Skip to main

ADVANCED CYBERSECURITY TECHNOLOGIES: HOW IT WORKS

Kaspersky’s next generation technologies and multi-layered approach form the foundation of award-winning solutions that protect users from any type of cyberattack. Here you can learn about our methods in details.

Machine Learning in Cybersecurity
 
Decision tree ensembles, locality sensitive hashing, behavioral models or incoming stream clustering - all our machine-learning methods are designed to meet real world security requirements: low false positive rate, interpretability and robustness to a potential adversary.
 
Multi-layered Approach to Security
 
True cybersecurity should be based on the synergy of various protection techniques, from classic AV records to behavior-based detection with deep learning models.
 
Kaspersky Anti Targeted Attack Platform (KATA)
 
To detect and respond effectively to the most complex threats, including APTs, advanced technologies such as machine-learning, sandboxing, and automated/proactive threat hunting need to be applied to events and objects aggregated from right across the corporate infrastructure.
 
Corporate network protection: Kaspersky Endpoint Detection and Response (KEDR)
 
Unlike single endpoint solutions, the EDR-class solution provides multi-host event visibility and “heavy” methods of detection (sandbox, deep learning models, event correlation) as well as expert tools for incident investigation, proactive threat hunting and attack response.
 
Behavior-based Protection
 
Threat Behavior Engine with ML-based models can detect previously unknown malicious patterns at the earliest stages of execution, while memory protection and remediation engine prevent user data compromise and loss.
 
Exploit Prevention
 
This technology reveals and blocks in real time the malware's attempts to benefit from software vulnerabilities.
 
Fileless Threat Protection
 
Fileless threats don’t store their bodies directly on a disk, but they cannot bypass advanced behavior-based detection, critical area scanning and other protection technologies.
 
Ransomware Protection
 
Safeguard against ransomware at the malware delivery and execution stages using technologies in the multi-layered protection stack.
 
Mobile Device Protection
 
Modern mobile devices require the whole range of security measures, from anti-malware protection and VPN to physical theft counteractions that include remote wiping, locating of stolen device and blocking of access to it.
 
Big Data Analysis with Astraea Technology
 
The expert system aggregates all statistics and meta-data about suspicious objects worldwide in real-time, producing detection decisions immediately available to all users through Kaspersky Security Network cloud.
 
Anti-Rootkit and Remediation Technology
 
Some procedures of detection and neutralization target particular rootkit techniques, while other anti-rootkit modules scan system memory and various critical areas where malicious code could be hiding.
 
Cloud threat intel: Kaspersky Security Network (KSN)
 
The complex cloud infrastructure collects and analyses cybersecurity-related data from millions of voluntary participants around the world to provide the fastest reaction to new threats through the use of Big Data analysis, machine learning and human expertise.
 
Emulator
 
Emulator executes the object’s instructions one by one in a safe virtual environment, collects artifacts and passes them to the heuristic analyzer to detect malicious behavior features of a binary file or a script.
 
Sandbox
 
Running on-premises, in the cloud and in Kaspersky’s malware analysis infrastructure, our sandboxes apply various anti-evasion techniques while their detection performance is backed up with threat intel from Kaspersky Security Network.
 
Application Control and HIPS
 
By limiting an application’s ability to launch or access critical system resources, even unknown threats can be blocked effectively.
 
Disk and File Encryption
 
Full disk encryption prevents data leakage via loss of a device, file-level encryption protects files transferred in untrusted channels, and Crypto Disk stores user data encrypted in a separate file.
 
Adaptive Anomaly Control
 
This method of attack surface reduction combines the simplicity of hardening rules and the smartness of automatic tuning based on behavior analysis.