Operation of the program

Kaspersky Anti Targeted Attack Platform includes two functional blocks:

You can use the full functionality of the program (KATA key and KEDR key) or partial functionality (only KATA key or only KEDR key).

Principle of operation of Kaspersky Anti Targeted Attack

Kaspersky Anti Targeted Attack includes the following components:

Sensor, Central Node and Sandbox interoperate as follows:

If any threats are detected, the Central Node server records relevant information in the alert database. You can view the alert table in the Alerts section of the program web interface or by generating an alert report.

Alert information can also be published to a SIEM system that is used in your organization, as well as external systems. Information on Sandbox component alerts can be published in the local reputation database of Kaspersky Private Security Network.

Principle of operation of Kaspersky Endpoint Detection and Response

Kaspersky Endpoint Detection and Response includes the following components:

Kaspersky Endpoint Agent and Central Node components interoperate as follows:

When the Central Node server is integrated with Kaspersky Endpoint Agent for Windows, you can do the following to react to detected threats:

When the Central Node server is integrated with Kaspersky Endpoint Agent for Linux, you can do the following to react to detected threats:

The principle of operation of Kaspersky Anti Targeted Attack Platform is shown in the following picture.

kata_standalone_scheme

Principle of operation of Kaspersky Anti Targeted Attack Platform

You can configure settings of each Central Node component individually or manage several components in a centralized way in distributed solution mode.

A distributed solution is a two-tier hierarchy of Central Node servers. This structure sets apart a primary control server known as the Primary Central Node (PCN) and secondary servers known as Secondary Central Nodes (SCN).

The principle of operation of Kaspersky Anti Targeted Attack Platform in distributed solution mode is shown in the following picture.

kata_distributed

Principle of operation of Kaspersky Anti Targeted Attack Platform in distributed solution mode

See also

Kaspersky Anti Targeted Attack Platform Help

Kaspersky Anti Targeted Attack Platform

About data provision

Program licensing

Program architecture

Distributed solution and multitenancy

Sizing Guide

Installing and performing initial configuration of the program

Configuring the sizing settings of the program

Configuring the integration of Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Agent

Getting started with the program

Managing accounts of program administrators and users

Authentication using domain accounts

Participation in Kaspersky Security Network and use of Kaspersky Private Security Network

Managing the Sandbox component through the web interface

For the administrator: Getting started in the program web interface

For a security officer: Getting started with the program web interface

Sending notifications

Managing Kaspersky Endpoint Agent for Windows

Managing Kaspersky Endpoint Agent for Linux

Creating a backup copy and restoring the program from backup

Updating Kaspersky Anti Targeted Attack Platform

Interaction with external systems via API

Sources of information about the program

Contacting the Technical Support Service

Information about third-party code

Trademark notices

Page top