{"id":6601,"date":"2017-03-03T13:03:21","date_gmt":"2017-03-03T18:03:21","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=6601"},"modified":"2019-11-15T06:49:52","modified_gmt":"2019-11-15T11:49:52","slug":"multilayered-approach","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/multilayered-approach\/6601\/","title":{"rendered":"The multilayered security model in Kaspersky Lab products"},"content":{"rendered":"<p>We constantly reiterate that a multilayered approach is the key foundation for our concept of \u201c<a href=\"https:\/\/www.kaspersky.com\/true-cybersecurity?redef=1&amp;reseller=gl_truecs_acq_ona_smm__onl_b2b_blog_ban_______\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">True Cybersecurity<\/a>,\u201d which is able to efficiently defend against next-generation threats. However, what exactly does <em>multilayered<\/em> mean, and how is it deployed in Kaspersky Lab products?<\/p>\n<p>Actually, we take a multilayered approach in each aspect of all of our products. Let\u2019s see this exemplified by our Kaspersky Endpoint Security for Business. From one end, it uses various technologies to minimize threats: Endpoint hardening, Reputation services, Automatic Exploit Prevention, and more. These function as <strong>endpoint protection layers<\/strong> and neutralize the majority of threats even before they hit the antivirus. That\u2019s how we find a perfect balance between performance and efficient protection.<\/p>\n<p>From the other end, if a suspicious file makes it through the initial filtering layers and ends up on a protected endpoint, it\u2019s time for file antivirus \u2014 which is also multilayered \u2014 to act.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020557\/Inside-fileav.jpg\"><img decoding=\"async\" class=\"aligncenter wp-image-6603 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020557\/Inside-fileav.jpg\" alt=\"Inside File AV\" width=\"1000\" height=\"637\"><\/a><\/p>\n<p>The image above shows how threats are blocked with various layers of the file antivirus.<\/p>\n<p>The first layer constitutes a reliable and ultra-fast technology that detects malware by masks and hashes.<\/p>\n<p>The second layer uses emulation: It runs suspicious code in an isolated environment. Both binaries and scripts are emulated, which is critical for protection against web threats.<\/p>\n<p>The third layer is a classic detection routine. It\u2019s a tool that allows Kaspersky Lab experts to write a code and deliver it directly to the user in databases. This technology is truly irreplaceable; it complements the solution with decryptors for ransomware and unpackers for legitimate packers.<\/p>\n<p>The fourth layer assumes the use of machine-learning models on the client\u2019s end. The models\u2019 high generalization ability helps to prevent the loss of quality in detecting unknown threats, even if an update of databases was not available for more than two months.<\/p>\n<p>The fifth layer is cloud detection using big data: It leverages threat analytics from all endpoints in Kaspersky Security Network, which, in turn, enables unprecedented reaction to new threats and minimizing false positives.<\/p>\n<p>The sixth layer is heuristics based on execution logs. There is no more fail-safe way to catch a criminal than catching him in the act. Instant backup of data impacted by a suspicious process and automated roll-back neutralize malware the moment it\u2019s detected.<\/p>\n<p>The seventh layer involves gathering real-time behavioral insights on files to create deep learning models. The model is capable of detecting a file\u2019s malicious nature while analyzing a minimal amount of instructions. This helps to minimize threat persistence, and machine learning provides high detection rates even when model update is unavailable for a long time.<\/p>\n<p>As you can see, using machine learning on various layers of a file antivirus\u2019 subsystem is, in its very essence, a proof of our multilayer approach, which we internally call <strong>ML<sup>2<\/sup><\/strong>, or <strong>M<\/strong>ulti-<strong>L<\/strong>ayered <strong>M<\/strong>achine <strong>L<\/strong>earning.<\/p>\n<p>We use the same Next Gen approach when making other security solutions as well.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We take a multilayered approach in each aspect of all of our products.<\/p>\n","protected":false},"author":669,"featured_media":15244,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[1876,2233,2642,2483],"class_list":{"0":"post-6601","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-machine-learning","10":"tag-multilayered-cybersecurity","11":"tag-next-gen","12":"tag-true-cybersecurity"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/multilayered-approach\/6601\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/multilayered-approach\/15067\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/multilayered-approach\/7165\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/multilayered-approach\/6601\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/multilayered-approach\/6601\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/true-cybersecurity\/","name":"True Cybersecurity"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/669"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=6601"}],"version-history":[{"count":11,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6601\/revisions"}],"predecessor-version":[{"id":30037,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6601\/revisions\/30037"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15244"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=6601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=6601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=6601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}