The component can be deployed on one server or as a fault-tolerant cluster that consists of 2 roles: storage servers and processing servers.
Fault tolerance is achieved through duplication of data between the storage servers and the redundancy of computing resources: if one server fails, its functions are performed by another server with the same role. Meanwhile, the Kaspersky Anti Targeted Attack Platform continues to work.
The following program modules, kernels and technologies run on each server or cluster with the Central Node component:
Anti-Malware Engine (hereinafter also referred to as AM or AM Engine). Scans files and objects for viruses and other threats to the corporate IT infrastructure using anti-virus databases.
Mobile Attack Analyzer (also referred to as MAA). Scans executable files in the APK format in the cloud infrastructure using a machine learning technology. As a result of the scan, Kaspersky Anti Targeted Attack Platform receives information about detected threats or absence of threats.
YARA. Scans files and objects for signs of targeted attacks on the corporate IT infrastructure using YARA Rules databases created by users of Kaspersky Anti Targeted Attack Platform.
Targeted Attack Analyzer (hereinafter also referred to as TAA or TA Analyzer). Analyzes and monitors network activity of software installed on computers of the corporate LAN using TAA (IOA) rules. Searches for signs of network activity that the user of Kaspersky Anti Targeted Attack Platform is advised to direct his/her attention, as well as signs of targeted attacks to the corporate IT infrastructure.
KSN. Checks the reputation of files and URL addresses in the Knowledge Base of Kaspersky Security Network on behalf of Kaspersky Anti Targeted Attack Platform and provides information about categories of websites (for example, malicious website, phishing website).