What are the core principles of Transparency Centers which Kaspersky is opening in various parts of the world and how they are aligned with company's mission?
You will find the answers to these questions in this brochure.
Building a safer world
Technology now connects us across platforms and borders
like never before. As the world has become more digitized and
globalized, we at Kaspersky have become a technology leader
with an advanced and comprehensive portfolio of security
solutions and services, including innovative products and tech-
nologies, cloud services and world-leading threat intelligence.
Our mission is to build a safer world, and it emphasizes our
commitment to a trusted and transparent future. We believe
in a tomorrow where technology improves all of our lives.
Which is why we secure it, so everyone everywhere benefits
from the endless opportunities it brings. In the modern
world, cybersecurity is about more than just protecting
devices, but about developing an ecosystem where
everything connected through technology is protected.
That’s why we have moved beyond the anti-virus laboratory
to provide cybersecurity technology that people can trust,
and our business focus has evolved towards the wider
concept of “cyber-immunity”.
Our mission is simple – building a safer world. And in fulfilling that mission we aim to become
the global leader in cybersecurity – by securing technology to make sure that the possibilities
it brings become opportunities for each and every one of us. Bring on endless possibilities.
Bring on a safer tomorrow.
Eugene Kaspersky, CEO
We are one of the world’s largest
companies that has been operating
in the market for over 22 years.
Our deep threat intelligence and security
expertise is constantly transforming
into innovative security solutions
and services to protect businesses,
critical infrastructure, governments
and consumers around the globe. The
company’s comprehensive security
portfolio includes leading endpoint
protection and a number of specialized
security solutions and services to fight
sophisticated and evolving digital threats.
We operate in
200 countries and
in 30 countries.
We pride ourselves
on developing world-
that keeps us, and
over 400 million users
across the globe, and
clients, protected by
Over 4,000 highly
work for Kaspersky.
Kaspersky routinely scores the
highest marks in independent ratings
• Measured alongside more than 100
other well-known vendors in the
• 73 first places in 88 tests in 2018
• Top 3 ranking* in 88% of all
• For the second time in a row, Kaspersky
was recognized as a Gartner Peer
Insights Customers’ Choice
for Endpoint Protection Platforms
We are totally transparent and will make it
even easier to understand what we do via
our Global Transparency Initiative:
• Independent review of the company’s
source code, software updates and
threat detection rules.
• Independent review of internal
processes to verify the integrity of our
solutions and processes.
• Relocation to Switzerland of data
storage and processing for customers
in Europe (with other countries
• The opening of three transparency
centers globally by 2020.
• Increased bug bounty rewards up to
$100,000 per discovered vulnerability
in Kaspersky products.
As a private company, we are independent
from short term business considerations
and institutional influence.
We share our expertise, knowledge
and technical findings with the world’s
security community, IT security vendors,
international organizations, and law
Our research team is spread across the
world and includes some of the most
renowned security experts in the world.
We detect and neutralize all forms of
Advanced Persistent Threats (APT),
regardless of their origin or purpose.
Our Global Research and Analysis Team
(GReAT) has been actively involved in
the discovery and disclosure of some
of the most prominent malware attacks
with links to governments and state
** Kaspersky has been named a September 2017 and
November 2018 Customers’ Choice for Endpoint
Protection Platforms. Gartner Peer Insights Customers’
Choice constitute the subjective opinions of individual
end-user reviews, ratings, and data applied against a
documented methodology; they neither represent the
views of, nor constitute an endorsement by, Gartner or its
In 2017, we launched the Global Trans-
parency Initiative aimed at engaging the
broader information security community
and other stakeholders in validating and
verifying the trustworthiness of Kasper-
sky products, internal processes, and
business operations. It also introduces
additional accountability mechanisms by
which the company can further demon-
strate that it addresses any security is-
sues promptly and thoroughly.
The following measures within the
initiative have already been undertaken:
1. We announced that we were adapting
our infrastructure to move a number
of core processes from Russia to
Switzerland. This includes customer
detection data storage and processing
for a number of regions. In November
2018, we started relocation of data
processing for European customers.
2. We opened Transparency Centers in
Zurich, Switzerland and in Madrid, Spain.
These are dedicated facilities to review
the company’s code, software updates,
threat detection rules and other
technical and business processes.
The Spanish center also serves as a
briefing center to learn more about
Kaspersky’s engineering and data
processing practices. In August 2019,
we announced the upcoming opening
of the third Transparency Center in
Malaysia, for the APAC region.
3. We extended our Bug Bounty Program
to include rewards of up to $100,000
for the discovery and coordinated
disclosure of severe vulnerabilities, to
supplement our vulnerability detection
and mitigation efforts. The company
also supports the Disclose.io frame-
work which provides Safe Harbor for
vulnerability researchers concerned
about possible negative legal conse-
quences of their discoveries.
4. We successfully completed the Service
Organization Control for Service Organ-
izations (SOC 2) Type 1 audit undertaken
by one of the Big Four accounting firms.
It confirmed that the development and
release of Kaspersky’s threat detection
rules databases (AV databases) are pro-
tected from unauthorized changes by
strong security controls.
Our Global Transparency Initiative
Trust and transparency are
becoming fundamental to the
success of tech companies.
We’re proud to be the trendsetter
in this transformation, and as
a technology company, we‘re
focused on ensuring the very
best IT infrastructure for the
security of our products and data.
Trust needs to be reestablished
in relationships among companies,
governments and people, and our
Global Transparency Initiative
is a significant step toward this.
Vice President for Public Affairs
For Europe, with the U.S., Canada,
Singapore, Australia, Japan and South
Korea, as well as other countries, to
For compiling software
before distribution to
A facility to review the company’s code, software
updates and threat detection rules opened for
trusted partners and government stakeholders.
In 2019 the company also opened a Transparency
Center in Madrid, Spain and announced the opening
of the third Transparency Center in Malaysia.
storage and processing
Long and famous history of neutrality
Robust approach to data protection legislation
and opens Transparency Centers
Kaspersky is determined to detect and
neutralize all forms of malicious programs,
regardless of their origin or purpose.
It does not matter which language the
threat “speaks”: Russian, Chinese, Spanish,
German, or English. The company’s
experts have published at least 17 reports
about APT attacks with Russian-language
included in the code.
Kaspersky’s principles of fighting cyberthreats
The following list of threats, as reported
by Kaspersky’s GReAT team, shows the
different languages used in each threat:
• Russian language: Moonlight Maze,
RedOctober, CloudAtlas, Miniduke,
CosmicDuke, Epic Turla, Penquin
Turla, Turla, Black Energy, Agent.BTZ,
Teamspy, Sofacy (aka Fancy Bear,
• English language: Regin, Equation,
Duqu 2.0, Lamberts, ProjectSauron
• Chinese language:
IceFog, SabPub, Nettraveler, Spring
Dragon, Blue Termite
• Spanish language: Careto/Mask,
• Korean language: Darkhotel, Kimsuky,
• French language: Animal Farm
• Arabic language: Desert Falcons,
Stonedrill and Shamoon
One of Kaspersky’s most important
assets in fighting cybercrime is the
GReAT, comprising top security
researchers from all over the world –
Europe, Russia, the Americas, Asia, and
the Middle East.
The great thing about the fast-
paced technological developments
is how they connect so many
people around the world. However,
as our connectivity grows,
so do the number of attacks.
Kaspersky security experts use
all their knowledge, experience
and intelligence to prevent threat
actors from taking advantage
of our constantly growing
connectivity and technological
progress around the world.
Costin Raiu, Head of GReAT
According to Kaspersky’s GReAT team, in 2018 the top targets for APTs were governments; and the most significant threat actor was Sofacy.
Advanced Persistent Threat Landscape in 2018
Top 10 targets: Top 10 targeted countries:
Top 10 significant threat actors:
What is the Kaspersky Security
Kaspersky Security Network
(KSN) is one of Kaspersky’s main
cloud systems that was created
to maximize the effectiveness
of discovering new and unknown
cyberthreats and thereby
ensure the quickest and most
effective protection for users.
KSN is an advanced cloud-based
system that automatically processes
cyberthreat-related data received
from millions of devices owned
by Kaspersky users across the world,
who have voluntarily opted to use this
system. This cloud-based approach
is now the industry standard, applied
by many global IT security vendors.
How do you anonymize
the data you process?
Kaspersky takes user privacy
extremely seriously. The company
implements the following measures to
anonymize obtained data:
• The information is used in the form
of aggregated statistics;
• Logins and passwords are filtered
out from transmitted URLs, even if
they are stored in the initial browser
request from the user;
• When we process possible threat
data, by default we do not use
the suspicious file. Instead we use
hash-sum, which is a one-way math
function that provides a unique file
• Where possible, we obscure IP
addresses and device information
from the data received;
• The data is stored on separated
servers with strict policies
regarding access rights, and all the
information transferred between
the user and the cloud is securely
Principles for the processing of user data
Respecting and protecting people’s
privacy is a fundamental principle of
Kaspersky’s approach to processing
users’ data. The data that is processed
is crucial for identifying new and as yet
unknown threats and offering better
protection products to users. Analyzing
big data from millions of devices to
strengthen protection capabilities is an
industry best practice that is applied by
IT security vendors around the world. It
is a must for securing users’ digital lives
Users of Kaspersky products can
always choose how much data they
provide, based on the product or
service used and the respective
agreements accepted. All data
processed and/or transferred is
robustly secured through encryption,
digital certificates, segregated storage,
strict data access policies and by other
Kaspersky’s role in the global IT security community
Kaspersky participates in joint operations and cyberthreat investigations with the global IT security community, international
organizations such as INTERPOL, law enforcement agencies and CERTs worldwide.
• We cooperate with INTERPOL in the
joint fight against cybercrime and
provide the organization with human
resources support, training, and
threat intelligence data on the latest
• We host the annual Kaspersky Security
Analyst Summit which brings together
the world’s foremost IT security experts.
• We are a part of the Securing Smart
Cities not-for-profit global initiative
that aims to solve the existing and
future cybersecurity problems of
• We are a member of the Industrial
Internet Consortium that helps
organizations more easily connect and
optimize assets and operations to drive
agility across all industrial sectors.
• We launched the No More Ransom
initiative in July 2016 jointly with the
Dutch National Police, Europol and Intel
Security. The non-commercial initiative
united public and private organizations
aims to inform people of the dangers
of ransomware, and helps them
to recover their data without having
to pay criminals.
• We have been at the forefront of
protecting victims of stalkerware –
a type of a commercial spyware
deemed to be legal, but which may
lead to domestic abuse as it can
be used to secretly monitor and
track a partner’s device activity.
The company is the first in the industry
to have updated its product with
a special Privacy Alert. Furthermore,
the company cooperates with
Electronic Frontier Foundation.
Are we a Russian company?
Officially, culturally and strategically
we are a global cybersecurity
company even though our
geographical roots are Russian. Our
holding company is registered in the
UK, we have over 4,000 employees
in more than 30 countries, our RD
and security experts are based on
four continents, and over 80% of
our revenue comes from outside of
Russia. This further demonstrates
that working inappropriately
with any government would be
detrimental to the company’s
bottom line, as we would then risk
the largest sector of our business.
As a private company, we have no
inappropriate ties to any government
but are proud to collaborate with the
authorities of many countries, as well
as international law enforcement
agencies, and commercial and public
entities in fighting cybercrime.
We work with local authorities in
the best interests of international
cybersecurity, providing technical
consultations or expert analysis of
malicious programs, in compliance with
court orders or during investigations –
all in accordance with industry
Cooperation with law
Legislation of the Russian
As a responsible company, Kaspersky
complies with the laws of all the countries
in which it operates and makes every effort
to ensure user data is safe. Kaspersky is not
subject to Russia’s System of Operative-
Investigative Measures (SORM) and other
similar laws, since the company doesn’t
provide communication services.
This was confirmed as a result of a voluntary
third-party legal assessment of Russian
legislation related to data-processing.
Conducted by prominent Russian and
international law expert, Dr. Kaj Hober,
Professor of International Investment and
Trade Law at Uppsala University in Sweden,
the analysis covers three Russian laws
related to data processing and storage. The
results are freely available online and provide
an unbiased and fair legal assessment.