Skip to main content

Kaspersky Threat Analysis

A comprehensive set of threat analysis tools to speed up investigation and make fully informed decisions


When faced with a potential cyberthreat, the decisions you make become critical. In addition to threat analysis technologies like sandboxing, Kaspersky Threat Analysis arms you with state-of-the-art attribution and similarity technologies - a multi-layered approach that delivers efficient threat analysis, so you can make fully informed decisions to defend against attacks even before they are launched. Multiple Threat Analysis tools combine to let you and your team analyze the situation from all angles, equipped with a complete picture of the threat landscape, and to respond swiftly and effectively.


An instrument of choice for the safe detonation, analysis and detection of advanced threats

Making an intelligent decision based on an object’s behavior while simultaneously analyzing the process memory, network activity, etc. is the optimal approach to understanding today’s sophisticated targeted and tailored threats. Kaspersky Research Sandbox is a powerful tool that allow the investigation of an object’s origins, the collection of IOCs based on behavioral analysis and the detection of malicious objects not previously seen. Kaspersky Research Sandbox available in two deployment models: cloud and on-premise.

  • Patented Technology

    Patented behavioral analysis technology with extended logging and in-depth reporting effectively exposes the malicious nature of a file

  • Anti-evasion Techniques

    Incorporates all the knowledge about malware behaviors acquired by Kaspersky, ensuring the sandboxing environment stays undetected

  • Custom OS Images

    Allows customization of guest OS images, tailoring them to your actual environment, which increases the accuracy of threat analysis results

  • Cloud and On-Prem

    Can be deployed in secure, air-gapped environments to guarantee the privacy of the analyzed data


An unrivalled malware analysis tool providing insights into the origin of malware and its possible authors

While conducting their operations, hackers normally follow set of TTPs. Cybersecurity experts are able to identify threat actors by studying these elements. Code samples obtained from each threat actor are thoroughly fingerprinted using unique methods, so the engine can identify the relations between any unknown file to some of known sample related to certain threat actor. Effective and efficient attribution involves a highly-skilled team of researchers with experience in forensics and investigation, backed by many years of accumulated data. The resulting database becomes a valuable resource, and this we share as a tool through Kaspersky Threat Attribution Engine. Kaspersky Threat Attribution Engine is available in two deployment models: cloud and on-premise.

  • Threat Attribution

    Quickly link a new attack to known Advanced Persistent Threat (APT) actors and malware they use, helping exposing high-risk threats among less serious incidents

  • Timely Response

    Enables effective investigation, containment and response based on knowledge of the tactics, techniques and procedures specific to the threat actor

  • Self-learning Engine

    Allows your security team to add private actors and objects to its database and ‘educate’ the product to detect samples that are similar to files in your private collection

  • Cloud and On-Prem

    Can be deployed in secure, air-gapped environments to guarantee the privacy of the analyzed data


Identify file samples with similar functions, to protect against unknown and evasive threats

To build an effective defense line, it’s not always necessary to know your enemy by sight. Kaspersky Similarity helps identify files that look and behave in similar ways. Highly effective in detecting samples that have been specially created to bypass traditional anti-malware technologies, and built around more than a quarter of a century of our experience, Kaspersky Similarity helps identify evolving cyberthreats, dramatically decreasing detection times.

  • Reveal Blind Zones

    Find unknown threats using cutting-edge technology based on unique similarity hashes invented by Kaspersky experts

  • Incident Response

    Compare suspicious files with similar malicious files to find evasive threats in your infrastructure

  • Threat Hunting

    Find potential malicious modifications of clean files, obtain shared IoCs (e.g. CnC) for similar malicious files

  • Malware Analysis

    Reinforce your security controls with protection from new threats, using characteristics and behavior of similar malicious objects

White Papers

Learn more, with thought leadership from our globally recognized cybersecurity experts

The power of threat attribution

Challenges and benefits of cyberthreat attribution

Evaluating threat intelligence sources

How to identify the most relevant threat intelligence sources

Facing up to complexity

How to deal with complex cyber-incidents caused by modern sophisticated threats

Need help to take the next step?

Leave us your contact information and Kaspersky experts will get in touch