Starting with version 12.1, Kaspersky Endpoint Security for Windows includes a built-in agent for managing the Kaspersky Endpoint Detection and Response component as part of the Kaspersky Anti Targeted Attack Platform solution. Kaspersky Anti Targeted Attack Platform is a solution designed for timely detection of sophisticated threats such as targeted attacks, advanced persistent threats (APT), zero-day attacks, and others. Kaspersky Anti Targeted Attack Platform includes two functional blocks: Kaspersky Anti Targeted Attack (hereinafter also referred to as "KATA") and Kaspersky Endpoint Detection and Response (hereinafter also referred to as "EDR (KATA)"). You can purchase EDR (KATA) separately. For details about the solution, please refer to the Kaspersky Anti Targeted Attack Platform Help. |
Kaspersky Endpoint Detection and Response uses the following Threat Intelligence tools:
Kaspersky Endpoint Security is installed on individual computers on the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified. Information about events on the computer (telemetry data) is sent to the Kaspersky Anti Targeted Attack Platform server. In this case, Kaspersky Endpoint Security also sends information to the Kaspersky Anti Targeted Attack Platform server about threats discovered by the application as well as information about processing results for these threats.
The EDR (KATA) integration is configured on the Kaspersky Security Center console. The built-in agent is then managed using the Kaspersky Anti Targeted Attack Platform console, including running tasks, managing quarantined objects, viewing reports, and other actions.