCs is a thing of the past – the majority of us now predominantly use our mobile phones or tablets to shop, bank or socialise online. As a result of this, we believe the protection must be centred around the person, rather than the device.

Look out for a new interview every 2nd Tuesday of the month here on TeckComesFirst! #TalkToTCFTuesdays

Questions were chosen by both co-founders of TeckComesFirst; Purav and Usman.

Stay tuned for a giveaway of Kaspersky PURE, we’ll have 5 copies to give away for our UK and US readers.

Notable Accolades for this article: Kaspersky UK Twitter Kaspersky Twitter

The following two tabs change content below.
I’m a 23 year old Maths Graduate, who has a great passion for technology and in my spare time I make videos on YouTube to show my passion. I'm also co-admin here at TeckComesFirst and I joined this site back in January 2012.
468 ad