Skip to main

Multi-layered Approach to Security

True cybersecurity should be based on the synergy of various protection techniques, from classic AV records to behavior-based detection with deep learning models.

Because newer, more sophisticated cyberattacks try to overcome existing protection, it is crucial to mount layered defenses, covering both different levels of infrastructure and applying multiple protection layers of varied nature to every protected asset. This allows effective protection against different types of malware while making the system too well-defended for the majority of attackers.

The image above shows how threats are blocked with various layers of the file antivirus.

The first layer constitutes a reliable and ultra-fast technology that detects malware by masks and hashes.

The second layer uses emulation, which runs suspicious code in an isolated environment. Both binaries and scripts are emulated, which is critical for protection against web threats.

The third layer is a classic detection routine. It’s a tool that allows Kaspersky Lab experts to write a code and deliver it directly to the user in databases. This technology is truly irreplaceable; it complements the solution with decryptors for ransomware and unpackers for legitimate packers.

The fourth layer assumes the use of machine-learning models on the client’s end. The models’ high generalization ability helps to prevent the loss of quality in detecting unknown threats, even if an update of databases was not available for more than two months.

The fifth layer is cloud detection using big data. It leverages threat analytics from all endpoints in Kaspersky Security Network, which, in turn, enables unprecedented reaction to new threats and minimizing false positives.

The sixth layer is heuristics-based on execution logs . There is no more fail-safe way to catch a criminal than catching him in the act. Instant backup of data impacted by a suspicious process and automated roll-back neutralize malware the moment it’s detected.

The seventh layer involves gathering real-time behavioral insights on files to create deep learning models . The model is capable of detecting a file’s malicious nature while analyzing a minimal amount of instructions. This helps to minimize threat persistence, and machine learning provides high detection rates even when model update is unavailable for a long time.

As you can see, using machine learning on various layers of a file antivirus’ subsystem is, in its very essence, a proof of Kaspersky Lab’s multi-layered, next generation approach to protection. Internally, this is referred to as "multi-layered machine learning" or ML2 for short.

We use the same approach when making other security solutions as well.

Related Products

Kaspersky Anti Targeted Attack Platform
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
Kaspersky Endpoint Security for Business
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Kaspersky Small Office Security
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Kaspersky Anti-Virus
Safeguards your PC and all the precious things you store on it
Kaspersky Internet Security
Helps protect every aspect of your digital life – on PC, Mac & Android
Kaspersky Total Security
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
Kaspersky Free
Helps you keep your PC safe from infections, phishing and more
Kaspersky Security for Mail Server
For Microsoft Exchange, Linux-based mail servers and IBM Lotus Domino
Kaspersky File Server Security
For Windows and Linux
Kaspersky Security for Virtualization
Protect your virtual infrastructure
Kaspersky Network Attached Storage Security
Security for Network Attached Storages
Kaspersky Security for Collaboration
Protection for Microsoft SharePoint
Kaspersky Fraud Prevention
Proactive detection of cross-channel fraud in Real Time

The protection technologies of Kaspersky Endpoint Security

The Mistakes of Smart Medicine

Is Mirai Really as Black as It’s Being Painted?


Related Technologies

Machine Learning
ML-based technologies are used in both products and infrastructure.
Cloud Intelligence
The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats
Behavior-based Protection
Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.