Tag Archives: technology

What is an Auto-Woodpecker, and what does it have to do with AI?…

We live in the age of AI hype. Artificial intelligence is here, there, and everywhere – so promising, slightly mysterious, but undeniably guiding humanity toward a brighter future of technological singularity that’s still somewhat incomprehensible and potentially a black hole.

Some readers might detect sarcasm in this statement – but that would be a mistake. Machine-learning-driven automation (ML), neural networks, and other AI technologies have already taken over many industries. And there’s more to come in the evolution of Homo sapiens. If you’re interested in diving deeper into this topic, check out the history of the various industrial revolutions: first, second, third, and even fourth.

In line with this trend, cybersecurity was perhaps one of the pioneers in adopting new, smart technologies. And what makes me particularly proud of this process is that our company was one of the first in the industry to successfully implement this bright AI-driven future. How else could we possibly handle nearly half a million (!) new malicious programs emerging every single day as of early 2025? No educational system in the world can produce enough experts to keep up with that. The only solution is to create intelligent systems capable of independently and highly accurately neutralizing cyberattacks. Experts are then left with only the most complex cases – and, of course, the challenging task of inventing and continuously improving these systems.

A few days ago, we celebrated a cool anniversary. Twenty years ago was born the prototype of our first AI/ML technology for automatic malware analysis and the creation of “detections” – antivirus updates that protect computers, gadgets, and other devices from new attacks.

The technology was given a name that’s rather odd at first glance – Avtodyatel, which translates as Auto-Woodpecker! But there’s a simple explanation for it: within our team, security analysts were affectionately referred to as woodpeckers – tirelessly pecking away at viruses and processing streams of suspicious files. And then we added the “Auto” to “Woodpecker” for the name of the tech designed to do this job automatically (incidentally, I was a woodpecker myself back then).

Read on…

I’m a bit tired by now of all the AI news, but I guess I’ll have to put up with it a bit longer, for it’s sure to continue to be talked about non-stop for at least another year or two. Not that AI will then stop developing, of course; it’s just that journalists, bloggers, TikTokers, Tweeters and other talking heads out there will eventually tire of the topic. But for now their zeal is fueled not only by the tech giants, but governments as well: the UK’s planning on introducing three-way AI regulation; China’s put draft AI legislation up for a public debate; the U.S. is calling for “algorithmic accountability“; the EU is discussing but not yet passing draft laws on AI, and so on and so forth. Lots of plans for the future, but, to date, the creation and use of AI systems haven’t been limited in any way whatsoever; however, it looks like that’s going to change soon.

Plainly a debatable matter is, of course, the following: do we need government regulation of AI at all? If we do — why, and what should it look like?

Read on…

There’s no stopping – not even a slowing down of – the passing of time, no matter how much we might want it. So we don’t waste… time, energy and nerves on fighting the inevitable. But what do we do instead? Well, I reckon that if you pump the time you have on the planet with meaningful and useful goals, events, achievements, excitement, and assorted other positive, busy “content” (though I do so dislike that term:), then said time we have will leave two-dimensional linearity and inevitability and blossom into a multi-dimensional world of energy and vigor to give life meaning. Yep – you know me: always positive – no matter what )…

Routine screws up memories, while the passing of time steadily nullifies the memory cells that store those memories. Life imperceptibly turns into an expressionless mass of vague sensations, and after renewing your passport two or three times – there can be emptiness. Note – “can” be. But life is what you make it: you can instead live as “correctly” as possible. And for me, included in my list of living maximally “correct” come my annual reviews! To stop, duck out of the routine, think, remember, write, think again, and be amazed. And out of the fog of the passing year an outline of experiences, events and achievements becomes distinguishable. Then, emboldened by pride, I find myself fully ready for new endeavors in the New Year.

In the oh-so tricky year of 2022, the chances of losing oneself all the more in the fog were through the roof: geopolitics gets in the way of all that’s good. But at the same time this makes summarizing the results of last year all the more a correct and necessary endeavor. So this time I’ve split up my reviews to make sure we don’t miss vital detail: I’ve already shared my mostly-personal annual review, and also my patent review.

What remains is the concluding third part – which is what I’ll be giving you today in this here post: about our product-and-tech achievements – our “bread and butter” that makes up our whole raison d’être: protecting the world from cyber-evil. And there were plenty such achievements – a lot more than might be expected given the difficult circumstances throughout the year… All righty – enough “intro”; let’s get to it (after all, it’s February already, like – tomorrow!!)…

// Btw – that’s the cover of our Midori Kuma 2023 calendar – simply to brighten up this here text ). As per, it can be downloaded – here.

Ok – sit  down. Better – fasten your seatbelt too! For this number is a shocker – in the good sense: last year we launched more than 750 releases! No, no typo there folks. Really: seven hundred fifty releases! By that I mean new products, updates, patches, and assorted other localizations/customizations. // And some folks still think we just do antivirus?!!

Out of that huge bulk, here are a few I want to highlight…

Read on…

I’ve been saying it often – for years: antivirus is dead.

Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days in all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former:) field, then the statement quickly becomes quite logical: first, “antivirus” has turned into protective solutions “against everything”; second, viruses – as a particular species of malicious program – have died out. Almost. And it’s that seemingly harmless, negligible almost that causes problems for cybersecurity still to this day – at the back end of the year 2022! And that almost is the basis of this here blogpost today…

So. Viruses. Those Red-Listed last remaining few – where are they these days, and what are they up to?…

It turns out they tend to reside in… one of the most conservative sub-fields of industrial automation: that of operational technology (that’s OT – not to be confused with IT). OT is “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes and events” (– Wikipedia). Basically, OT relates to an industrial control systems (ICS) environment – sometimes referred to as “IT in the non-carpeted areas”. OT = specialized control systems in factories, power plants, transportation systems, the utilities sector, and the extraction, processing and other heavy industries. Yes – infrastructure; yes – often critical infrastructure. And yes again – it’s in this industrial/critical infrastructure where “dead” computer viruses are found today alive and kicking: around 3% of cyber incidents involving OT-computers these days are caused by this type of malware.

How so?

Read on…

Greetings boys and girls!

Suddenly – we’ve another jubillee. Hurray!…

Our cyber-immune operating system – KasperskyOS – is today… wait. No, that’s not quite correct…

Exactly 20 years ago – on November 11, 2002 – we began a long, hugely significant journey; a journey we’re in fact still on. A large, grandiose project that will change (and is already changing!) so much in the global cybersecurity domain. And that’s not hyperbole folks – it’s for real. And to get the full (hi)story of our cyber-immune OS, we need to go back to its humble beginnings in the early 2000s…

But before I go back 20 years, let me say a few words about today – November 11, 2022. Everyone today (besides the cave-dweller) understands perfectly well the critical importance of cybersecurity. Trillions of dollars are spent today on treating the symptoms of cyber-disease, but hardly any on dealing with its root causes. And the only way to break the cycle of constant Band-Aiding those symptoms is an overhaul of the architecture of computer systems, no less. Agree? Yes? Good, and thank you!…

The first time I’d gotten an inkling about this was even earlier than 20 years ago – in the fall of… 1989! For it was then when my PC became infected with the Cascade virus, which got me all curious and prompted me to start developing protection against it and all other cyber-contagion.

Thus, curiosity killed the cat was the start of everything for us. It was why our –V anti-virus first appeared, later why Kaspersky Lab was founded, and later still why we expanded right around the globe.

Fast-forward a full 12 years after Cascade, and my understanding of the imperfection of existing operating systems and the urgent need to do something about it finally, let’s say, crystalized, and came to the surface on a practical level (apologies for this perhaps seemingly over-detailed history tree, but it is, after all, our heritage:)…

Read on…

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity…

Cybersecurity: it’s not a one-dimensional object like, say, a boat. There are different sized boats, different types of boats, but a boat is mostly always a boat. But in infosec, a modern system of enterprise cybersecurity does a great many technically complex things, and the question arises: how can it all be labeled simply and catchily (if that’s at all possible) so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often it’s difficult explaining such differences in a long paragraph – let alone in the name of a product or service. Like I say: tricky.

Maybe that’s why Kaspersky is still associated by some with “antivirus software”. But actually, detecting and neutralizing malware based on an antivirus database is today just one of our security technologies: over a quarter century we’ve added to it a great many others. The word antivirus today is more of a metaphor: it’s known, understood, and thus is a handy (if not too accurate or up-to-date) label.

But what are we supposed to do if we need to tell folks about complex, multifunctional protection for enterprise IT infrastructure? This is when strange sets of words appear. Then there are all the abbreviations that come with them, whose original idea was simplification (of those strange sets of words) but which often just add to the confusion! And with every year the number of terms and abbreviations grows, and memorizing them all becomes increasingly… tricky! So today, let me take you on a brief excursion of all this gobbledygook  some of these complex but necessary names, terms, descriptions and abbreviations – so that, hopefully, we achieve the thing the abbreviations themselves struggle with: bringing clarity.

Read on…

When the past is studied carefully, a detailed and precise picture of the present can be formed; then, the expert’s analytical mind (better – lots of experts’ analytical minds) can warn about – even predict – the foreseeable future. This is precisely how we here at K can often guess predict accurately how the upcoming evolution of digital maliciousness will pan out. It’s also how we keep abreast of the latest cyberattack trends, which allows us to timely develop the corresponding technologies needed in the fight against the cyber-unpleasantnesses around the corner. There’ve been times when we were mistaken in this expertise-based cyber-prophecy of ours: some types of cyber-awfulness is pretty hard to predict at all – but those instances have always been the exception to the rule; more often than not we’ve been bang on the money.

So how do we manage it? Is it just bearded geeky super-brainy types who do all this analysis and cyber-prophesizing? Actually – no. A lot of it is automated. And that’s to be applauded: a human – no matter how brainy – can’t compete with today’s computing power and algorithms and robots and AI machine-learning. The brainy human is still needed, of course; but why do all the heavy-lifting alone?

It’s the heavy-lifting that I’ll be telling you about today in this post. Technological, science-based heavy-lifting that allows us to predict the future (no mystical fortune-telling à la Baba Vanga:).

Let me start off by telling you about the evolution of our Threat Intelligence Platform (TIP).

I’ll break it down just like in the title: how we analyze the past, test the present, and then we crystal ball predict the future…

Read on…

Ten years is a long time in cybersecurity. If we could have seen a decade into the future in 2011 just how far cybersecurity technologies have come on by 2022 – I’m sure no one would have believed it. Including me! Paradigms, theories, practices, products (anti-virus – what’s that?:) – everything’s been transformed and progressed beyond recognition.

At the same time, no matter how far we’ve progressed – and despite the hollow promises of artificial intelligence miracles and assorted other quasi-cybersecurity hype – today we’re still faced with the same, classic problems we had 10 years ago in industrial cybersecurity:

How to protect data from non-friendly eyes and having unsanctioned changes made to it, all the while preserving the continuity of business processes?

Indeed, protecting confidentiality, integrity and accessibility still make up the daily toil of most all cybersecurity professionals.

No matter where it goes, ‘digital’ always takes with it the same few fundamental problems. ANd ‘go’ digital will – always – because the advantages of digitalization are so obvious. Even such seemingly conservative fields like industrial machine building, oil refining, transportation or energy have been heavily digitalized for years already. All well and good, but is it all secure?

With digital, the effectiveness of business grows in leaps and bounds. On the other hand, all that is digital can be – and is – hacked, and there are a great many examples of this in the industrial field. There’s a great temptation to fully embrace all things digital – to reap all its benefits; however, it needs to be done in a way that isn’t agonizingly painful (read – with business processes getting interrupted). And this is where our new(ish) special painkiller can help – our KISG 100 (Kaspersky IoT Secure Gateway).

This tiny box (RRP – a little over €1000) is installed between industrial equipment (further – ‘machinery’) and the server that receives various signals from this equipment. The data in these signals varies – on productivity, system failures, resource usage, levels of vibration, measurements of CO₂/NO_x emissions, and a whole load of others – and it’s all needed to get the overall picture of the production process and to be able to then take well-informed, reasoned business decisions.

As you can see, the box is small, but it sure is powerful too. One crucial functionality is that it only allows ‘permitted’ data to be transferred. It also allows data transmission strictly in just one direction. Thus, KISG 100 can intercept a whole hodge-podge of attacks: man-in-the-middle, man-in-the-cloud, DDoS attacks, and many more of the internet-based threats that just keep on coming at us in these ‘roaring’ digital times.

Read on…

Being a developer of cybersecurity: it’s a tough job, but someone’s got to do it (well!).

Our products seek and destroy malware, block hacker attacks, do update management, shut down obtrusive ad banners, protect privacy, and a TONS more… and it all happens in the background (so as not to bother you) and at a furious pace. For example, KIS can check thousands of objects either on your computer or smartphone in just one second, while your device’s resource usage is near zero: we’ve even set the speedrunning world record playing the latest Doom with KIS working away in the background!

Keeping things running so effectively and at such a furious pace has, and still does require the work of hundreds of developers, and has seen thousands of human-years invested in R&D. Just a millisecond of delay here or there lowers the overall performance of a computer in the end. But at the same time we need to be as thorough as possible so as not to let a single cyber-germ get through ).

Recently I wrote a post showing how we beat demolished all competition (10 other popular cybersecurity products) in testing for protection against ransomware – today the most dangerous cyber-evil of all. So how do we get top marks on quality of protection and speed? Simple: by having the best technologies, plus the most no-compromise detection stance, multiplied by optimization ).

But, particularly against ransomware, we’ve gone one further: we’ve patented new technology for finding unknown ransomware with the use of smart machine-learning models. Oh yes.

The best protection from cyberattacks is multi-level protection. And not simply using different protective tools from different developers, but also at different stages of malware’s activity: penetration, deployment, interaction with the command center, and launch of the malicious payload (and this is how we detect the tiniest of hardly-noticeable anomalies in the system, analysis of which leads to the discovery of fundamentally new cyberattacks).

Now, in the fight against ransomware, protective products traditionally underestimate final stage – the stage of the actual encryption of data. ‘But, isn’t it a bit late for a Band-Aid?’, you may logically enquire ). Well, as the testing has shown (see the above link) – it is a bit too late for those products that cannot roll back malware activity; not for products that can and do. But you only get such functionality on our and one other (yellow!) product. Detecting attempts at encryption is the last chance to grab malware red-handed, zap it, and return the system to its original state!

Ok, but how can you tell – quickly, since time is of course of the essence – when encryption is taking place?

Read on…

Phew. Thank goodness it’s over. The ghastliest year known to most of us ever – finally done, dusted, finito, fertig. Let’s just hope, as many folks are repeating: ‘2021 will be better; it can’t be worse, surely?!’

For a good 10 months of last year practically the whole world was in a permanent state of shock. And I don’t just mean the world’s population; private business and national economies were also hit incredibly hard. Alas, one field that hasn’t been affected badly at all – in fact it has only benefitted from the pandemic, greatly – is cybercrime. Folks locked down and working from home and spending much more time online meant there were many more potential cybercrime victims ripe for the hacking. And not just individual users, but also companies: with employees working from home, many corporate networks came under attack as they weren’t sufficiently protected since, in the rush to get everyone working remotely quickly in the spring, security wasn’t given priority. In short, the whole world’s digital status quo was also badly shaken up by this vicious virus from hell.

As a result of the rise in cybercrime – in particular that targeting vulnerable corporate networks – the cybersecurity sector has been busier than ever. Yes – that includes us! 2020 for us as a Kompany turned out to be most productive. For example, the number of new versions of our solutions launched throughout the year was most impressive – especially in the enterprise sector.

We’ve also had new versions in our industrial cybersecurity solutions line up, one of which is what I want to talk about today – some teKh known as MLAD. Not to be confused with online funny-video sites, or MLAD that’s short for Minimum Local Analgesic Dose, or MLAD that’s short for Mid Left Anterior Descending artery, our MLAD is short for Machine Learning for Anomaly Detection.

If you’re a regular reader of our blogs, you may recall something about this tech of ours. Maybe not. Anyway – here’s a refresher/into, just in case…

Our MLAD is a system that uses machine learning to analyze telemetry data from industrial installations to pinpoint anomalies, attacks or breakdowns.

Let’s say you have a factory with thousands of sensors installed throughout – some measuring pressure, some temperature, others – whatever else. Each sensor generates a constant flow of information. An employee keeping track of all those flows is fairly impossible, but for machine learning – it’s a walk in the park. Having preliminarily trained up a neuro network, MLAD can, based on direct or indirect correlations, detect that something’s wrong in a certain section of the factory. In doing so, million or multimillion-dollar damages caused by potential incidents not nipped in the bud can be avoided.

Ok – that’s the overall idea of what MLAD does. Let me now try and relate the granular scale of the analysis MLAD accomplishes using a medical metaphor…
Read on: MLAD