Kaspersky File Server Security
For Windows and Linux
Astraea technology makes up the key “cloud cyberbrain” of the Kaspersky Security Network (KSN) —another element of Kaspersky Lab’s multi-layered, next generation protection.
The system aggregates all the collected statistics and meta-information about suspicious activities and threats worldwide in real-time, and produces detection decisions towards malicious objects. Then this information becomes immediately available to all users through Kaspersky Security Network.
Everyday more than 80 million users benefit from using Kaspersky Security Network cloud service. Kaspersky Lab’s products request and receive information on the reputation of requested objects, and participate in sharing statistics with meta-information about suspicious objects. This results in a stream of hundreds of millions of notifications and hundreds of gigabytes daily.
All of this data is forwarded to an expert filtering and detection system called Astraea. The system verifies the incoming data for consistency to prevent any even hypothetical attempts of data manipulation. Then the data is accumulated into a big data database of objects like files, URLs, etc with corresponding meta-information and interlinks between them.
For example, a product could send information about a suspicious object, like:
After aggregating the incoming information, it is possible to generate knowledge like:
Each object is verified against a large list of indicators created by experts and expert systems. For example, it could be important to check:
Passing the list of rules, each object gains a calculated object risk score, which Astraea uses to make an expert decision on whether the object is malicious or not.Therefore the more information about an object is collected, the more precise automatic conclusion could be made. It is clear that in some cases there is still not enough information about the object to make a verdict. If this is the case, the rating will be recalculated later after extra information is collected.
Once Astraea generates its verdict on an object, it transfers this to the Kaspersky Security Network cloud service, enabling it to immediately reach users all over the world.
It is important to note that the system logic is not static - the system is permanently self-trained. In the world where malware writers always verify their code against detection by security solutions and weaponise it by new techniques, the system of indicators could become non-actual and easily lead to a decrease of efficiency in the detection rate and an increase of false positives. This means the indicators separately and the list of them as a whole should be tested for efficiency and updated dynamically based on information collected from Kaspersky Lab’s database and expert knowledge.
Since its start in 2012, the percentage of detections created by Astraea against the total number of new detections increased from 7.53% to 40.5% by the end of 2016 (323,000 new detections daily), with a total of one billion unique malicious files.
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Kaspersky Small Office Security protects more of the things that matter to your business – including...
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
For Microsoft Exchange, Linux-based mail servers and IBM Lotus Domino
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Kaspersky Small Office Security protects more of the things that matter to your business – including...
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
For Microsoft Exchange, Linux-based mail servers and IBM Lotus Domino