Kaspersky Anti Targeted Attack Platform 3.6.1. now has the following new features:
Critical vulnerabilities of the program fixed.
Operating system in the Sandbox component upgraded to CentOS 7.
Support for integration with Kaspersky Private Security Network for Astra Linux added.
Kaspersky Anti Targeted Attack Platform version RELEASE NOTES
Program run-time errors fixed:
Mechanism of fault tolerance of Central Node servers improved.
Errors in the monitoring program operation fixed.
Ability to install the program update packages through the web interface added.
Ability to save information on Sandbox component alerts to a local reputation database of KPSN in order to minimize the number of false alarms added.
Kaspersky Anti Targeted Attack Platform 3.6 now has the following new features:
Multitenancy mode was implemented, enabling installation of Kaspersky Anti Targeted Attack Platform in distributed solution mode and its use to protect the infrastructure of multiple organizations. One or more Central Node servers can be used for the same organization. Each organization can manage the program independently from other organizations. The provider can manage data of several organizations.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a master control server (Primary Central Node (PCN)) and slave servers (Secondary Central Nodes (SCN)).
Targeted Attack Analyzer technology was improved: classification and automatic analysis of events and alerts added to check if they match indicators of attack (hereinafter also referred to as IOA) and the MITRE ATT&CK matrix. The IOA rule database is created by experts at Kaspersky Lab and is continuously updated. New events that triggered IOA rules are market in the program interface. IOA rules contain descriptions of signs of attacks, examples and recommended countermeasures, links to the information on each sign of attacks in the MITRE ATT&CK knowledge base.
Added classification of alerts by the Sandbox component in accordance with the MITRE ATT&CK matrix. The Sandbox component matches detected suspicious activities with attack phases, hacker techniques and methods in the MITRE ATT&CK matrix.
Added the ability to create a custom database of indicators of attack (IOA) for classifying and analyzing events.
Added a program deployment scenario which lets multiple Central Node servers connect to the same Sandbox servers.
Added case sensitivity support for finding, editing, and deleting files, folders, and other objects in accordance with the standards of the NTFS file system.
Implemented a new method for analyzing APK files of the Androidâ„¢ operating system using a state-of-the-art cloud technology based on machine learning.
Added monitoring of new registry keys — analyzing information on registry branches from the sections of HKEY_USERS/HKEY_CURRENT_USER.
Expanded capabilities for cracking passwords of Microsoft Office documents and email messages. Implemented the ability to crack passwords of email attachments of the following formats: ArchiveRAR (RAR v5) and Archive7z (7z). Also added the ability to crack passwords of documents in PDF, Word, Excel®, and PowerPoint® formats. Passwords are looked up in an existing password database or derived from data in the email message body.
Added sending of new Windows event types (Windows events logging) with the following IDs:
EventId 4776 – the computer attempted to verify user account data.
EventId 4648 – attempt to log in with credentials.
EventId 4768 – authentication ticket of the Kerberos service (TGT) was requested.
EventId 4769 – Kerberos service ticket was requested.
The update enables detection of the following attacks that use these Windows events:
Pass-the-hash (4776, 4624).
Keberoast (4769).
Mimikatz (4624, 4648, 4768).
Added support of API for sending information about Kaspersky Anti Targeted Attack Platform alerts to third-party solutions on request of the third-party solutions. The transmitted alert information can also contain additional information, for example triggered technologies, object types, alert importance.
Optimized the performance of the program. Central Node and Sandbox servers now have 30% lower hardware requirements.