Kaspersky Anti Targeted Attack Platform
|
Kaspersky Endpoint Security for Windows supports working with the Kaspersky Anti Targeted Attack Platform (EDR (KATA)) solution. Kaspersky Anti Targeted Attack Platform is a solution designed for timely detection of sophisticated threats such as targeted attacks, advanced persistent threats (APT), zero-day attacks, and others. Kaspersky Anti Targeted Attack Platform includes three functional units:
You can purchase all functional units or individual functional units separately. For details about the solution, please refer to the Kaspersky Anti Targeted Attack Platform Help. The application includes built-in agents for EDR, NDR components. The application also supports working with the Sandbox component that is part of KATA. |
Threat Intelligence tools
Kaspersky Endpoint Detection and Response uses the following Threat Intelligence tools:
- Integration with Kaspersky Threat Intelligence Portal, which contains and displays information about the reputation of files and web addresses.
- Kaspersky Threats database.
- The Kaspersky Security Network (hereinafter also referred to as "KSN") cloud service infrastructure, which provides access to real-time file, website, and software reputation information from the Kaspersky knowledge base. Using data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.
Principle of operation of the solution
Kaspersky Endpoint Security is installed on individual computers on the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified. Information about events on the computer (telemetry data) is sent to the Kaspersky Anti Targeted Attack Platform server. In this case, Kaspersky Endpoint Security also sends information to the Kaspersky Anti Targeted Attack Platform server about threats discovered by the application as well as information about processing results for these threats.
The EDR (KATA) and NDR (KATA) integration is configured in the Kaspersky Security Center console. The built-in agent is then managed using the Kaspersky Anti Targeted Attack Platform console, including running tasks, managing quarantined objects, viewing reports, and other actions.
Kaspersky Endpoint Security configurations for working with EDR / NDR (KATA)
The following configurations can be used for working with EDR / NDR (KATA):
- [KES+built-in agent]. In this configuration, Kaspersky Endpoint Security acts as both the application that ensures the security of the computer and the application for working with EDR / NDR (KATA). The built-in agent for EDR (KATA) is available in Kaspersky Endpoint Security 12.1 for Windows or later. The built-in agent for NDR (KATA) is available in Kaspersky Endpoint Security 12.7 for Windows or later.
- [third-party EPP+EDR Agent]. In this configuration, the security of the IT infrastructure is provided by the third-party Endpoint Protection Platform (EPP). The interaction with EDR / NDR (KATA) is provided by Kaspersky Endpoint Security in the Endpoint Detection Response Agent (EDR Agent) configuration. In this configuration, EDR Agent is compatible with third-party EPP applications. EDR Agent for EDR (KATA) is available in Kaspersky Endpoint Security 12.3 for Windows or later. EDR Agent for NDR (KATA) is available in Kaspersky Endpoint Security 12.7 for Windows or later.
Support for previous versions of Kaspersky Endpoint Security
If you are using Kaspersky Endpoint Security 11.2.0 – 11.8.0 for interoperability with Kaspersky Anti Targeted Attack Platform (EDR), the application includes Kaspersky Endpoint Agent. You can install Kaspersky Endpoint Agent side-by-side with Kaspersky Endpoint Security.
If you are using Kaspersky Endpoint Security 11.9.0 – 12.0, you need to install Kaspersky Endpoint Agent separately because starting from Kaspersky Endpoint Security 11.9.0 the Kaspersky Endpoint Agent distribution package is no longer part of the Kaspersky Endpoint Security distribution kit.