Kaspersky SafeStream II

Main articles:

• Antiviruses
• Firewall

Kaspersky SafeStream II is technology of stream scanning at the level of a network gateway.

2020: Integration into ESR routers from Eltex

Eltex on November 5, 2020 presented the solution, joint with Kaspersky Lab: IPS on ESR routers using Kaspersky SafeStream II technology. The technology is used for stream scanning of traffic at the level of a network gateway for the purpose of detection of the most dangerous and widespread threats. Kaspersky SafeStream II provides rather effective neutralization of threats in combination with high performance. The solution is intended for protection of networks of corporate customers, and for health facilities and educational institutions special conditions are provided.

Integration with infrastructure of security of Kaspersky (including with cloud "collective intelligence" Kaspersky Security Network) and use of Kaspersky SafeStream II technology allows to routers ESR to detect harmful SOFTWARE in all types of traffic:

• Web;
• Email;
• P2P;
• Services of instant messaging, etc.

Protection of users against the most dangerous cyberthreats, including threats of zero day, programs encoders, the infected websites and other types is as a result provided.

Flexible configuration of a system allows to pick up in the best way the scheme of work of IPS under needs of the customer. For example, it is possible to limit number of the used rules for optimization of system performance. Available rule sets:

• Data on reputation of the IP addresses — a set of the IP addresses with the context information announcing suspicious and harmful nodes;
• The URL addresses of malicious URLs — a set of the URL addresses corresponding to dangerous links and websites;
• The URL addresses of phishing links — a set of the URL addresses distinguished by Kaspersko-o Laboratory as phishing. Records with masks and without masks are available;
• The URL addresses of command servers of botnets — a set of the URL addresses of command servers of botnets and related harmful objects
• The URL addresses of encoders — a set of the URL addresses of encoders;
• Hashes of harmful objects — a set of file hashes covering the most dangerous and widespread and also latest malware;
• Hashes of harmful objects for mobile devices — a set of file hashes for detection of the harmful objects infecting mobile devices;
• Data on Trojans of P-SMS — a set of hashes of Trojans with the context information for detection of SMS Trojan who make cell phone calls on paid numbers and also allow the malefactor to intercept Sms, to answer them and to delete them;
• The URL addresses of command servers of botnets for mobile devices — a set of the URL addresses with the context information for identification of command servers of the botnets using mobile devices;
• The URL addresses of websites of the malware used for placement infecting Internet of Things (IoT) devices.

2015: Approaches to detection of the malware and Kaspersky SafeStream II property

The product Kaspersky SafeStream II is focused on detection of the most dangerous and widespread threats in real time. The technology provides rather effective neutralization of threats in combination with maximum capacity.

By means of use of infrastructure of security of Kaspersky Lab, including cloud "collective intelligence" and Kaspersky Security Network, Kaspersky SafeStream II it is capable to detect the malware in all types of traffic (web, email, P2P, services of instant messages, etc.). Protection of users against dangerous cyber-threats, including, threats of "zero day", server malwares, the infected websites and other types is provided to these.

Kaspersky SafeStream II suits, as for devices of initial level, and high-performance gateways, on protection of critical nodes of networks. Its technology does not depend on program and hardware architecture of solutions in any way and can successfully be integrated into proprietary (not x86/Linux) platforms.

In Kaspersky SafeStream II approaches to detection of the malware are used:

• Search in URL — URL in the entering / outbound traffic are compared to bases of the known harmful/phishing sites that provides reliable protection against network threats, server viruses polymorphs and the command and control centers (C&C) of botnets.
• Detection of objects — scanning of a data stream and detection of harmful objects (viruses, Trojans, worms, harmful scripts, mobile and other threats).
• Detection of signatures — identification of different types of threats by comparison with base of signatures, especially effective for detection of weak polymorphs (the malwares consisting of static and a variable of parts) and also families of the malware.

Kaspersky SafeStream II provides multilevel approach to security where each level supplements all others therefore total effective protection for any environment is provided. The solution also includes a set of continuously updated data streams about threats. As preventive measures you can also configure the customized information flows of data.

SafeStream II properties

• The effective security of network perimeter at the level of the gateway providing protection against the most dangerous families of malware and virus epidemics
• Permanent capacity irrespective of file size thanks to our unique technology of stream scanning.
• High performance in combination with hardware accelerators of scanning
• Security technology for all types of gateways and UTM solutions: from easy devices for the SMB/SOHO markets to the high-performance systems for corporate customers and providers of services
• Effective protection of web browsers and network services
• Easy integration to any platforms — SafeStream II is regardless of program and hardware architecture