Kaspersky Anti Targeted Attack Platform 2.0 release notes
Latest update: August 4, 2020
ID: 13705
Kaspersky Anti Targeted Attack Platform 2.0 was released on April 7, 2017.
Kaspersky Anti Targeted Attack Platform is a solution designed for the protection of a corporate IT infrastructure and the timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereafter also referred to as "APT").
The product has been developed for corporate users and can be integrated into the corporate IT infrastructure in the following ways:
- Integrate into the local area network, receive and process mirrored traffic, and extract objects and meta data from HTTP-, FTP-, and DNS protocols, as well from the SMTP protocol.
- Connect to a proxy server, receive and process ICAP data of HTTP and FTP traffic, as well as HTTPS traffic if the administrator has configured SSL certificate replacement on the proxy server.
- Connect to a mail server and process copies of email messages arriving via the POP3(S) and SMTP protocols.
- Install sensors or integrate with Kaspersky Endpoint Security on individual computers that belong to the corporate IT infrastructure and run the Microsoft Windows operating system in order to constantly monitor the processes running on those computers, active network connections, and files that are modified.
- Integrate with the Kaspersky Lab product Kaspersky Secure Mail Gateway and process copies of email messages.
- Integrate with Kaspersky Private Security Network (hereafter also referred to as "KPSN"). Kaspersky Anti Targeted Attack Platform has access to Kaspersky Lab’s online Knowledge Base, which contains regularly-updated information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky Lab applications respond faster to unknown threats, improves the effectiveness of some protection components, and reduces the risk of false positives.
What's new in Kaspersky Anti Targeted Attack 2.0
- You can now integrate Kaspersky Anti Targeted Attack Platform (hereafter also referred to as "KATA") with Kaspersky Secure Mail Gateway (hereafter also referred to as "KSMG"). After integration, the server or virtual machine on which KSMG is installed can be used as a Sensor component and can search for data in mail traffic. Based on the results of the processing of email messages in Kaspersky Anti Targeted Attack Platform, KSMG may block the transfer of messages.
- There is now horizontal scaling for the Sandbox component. To increase throughput, the Sandbox component can be installed on several servers.
- You can now integrate Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Security. After integration, computers with Kaspersky Endpoint Security agents (hereafter also referred to as "KES agents") can be used as Endpoint Sensors components in the same way as individual computers with the Endpoint Sensors component.
- You can now integrate Kaspersky Anti Targeted Attack Platform with Kaspersky Threat Intelligence Portal (hereafter also referred to as “KTIP”), which analyzes each file for malicious code and displays information about the reputation of the file.
- You can now scan URLs from mail and traffic.
- You can now send notifications about detected events to security officers, and set rules for the sending notifications.
- You can now create, import and export an allowlist of data. An allowlist of data can include MD5 hashes and file formats, URL masks, email addresses and subnet addresses.
- Management of program users has been improved, and users can now be allocated roles with varying rights of access to the product’s web interface. There are different access permissions for an Administrator, Security Officer, and Senior Security Officer.
- You can now configure an event to be part of a group of events with special access permissions. For example, events that are part of a VIP group cannot be viewed by users that have Security Officer permissions.
- You can now detect events in files and dumps on computers with the Endpoint Sensors component.
Known issues and limitations in Kaspersky Anti Targeted Attack 2.0
- The Endpoint Sensors component is not compatible with the RealTimes Desktop Service.
- Kaspersky Anti Targeted Attack Platform version 2.0 does not support upgrading from previous versions. When installing version 2.0, all data that was accumulated during the operation of previous product versions (for example, events and their accompanying information) will be lost. If you want to save the accumulated data, contact Kaspersky Lab Technical Support before installing version 2.0.
- Kaspersky Anti Targeted Attack Platform 2.0 uses TLS 1.0 to support the use of Kaspersky Endpoint Security for Windows 10 SP1 MR3 as the Endpoint Sensors component.
