Endpoint Detection and Response (KATA)

Kaspersky Endpoint Security supports integration with the Kaspersky Endpoint Detection and Response component as part of the Kaspersky Anti Targeted Attack Platform solution. This solution is designed to promptly detect advanced threats, such as targeted attacks, advanced persistent threats, zero-day attacks, and others. For detailed information about how the solution works, please refer to the Kaspersky Anti Targeted Attack Platform Help.

When integration with Endpoint Detection and Response (KATA) is configured, the KATA server receives information about events that occur in the operation of Kaspersky Endpoint Security, threats discovered by the application, as well as information about processing these threats. To react to detected threats, Kaspersky Endpoint Security may then perform tasks started in the Kaspersky Anti Targeted Attack Platform web interface.

Endpoint Detection and Response (KATA) has the following additional requirements:

• Kaspersky Anti Targeted Attack Platform 4.1 or later.
• Kaspersky Security Center 13.2 or later.
• Integration with Endpoint Detection and Response (KATA) can be configured in the Kaspersky Security Center Administration Console (MMC), Web Console, or Cloud Console.

Integration with Kaspersky Endpoint Detection and Response (KATA)

To integrate with Kaspersky Endpoint Detection and Response (KATA), do the following:

1. Install the Endpoint Detection and Response component

   You can select the Endpoint Detection and Response component during installation of Kaspersky Endpoint Security.

2. Activate Endpoint Detection and Response

   If the Endpoint Detection and Response component is not supported by your current license, you need to activate Kaspersky Endpoint Detection and Response separately.

   You can check whether the Endpoint Detection and Response functionality is supported by the current license in the License window.

3. Connect to a KATA server

   Kaspersky Anti Targeted Attack Platform requires establishing a trusted connection between Kaspersky Endpoint Security and a KATA server. To configure a trusted connection, you need to use a TLS certificate. You can download a TLS certificate in the Kaspersky Anti Targeted Attack Platform web interface. For detailed information about downloading a certificate, please refer to the Kaspersky Anti Targeted Attack Platform Help.

   By default, Kaspersky Endpoint Security checks the TLS certificate of only the KATA server. To make the connection more secure, you can enable two-way verification. To enable two-way verification, you need to use a password-protected crypto-container. For detailed information about downloading a crypto-container, please refer to the Kaspersky Anti Targeted Attack Platform Help.

   Connect computers with Kaspersky Endpoint Security to a KATA server using the Administration Console

   1. Start the Administration Console.
   2. Maximize the Administration Server <Server name> node.
   3. In the console tree, click Managed devices.
   4. In the workspace, select the Policies tab.
   5. Right-click the policy you want to configure and choose Properties.
   6. In the Properties window, select Detection and Response > Endpoint Detection and Response (KATA).
   7. Select the Endpoint Detection and Response (KATA) checkbox.
   8. Click Server connection settings.
   9. In the Server connection settings window that opens, configure the following settings:
      • Click Add TLS certificate to select a TLS certificate that will be used to establish a trusted connection with a KATA server.
      • If you want to change the KATA server response timeout, specify the timeout in the Timeout (s) field. When the timeout runs out, Kaspersky Endpoint Security tries to connect to a different KATA server.
      • If you want to use two-way verification, select the Use two-way verification checkbox. Click Load crypto-container to select a crypto-container file and enter the password for the crypto-container in the Crypto-container password field.
   10. Click Save.
   11. To add a KATA server, click Add.
   12. In the KATA server window that opens, specify the server address and port and click Save.
   13. Click OK to save your changes.

   Connect computers with Kaspersky Endpoint Security to a KATA server using the Web Console

   1. In the main window of the Web Console, select Devices > Policies and profiles.
   2. Click the name of the Kaspersky Endpoint Security for Mac policy.
   3. The policy properties window opens.
   4. Select the Application settings tab.
   5. Select Detection and Response > Endpoint Detection and Response (KATA).
   6. Turn on the Endpoint Detection and Response (KATA) toggle switch.
   7. Click Server connection settings.
   8. In the Server connection settings dialog that opens, configure the following settings:
      • Click Add TLS certificate to select a TLS certificate that will be used to establish a trusted connection with a KATA server.
      • If you want to change the KATA server response timeout, specify the timeout in the Timeout (s) field. When the timeout runs out, Kaspersky Endpoint Security tries to connect to a different KATA server.
      • If you want to use two-way verification, select the Use two-way verification checkbox. Click Load crypto-container to select a crypto-container file and enter the password for the crypto-container in the Crypto-container password field.
   9. Click OK.
   10. To add a KATA server, click Add.
   11. In the dialog that opens, specify the server address and port and click OK.
   12. Save your changes.

   As a result, computers will appear in the Kaspersky Anti Targeted Attack Platform web interface.