Kaspersky: French companies are looking for a way out

The situation is serious but not yet hopeless. While Germany and Italy have raised the risks to use Kaspersky software and that the American telecommunications regulatory authority (FCC) has added the Russian publisher’s products and services to the list of equipment affecting national security, France’s position appears more measured. From the beginning of March, the national information systems security agency (Anssi) thus Explain – in a very diplomatic way – that the use of these tools “can be questioned because of its link with Russia” but “that at this stage no objective element justifies changing the assessment of the quality of the products and services provided”.

To date, no official directive calls into question the use of Kaspersky solutions. However, behind the scenes, the CISOs and especially the general management of companies are in turmoil to decide a question: can we still have confidence in the software of a publisher whose level of recognition, integrity and performance is known? and recognized for years throughout the world, but whose nationality raises possible dangerous links with the highest spheres of Russian power? “The situation is not easy, the companies which had decided to equip themselves with Kaspersky solutions are not necessarily asked these geopolitical questions when they signed”, explains Alain Bouillé, general delegate of Cesin. But now, the situation appears different and a movement of mistrust towards the solutions of the Russian security publisher is beginning to emerge.

Changeover plans operated urgently

In a recent survey by the Information and Digital Security Experts Club of 201 CISO members, nearly a quarter (about fifty) said they used Kaspersky products. Among them, 84% indicated that they plan to change their protection strategy by changing product, 40% of which specify that this project has already begun, while 44% plan to do so in the short or medium term. “The current situation in Russia makes Kaspersky customers fear that they no longer have signature databases, for example. This amplifies a phenomenon of decommissioning of these solutions in companies,” continues Alain Bouillé. A similar story on the Clusif side this time: “Large organizations are in the process of urgently operating changeover plans and I do not see what phenomenon could stem it or even reverse it”, explains Loïc Guézo, secretary general of the French information security club.

Like the CHRU in Brest, which will do without the services of the Russian antivirus Kaspersky and other end customers, the pressure is also increasing on suppliers. This is the case, for example, of Kaseya, which specializes in the management of IT infrastructures, which has announced that it will stop supporting the anti-virus Kaspersky. “When the FCC added Kaspersky to its list of companies whose products or services could pose a security threat, we contacted the small number of customers worldwide that we knew were using Kaspersky antivirus software and encouraged to switch to Bitdefender, which Kaseya resells. The safety of our customers is paramount and we will continue to support them in any way we can,” Dana Liedholm, senior vice president of marketing at Kaseya, told us.

A risky situation for the Russian publisher

Will this feeling of mistrust, even mistrust, become generalized in the weeks to come? In France, the subsidiary of the Russian publisher wants to be reassuring: “We answer questions about updates and product corruption with all the necessary protocols, transparency centers, audits and the resilience of our infrastructures and on how updates are offered,” said Bertrand Trastour, Managing Director France and Africa at Kaspersky. “Some customers or partners can make decisions, our exchanges are cordial and professional and we produce elements to reassure them. I have had companies that are satisfied with the level of trust and whose CISOs are challenged by their management committee. We are in a situation of exacerbated and geopolitical crisis on which we must be vigilant but of which it is premature to give figures to say how the situation will evolve in the weeks to come”.

This is not the first crisis of confidence that Kaspersky is going through. This had already been the case in 2017 when the publisher was suspected of having allowed confidential data from an NSA agent’s workstation on which his anti- virus was installed. A situation that had already led at that time, other administrations including OIVs and OSEs, including according to our information the Ministry of Defence, to give up on the Russian publisher for a long time. The company then reacted by creating its famous centers of transparency. But unlike other publishers, Americans this time like Microsoft, also caught up in the turmoil of large-scale espionage by the NSA, Kaspersky could find it more difficult to recover despite all the efforts on the ground.

“I have no doubts about the ability of Kaspersky engineers to maintain and develop the technology, but they are caught up in a whirlwind that is beyond them,” analyzes Loïc Guézo. “Unlike Microsoft, which is indestructible, Kaspersky cannot resist as much, because it is only positioned in the very competitive endpoint protection market with US players, but also French, around XDR”, he adds. Another survey conducted by Cesin also shows that a large majority of CISOs are ready to decommission their current anti-virus to couple an EDR with another anti-virus, but this time very inexpensive or even free. A trend which, if it materializes, risks cornering the Russian publisher a little more.

No backdoor identified in Kaspersky solutions to date

Faced with this delicate situation, Kaspersky wants to be convincing: “We now allow remote access to our transparency centers in Zurich and Madrid, we work with local legal entities and local banks that are not impacted by the disconnection from the SWIFT system, we have our support teams in France at Rueil Malmaison and are based on a distributed server architecture,” says Arnaud Dechoux, head of public affairs at Kaspersky.

“We are asked if we can be trusted? We answer that we must not trust anyone but that we must judge on the record and with all our measures we hope to have brought good answers. Many people have been trying to find a backdoor in our solution for 25 years without any success at this stage”.