Decision tree ensembles, locality sensitive hashing, behavioral models or incoming stream clustering - all our machine-learning methods are designed to meet real world security requirements: low false positive rate, interpretability and robustness to a potential adversary.

True cybersecurity should be based on the synergy of various protection techniques, from classic AV records to behavior-based detection with deep learning models.

To detect and respond effectively to the most complex threats, including APTs, advanced technologies such as machine-learning, sandboxing, and automated/proactive threat hunting need to be applied to events and objects aggregated from right across the corporate infrastructure.

Unlike single endpoint solutions, the EDR-class solution provides multi-host event visibility and “heavy” methods of detection (sandbox, deep learning models, event correlation) as well as expert tools for incident investigation, proactive threat hunting and attack response.

Threat Behavior Engine with ML-based models can detect previously unknown malicious patterns at the earliest stages of execution, while memory protection and remediation engine prevent user data compromise and loss.

This technology reveals and blocks in real time the malware's attempts to benefit from software vulnerabilities.

Fileless threats don’t store their bodies directly on a disk, but they cannot bypass advanced behavior-based detection, critical area scanning and other protection technologies.

Safeguard against ransomware at the malware delivery and execution stages using technologies in the multi-layered protection stack.

Modern mobile devices require the whole range of security measures, from anti-malware protection and VPN to physical theft counteractions that include remote wiping, locating of stolen device and blocking of access to it.

The expert system aggregates all statistics and meta-data about suspicious objects worldwide in real-time, producing detection decisions immediately available to all users through Kaspersky Security Network cloud.

Some procedures of detection and neutralization target particular rootkit techniques, while other anti-rootkit modules scan system memory and various critical areas where malicious code could be hiding.

The complex cloud infrastructure collects and analyses cybersecurity-related data from millions of voluntary participants around the world to provide the fastest reaction to new threats through the use of Big Data analysis, machine learning and human expertise.

Emulator executes the object’s instructions one by one in a safe virtual environment, collects artifacts and passes them to the heuristic analyzer to detect malicious behavior features of a binary file or a script.

Running on-premises, in the cloud and in Kaspersky’s malware analysis infrastructure, our sandboxes apply various anti-evasion techniques while their detection performance is backed up with threat intel from Kaspersky Security Network.

By limiting an application’s ability to launch or access critical system resources, even unknown threats can be blocked effectively.

Full disk encryption prevents data leakage via loss of a device, file-level encryption protects files transferred in untrusted channels, and Crypto Disk stores user data encrypted in a separate file.

This method of attack surface reduction combines the simplicity of hardening rules and the smartness of automatic tuning based on behavior analysis.