Kaspersky Online File Reputation
Kaspersky Online File Reputation is an online service designed to provide the reputation of any file known to Kaspersky – good or bad – in the form of a hash that can be effectively used for allowlisting, detection, analysis and response.
The service’s cloud architecture eliminates the necessity of managing an on-premise client (including AV bases or security feeds distribution) that delays the delivery of new records and has a large client footprint. Moreover, online service provides unlimited data storage as it is hosted in the cloud, making its coverage bigger that any on-premise solution. The online service offers instant detection of malware and zero-day threats powered by vast Kaspersky intelligence, the biggest allowlisting database and the best-in-the-industry expertise on legitimate software, as well as the partnership with more than 500 large and globally renowned software developers and distributors. Ultimate ease of integration with any application is ensured by utilizing open REST API.
See also:
- Kaspersky Allowlist Program. The Allowlist program lets you add legal software to the Kaspersky Allowlist database.
- Kaspersky Threat Intelligence Portal. This service provides up-to-date information on software known to Kaspersky, including software submitted as part of the Allowlist Program.
Usage Scenarios
Thanks to its versatility, Kaspersky Online File Reputation is perfect for use in the following scenarios:
- Build Application Control System and perform software categorization
- Implement both Default Allow and Default Deny scenarios
- Create additional filtering level
- Gather security intelligence
- Respond to incidents
- Scan files for malware
- Perform file analysis and classification
Service Features
The file reputation service has the following features:
- Overall number of records: more than 7.9 billion
- Trusted: 4.2 billion
- Malicious: 682 million
- Other: 3.0 billion
- New records added daily: 7 million
- Performance: 200,000 requests per hour
- Hashes: MD5, SHA256, SHA1
Superior Coverage
A dedicated Dynamic Allowlist database lists the programs that have already been checked and are guaranteed to be legitimate and safe. Kaspersky Allowlist database covers 98%+ of popular legitimate software.
Application Metadata
All-around information about the application files is gathered by Kaspersky Security Network: Verdict, Software Category, Product name, Application signature, File popularity, etc.
AWS S3 and Lambda Support
Kaspersky Online File Reputation supports the provision of objects' reputation in S3 buckets by using AWS Lambda service.
Machine Learning
Based on the files’ metadata as well as expansive knowledge databases – both our own and external – Kaspersky ’s machine learning-based expert systems are able to generate qualified verdicts about the objects in question at a moment’s notice. Moreover, any objects that was previously identified as a threat by any of Kaspersky ’s solutions is immediately blocked without the need for any further analysis.
Machine learning is further augmented by human analysis. Our world-leading anti-malware experts and analysts provide the much-needed human input, directing and helping the software algorithms as needed to help identify threats more reliably, reduce false positives to near-zero, and ultimately achieve a true HuMachine™ Intelligence.
Data Feed
Kaspersky Online File Reputation can also be delivered as a Data Feed. Some quick facts:
- Hashes: MD5, SHA1, SHA256
- TOP from 100K to 5M for Windows and Android
- Available data: Zone, Software Category
- Data feed size for 100K records: ~4MB
Data feeds are created several times per hour and are stored within Kaspersky infrastructure for 30 days.
Certificate-based Detection
Kaspersky Online File Reputation is able to detect electronically signed files based on the certificate thumbprint, even if the file itself is unknown to us. This is of great help in cases when users receive unknown signed files (for example, installers of Google Chrome or Dropbox belong to this category as well as files automatically generated by Microsoft Windows on every machine).
Every time any such installer is downloaded from the website, it has a unique hash, making regular hash-based detection impossible. However, all of them are signed by the developer – e.g., Google. Kaspersky Online File Reputation service acquires the installer’s signature thumbprint along with the hash of its body. To solve this problem, Kaspersky provides a feature of Kaspersky Online File Reputation service that determines a file’s reputation based on the reputation of its vendor. If the software vendor is trustworthy and their digital signature is valid, the file is also regarded as trusted – even though this is the first time anyone has seen it.
By merging our in-depth knowledge of certificates and malware, we have become able to create a unique service with excellent detection rate.
Contact Us
Kaspersky Online File Reputation free trial is available. Please click Contact Us below and indicate that you would like to try Kaspersky Online File Reputation, and our representative will get in touch with you shortly.