Kaspersky Lab has been at the forefront when it comes to research on detection and containment of cybersecurity threats. And it’s now putting forward some of its tools to the open source to make it easier for others to incorporate these cutting-edge security features. The company has announced that Kaspersky Lab’s KLara malware scanner is now available as an open source threat detection tool on the official Kaspersky Lab Github page.
“Kaspersky Lab security researchers today have placed KLara, a tool created internally to accelerate the search for related malware samples, into the open source domain for everyone to use”, read Kaspersky Lab’s official blog post.
Today we added our advanced #malware and #APT detection tool #KLara to the #opensource domain to help #security community run #Yara searchers for APT threats faster and more effectively #netsec #spyware #ransomware https://t.co/rYulJKrQ9U pic.twitter.com/7q5FK5AUFw
— Kaspersky (@kaspersky) March 28, 2018
KLara is based on YARA, one of the most popular malware scanner platforms used by security researchers to detect APT (Advanced Persistent Threat) and traces of suspicious activity in a computing system or a cloud network. Compared to the conventional YARA implementation procedures, KLara is significantly fast and is capable of running a series of threat detection search commands which involve multiple rules and data sets for weeding out malicious code and identifying security threats.
“Detecting cyberthreats requires tools and systems that can hunt effectively for malware – particularly when tracking advanced targeted threat campaigns through months or even years of activity. We created KLara to help us hunt threats better and faster and we’d now like to share it with the rest of the security community so that everyone can enjoy the benefits of the tool”, said Dan Demeter, a security researcher at Kaspersky Lab.
KLara is developed using Python and can be deployed on any compatible software ecosystem, be it Windows or UNIX. Kaspersky Lab has revealed that KLara is capable of detecting malware, exploits, and zero-day threats, and thanks to its distributed system architecture, it can implement YARA search rules over multiple data collections to look for threats. Once the scan is complete, KLara will send a notification via an email or through the connected web interface, complete with the scan results.