About integration with Kaspersky Anti Targeted Attack Platform

Kaspersky Anti Targeted Attack Platform is a solution for protection of an organization's IT infrastructure and early detection of threats such as zero-day attacks, targeted attacks, and advanced persistent threats (hereinafter also referred to as APT). The application is intended for corporate users.

Kaspersky Anti Targeted Attack Platform includes two functional parts:

• Kaspersky Anti Targeted Attack (hereinafter also referred to as KATA) – protects the enterprise's IT infrastructure perimeter.
• Kaspersky Endpoint Detection and Response (hereinafter also KEDR) – protects computers in the organization local network.

Kaspersky Endpoint Detection and Response includes the following components:

• Central Node.
• Kaspersky Endpoint Agent.

The components interact according to the following principle:

Kaspersky Endpoint Agent is installed on individual computers running Windows that are included in the organization's IT infrastructure. The application constantly monitors processes, open network connections, and files being modified. Data about events on the computer is sent to the server with the Central Node component.

When integrating the Central Node server with Kaspersky Endpoint Agent, you can take the following measures to respond to detected threats:

• Work with files and applications by executing tasks on the devices with Kaspersky Endpoint Agent installed.
• Configure policies to prevent files and processes from running on the selected devices with Kaspersky Endpoint Agent installed.
• Isolate from the network individual devices with Kaspersky Endpoint Agent installed.
• Work with TAA (IOA) rules for event classification and analysis.
• Work with OpenIOC files (files of the open standard for describing indicators of compromise, IOC files) to search for signs of targeted attacks and infected (orpossibly infected) objects on the devices with Kaspersky Endpoint Agent using the detection database.
• Work with YARA rules files of the open YARA standard to search for signatures of malicious activity on devices with Kaspersky Endpoint Agent installed.
• Work with OVAL files (Open Vulnerability and Assessment Language) to search for vulnerabilities on the devices and to assess the compliance of enterprise systems with the security standards.

You can configure integration between Kaspersky Endpoint Agent and KATA Central Node in Kaspersky Security Center Administration Console, in Kaspersky Security Center Web Console or using the command line interface locally on the device.

For complete information about Kaspersky Anti Targeted Attack Platform, as well as for information on configuring Kaspersky Endpoint Agent's integration from KATA's side, refer to the Kaspersky Anti Targeted Attack Platform Help.