When using KATA and KEDR functionality, you can install Endpoint Sensors components to corporate LAN computers. When using KATA functionality, Endpoint Sensors components are not installed.
When this deployment scenario is used, the components required for use of KATA functionality are installed on two servers.
Sensor and Central Node components are installed on one same server. This server receives traffic, performs an initial analysis of traffic and a deeper analysis of extracted files. Based on the scan results, components detect signs of targeted attacks on the organization's IT infrastructure.
The Sandbox component is installed on the other server.
The scenario for program operation when deployed on two servers is presented in the figure below.
Program operating scenario when deployed on two servers
Page top