According to Kaspersky Lab data, over 200,000 unique malicious samples emerge daily, meaning 2-3 malware objects appear each second. Even an army of analysts can’t manage that onslaught if they process it with traditional methods. That’s why Kaspersky Lab invented another approach – instead of just hiring more and more people- we’ve created a cloud-based processing center and distributed an antiviral network called Kaspersky Security Network. This powerful technology promptly detects new dangers on the net and protects every computer connected to KSN. It helps prevent epidemics and blocks the sources of infection in a matter of minutes.
Kaspersky Security Network performs several important tasks: the global monitoring of suspicious activity on users computers, the instant delivery of this data (nothing confidential!) to Kaspersky Lab servers, the analysis of the information gathered and then decision making about either blocking dangerous files or putting them on a whitelist. To use this cloud-based service, users should have Kaspersky Lab products installed, e.g. Kaspersky Internet Security and give consent to participate in KSN. The reward for participation will come almost immediately, as all computers connected to KSN receive information about new threats less than a minute after the first detection of those threats.
How Kaspersky Security Network works
- Information about suspicious activity is sent from a user’s computer to the KSN cloud. We don’t collect files, only information about them: which file tries to perform a suspicious task, what is the source of this file, which application launched it, etc.
- It is often impossible to decide if a file is malicious or not, basing this decision only on data from one computer. The picture changes when it’s possible to analyze application behavior on multiple computers and also check it against a huge database of millions of legitimate apps and files. Using this data and heuristics, KSN makes a preliminary verdict about a suspected file.
- If file behavior looks malicious, KSN instantly adds it to the database of our Urgent Detection System (UDS), instantly available to all users. Otherwise we whitelist this file.
- If another user launches this dangerous file, Kaspersky Anti-Virus will check the file using a UDS cloud-based database and instantly block it.
- Our experts check files listed as malicious. They determine the threat level for each file and add descriptions to the antiviral database. It may take more time, up to several hours, but KSN –connected users are protected during this period because this file is already listed in the UDS database.
- Information about malicious and blocked files is updated in the database and it’s distributed to all end-users, including ones that aren’t connected to KSN.
Less than a minute after first threat detection, all KSN-connected computers are protected from it.
The main feature of this cloud-based antivirus solution is a two-way connection between you and the antivirus system. In a traditional setup, it takes a few hours to react to new malware –we need to know that a new threat has emerged. However, in the modern world, it’s too much time to wait. With KSN as the first system to encounter a new threat, it will report to the lab and provide the necessary data for analysis. Additionally, this technology not only detects new threats, but also finds its source (typically, it’s a malicious site) and blocks it as well.
There is another useful function of KSN – we call it ‘Wisdom of the Crowd.’ Thanks to information we gather, each file quickly gains its reputation and you can check in inside Kaspersky Lab products. So you may see if the file is popular and if other people trust it. It may help to decide if you want to launch this file or not. For example, such apps as Opera or Flash player are hugely popular. So if you have a file called “Flash update” and it has been downloaded only a few thousand times, not millions, you might quite confidently say that it’s a fake.