Skip to main content

Multi-layered Approach to Security

True cybersecurity should be based on the synergy of various protection techniques, from classic AV records to behavior-based detection with deep learning models.

Because newer, more sophisticated cyberattacks try to overcome existing protection, it is crucial to mount layered defenses, covering both different levels of infrastructure and applying multiple protection layers of varied nature to every protected asset. This allows effective protection against different types of malware while making the system too well-defended for the majority of attackers.

The image above shows how threats are blocked with various layers of the file antivirus.

The first layer constitutes a reliable and ultra-fast technology that detects malware by masks and hashes.

The second layer uses emulation, which runs suspicious code in an isolated environment. Both binaries and scripts are emulated, which is critical for protection against web threats.

The third layer is a classic detection routine. It’s a tool that allows Kaspersky Lab experts to write a code and deliver it directly to the user in databases. This technology is truly irreplaceable; it complements the solution with decryptors for ransomware and unpackers for legitimate packers.

The fourth layer assumes the use of machine-learning models on the client’s end. The models’ high generalization ability helps to prevent the loss of quality in detecting unknown threats, even if an update of databases was not available for more than two months.

The fifth layer is cloud detection using big data. It leverages threat analytics from all endpoints in Kaspersky Security Network, which, in turn, enables unprecedented reaction to new threats and minimizing false positives.

The sixth layer is heuristics-based on execution logs . There is no more fail-safe way to catch a criminal than catching him in the act. Instant backup of data impacted by a suspicious process and automated roll-back neutralize malware the moment it’s detected.

The seventh layer involves gathering real-time behavioral insights on files to create deep learning models . The model is capable of detecting a file’s malicious nature while analyzing a minimal amount of instructions. This helps to minimize threat persistence, and machine learning provides high detection rates even when model update is unavailable for a long time.

As you can see, using machine learning on various layers of a file antivirus’ subsystem is, in its very essence, a proof of Kaspersky Lab’s multi-layered, next generation approach to protection. Internally, this is referred to as "multi-layered machine learning" or ML2 for short.

We use the same approach when making other security solutions as well.

Related Products

The protection technologies of Kaspersky Endpoint Security

The Mistakes of Smart Medicine

Is Mirai Really as Black as It’s Being Painted?


Related Technologies

Machine Learning

ML-based technologies are used in both products and infrastructure.

Cloud Intelligence

The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats

Behavior-based Protection

Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.