Integration with Kaspersky Anti Targeted Attack Platform

Kaspersky Endpoint Security is compatible with the Kaspersky Anti Targeted Attack Platform solution, which is designed to protect the IT infrastructure of organizations and promptly detect threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). To read more, check out the Kaspersky Anti Targeted Attack Platform Help.

The Kaspersky Endpoint Security application can integrate with the following components of the Kaspersky Anti Targeted Attack Platform solution:

Integration with these components of the Kaspersky Endpoint Detection and Response (KATA) solution is provided by the following components of the Kaspersky Endpoint Security application:

You can configure the integration of the Kaspersky Endpoint Security application with all components of the Kaspersky Anti Targeted Attack Platform solution, as well as with each component individually.

To integrate with Kaspersky Anti Targeted Attack Platform components, you need to activate the Kaspersky Anti Targeted Attack Platform solution (see the solution help for more details). There is no need to activate the Kaspersky Endpoint Security components that provide integration. The main licenses for Kaspersky Endpoint Security include this functionality.

Integration of the Kaspersky Endpoint Security application with Kaspersky Anti Targeted Attack Platform is possible only if the Behavior Detection component is enabled. Otherwise, the necessary telemetry is not transmitted (except for synchronization requests).

The Kaspersky Endpoint Detection and Response (KATA) component can additionally use data received from the following components:

The Kaspersky Network Detection and Response (KATA) component can additionally use data received from the following components:

While integrated with the Kaspersky Anti Targeted Attack Platform solution, devices running Kaspersky Endpoint Security establish encrypted connections to the KATA/NDR/Sandbox server using the HTTPS protocol. To ensure the security of the connection, the following certificates issued by the KATA/NDR/Sandbox server are used:

Certificates for securing the connection to the KATA/NDR/Sandbox server are provided by the Kaspersky Anti Targeted Attack Platform administrator.

A proxy server is used to connect to the KATA/NDR/Sandbox server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.

By default, integration with Kaspersky Anti Targeted Attack Platform solution components is disabled. You can enable or disable the integration, and configure the following integration settings via the command line, Web Console, and Administration Console:

Managing Kaspersky Anti Targeted Attack Platform integration settings in Kaspersky Security Center Cloud Console is not supported.

In this section

Configuring EDR (KATA) / NDR (KATA) in the Web Console

Configuring EDR (KATA) / NDR (KATA) in the Administration Console

Configuring EDR (KATA) / NDR (KATA) on the command line

Configuring the KATA Sandbox integration in the Web Console

Configuring the KATA Sandbox integration on the command line

Page top