跳到主体内容
TECHNOLOGY

Network Threat Protection

Protection from network attacks by analyzing inbound network traffic and responding to malicious network activity

Network Threat Protection (NTP) is a component of Kaspersky products that detects and blocks network-based attacks. Such attacks include exploits against network vulnerabilities in software applications, system services and even operating systems, as well as port scanning, flood attacks and password brute-force attempts. Attackers can use a variety of techniques that can be detected on the network layer:

  • known exploits against vulnerabilities in critical network services to perform intrusion attempts. One of the most famous examples is the EternalBlue exploit for the Windows operating system which uses a bug in the SMB protocol parser to corrupt kernel memory and execute remote code on the victim's machine;
  • different port scanning techniques to determine services that are running on the victim's machine, and retrieve useful information, such as a list of open directories, SMB shares, OS and service versions, etc.;
  • password brute-force techniques to determine login credentials for network services (RDP, FTP, SSH, etc.), to be used down the line for exfiltration of sensitive information;
  • flood attacks to prevent or slow down other users from accessing network services of the attacked host. The aim is to exhaust capabilities of the network services on the attacked host to serve large amounts of traffic, or connections to it.

These types of threats are successfully covered by NTP to protect endpoints from being compromised. This technology acts as a network packet filter and operates before actual traffic processing by services or software applications. Once it detects a malicious packet, it drops the network session and may also block network connections from the remote host. NTP is deeply integrated into other components and detection technologies, so the Threat Behavior Engine can grab detection information from the NTP component.

Related Products

Related Materials

WannaCry ransomware used in widespread attacks all over the world


Spring4Shell (CVE-2022-22965): details and mitigations

CVE-2021-44228 vulnerability in Apache Log4j library

Related Technologies

Exploit Prevention

Exploit Prevention (EP) protects against malware that takes advantage of software vulnerabilities.

Behavior-based Protection

Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.

Multi-layered Approach to Security

Multi-layered approach allows effective protection against different types of malware.