Skip to main content


Kaspersky’s next generation technologies and multi-layered approach form the foundation of award-winning solutions that protect users from any type of cyberattack. Here you can learn about our methods in details.

Machine Learning in Cybersecurity

Decision tree ensembles, locality sensitive hashing, behavioral models or incoming stream clustering - all our machine-learning methods are designed to meet real world security requirements: low false positive rate, interpretability and robustness to a potential adversary.

Kaspersky Endpoint Detection and Response (KEDR)

Unlike single endpoint solutions, the EDR-class solution provides multi-host event visibility and “heavy” methods of detection (sandbox, deep learning models, event correlation) as well as expert tools for incident investigation, proactive threat hunting and attack response.

Kaspersky Anti Targeted Attack Platform (KATA)

To detect and respond effectively to the most complex threats, including APTs, advanced technologies such as machine-learning, sandboxing, and automated/proactive threat hunting need to be applied to events and objects aggregated from right across the corporate infrastructure.

Multi-layered Approach to Security

True cybersecurity should be based on the synergy of various protection techniques, from classic AV records to behavior-based detection with deep learning models.

Cloud threat intel: Kaspersky Security Network (KSN)

The complex cloud infrastructure collects and analyses cybersecurity-related data from millions of voluntary participants around the world to provide the fastest reaction to new threats through the use of Big Data analysis, machine learning and human expertise.

Big Data Analysis with Astraea Technology

The expert system aggregates all statistics and meta-data about suspicious objects worldwide in real-time, producing detection decisions immediately available to all users through Kaspersky Security Network cloud.

Behavior-based Protection

Threat Behavior Engine with ML-based models can detect previously unknown malicious patterns at the earliest stages of execution, while memory protection and remediation engine prevent user data compromise and loss.

Exploit Prevention

This technology reveals and blocks in real time the malware's attempts to benefit from software vulnerabilities.

Adaptive Anomaly Control

This method of attack surface reduction combines the simplicity of hardening rules and the smartness of automatic tuning based on behavior analysis.

Ransomware Protection

Safeguard against ransomware at the malware delivery and execution stages using technologies in the multi-layered protection stack.

Fileless Threat Protection

Fileless threats don’t store their bodies directly on a disk, but they cannot bypass advanced behavior-based detection, critical area scanning and other protection technologies.

Anti-Rootkit and Remediation Technology

Some procedures of detection and neutralization target particular rootkit techniques, while other anti-rootkit modules scan system memory and various critical areas where malicious code could be hiding.


Running on-premises, in the cloud and in Kaspersky’s malware analysis infrastructure, our sandboxes apply various anti-evasion techniques while their detection performance is backed up with threat intel from Kaspersky Security Network.


Emulator executes the object’s instructions one by one in a safe virtual environment, collects artifacts and passes them to the heuristic analyzer to detect malicious behavior features of a binary file or a script.

Mobile Device Protection

Modern mobile devices require the whole range of security measures, from anti-malware protection and VPN to physical theft counteractions that include remote wiping, locating of stolen device and blocking of access to it.

Application Control and HIPS

By limiting an application’s ability to launch or access critical system resources, even unknown threats can be blocked effectively.

Disk and File Encryption

Full disk encryption prevents data leakage via loss of a device, file-level encryption protects files transferred in untrusted channels, and Crypto Disk stores user data encrypted in a separate file.

Online Banking with Safe Money Technology

Based on Host-based Intrusion Prevention System (HIPS) and Self-Defense technologies, Safe Money allows you to protect online financial transactions from phishing, man-in-the-middle (MITM) and other attacks by performing browser processes in the secured container.

Network Threat Protection

Protection from network attacks by analyzing inbound network traffic and responding to malicious network activity.