Skip to main content

Kaspersky Threat Attribution Engine

An unrivaled malware analysis tool providing insights into the origin of malware and its possible authors

Prior knowledge as a strategic advantage

While conducting their operations, hackers normally follow a set of tactics, techniques and procedures. Cyber security experts are able to identify threat actors by studying these elements. Effective and efficient attribution always involves a highly-skilled team of researchers with experience in forensics and investigation, and is based on many years’ worth of accumulated data. This kind of database become a valuable resource that can be shared as a tool.
Threat Attribution
Quickly links a new attack to known Advanced Persistent Threat (APT) malware, helping to see the high-risk threat among less serious incidents and take timely protective measures.
Timely Response
Enables effective investigation, containment and response based on knowledge of the tactics, techniques and procedures specific to the threat actor.
Self-learning Engine
Allows security teams to add private actors and objects to its database and ‘educate’ the product to detect samples that are similar to files in their private collections.
Privacy and Compliance
Can be deployed in secure, air-gapped environments to protect your systems and data as well as meet any compliance requirements.
Suitable For

The use

  • Identify the threat actor behind an attack

    The Kaspersky Threat Attribution Engine incorporates a database of APT malware samples and clean files gathered by Kaspersky experts over 22 years. We track 600+ APT actors and campaigns with 120+ APT Intelligence Reports released every year. Ongoing research ensures the relevance of our APT collection that currently contains 60K+ files. Our unique proprietary method of comparing samples and searching for similarities ensures a high attribution rate and brings down false positives almost to zero.

  • Understand whether you’re a target – or a secondary victim

    The average time from detection to response of highly sophisticated threats is usually too long, due to complex investigation and reverse engineering processes. In today’s digital era, organizations are obliged to instantly investigate and prioritize all alerts, and accelerate the time to response. Correct and timely attribution helps to shorten incident response times and also reduces the number of false positives, helping to prioritize incidents based on their risk level.

  • Set up proper containment and response procedures

    The Kaspersky Threat Attribution Engine can be complemented with a subscription to Kaspersky’s APT Intelligence Reporting, which provides detailed information about related APT actors. As a subscriber to these unique reports, you receive ongoing access to our APT investigations and discoveries, including all those threats that will never be made public. Using this information, you can block advanced attacks via known vectors, minimize any potential damage and enhance your overall cybersecurity strategy.

Related to this Product