Support

Support for business applications

Kaspersky Machine Learning for Anomaly Detection

About Kaspersky Machine Learning for Anomaly Detection

Security recommendations

Kaspersky Machine Learning for Anomaly Detection
Нет результатов
Online Help
FAQ Contact support Recovery tools Product videos

Security recommendations

December 6, 2023

ID 247962

Get as PDF

To ensure secure operation of Kaspersky MLAD at an enterprise, it is recommended to restrict and control access to equipment on which the application is running.

Physical security of equipment

When deploying Kaspersky MLAD, it is recommended to take the following measures to ensure secure operations:

  • Restrict access to the room housing the server with Kaspersky MLAD installed, and to the equipment of the dedicated network. Access to the room must be granted only to trusted persons, such as personnel who are authorized to install and configure the application.
  • Employ technical resources or a security service to monitor physical access to equipment on which the application is running.
  • Use security alarm equipment to monitor access to restricted rooms.
  • Conduct video surveillance in restricted rooms.

Information security

ML model parameters directly impact the detection of anomalies, therefore they can only be changed by system administrators. The date of last modification to the ML model (activation, or change of the name, threshold MSE value or MSE weights) is available in the Models section. The change history is available only in logs, which are saved for only a limited amount of time.

When using the web interface, it is recommended to take the following measures to ensure the data security of the intranet system:

  • Provide users with access to the application through the web interface only.
  • Install certificates to users' computers for authorization of the Kaspersky MLAD server with their browser. To use a trusted certificate, you need to contact a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.
  • Ensure protection of traffic within the intranet system.
  • Ensure protection of connections to external networks.
  • Use a secure TLS connection for data transfer.
  • Change the name and password of the first application user with the system administrator role when installing the application.
  • For connections through the web interface, use passwords that meet the following requirements:
    • Must not match previously used account passwords. The specific number of most recently used passwords that must not be reused is defined when configuring the application security settings.
    • Must contain at least 8 characters.
    • Must contain one or more uppercase letters of the English alphabet.
    • Must contain one or more lowercase letters of the English alphabet.
    • Must contain one or more numerals.
    • Must contain one or more of the following special characters: _ ! @ # $ % ^ & *.
  • Ensure that passwords are confidential and unique. If the password has been possibly compromised, change the password.
  • Set a time limit for a user web session.
  • After you are finished working in the browser, manually terminate the application connection session by using the Sign out option in the web interface.
  • Periodically install updates for the operating system on the server where Kaspersky MLAD is deployed.
  • Use access permission control to restrict user access to application functions.

Data security

While working with Kaspersky MLAD, it is recommended to take the following measures to ensure data security:

  • Configure the operating system and provide the necessary access to files of the server where Kaspersky MLAD is installed in accordance with the Recommendations on secure configuration of Linux operating systems issued by the Federal Service for Technical and Export Control (FSTEC) of Russia.
  • Perform periodic data backups of the server that has Kaspersky MLAD installed in accordance with the internal company procedure.
  • Periodically test the performance of the interface and services of the application. Special attention should be directed to the notification service and logging system.
  • Check communication channels to make sure they are secure and working properly.
  • Periodically test the performance of the server:
    • SMART disk check
    • Availability of sufficient free space and memory
    • RAM utilization
  • Use the monitoring system to make sure that there are no problems with the server protocols.
  • Store sensitive data in a secure storage location.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.