Operating principle of the application

The Kaspersky Anti Targeted Attack Platform application includes three functional blocks:

You can use the full functionality of the application (KATA key and KEDR key) or partial functionality (only KATA key or only KEDR key).

Principle of operation of Kaspersky Anti Targeted Attack

Kaspersky Anti Targeted Attack includes the following components:

Sensor, Central Node and Sandbox interoperate as follows:

If any threats are detected, the Central Node server records relevant information in the alert database. You can view the alert table in the Alerts section of the application web interface or by generating an alert report.

Alert information can also be published to a SIEM system that is used in your organization, as well as external systems. Information on Sandbox component alerts can be published in the local reputation database of Kaspersky Private Security Network.

Principle of operation of Kaspersky Endpoint Detection and Response

Kaspersky Endpoint Detection and Response includes the following components:

The Endpoint Agent and Central Node components interoperate as follows:

One of the applications that represents the Endpoint Agent component is installed on individual computers within the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified. The monitoring data are sent to the server with the Central Node component. Events are generated based on these data.

The Kaspersky Endpoint Agent for Windows can be integrated with Endpoint Protection Platform (hereinafter also "EPP") applications:

Information about compatibility of Kaspersky Endpoint Agent for Windows versions with EPP applications is provided in the Compatibility of Kaspersky Endpoint Agent for Windows versions with EPP applications section.

In this case, Kaspersky Endpoint Agent also sends information about threats detected by the EPP applications and results of threat processing by these applications to the Central Node server.

EPP applications, Kaspersky Endpoint Agent, and Central Node components interoperate as follows:

When the Central Node server is integrated with Kaspersky Endpoint Agent for Windows and Kaspersky Endpoint Security for Windows, you can do the following to react to detected threats:

When the Central Node server is integrated with Kaspersky Endpoint Security 11.4 for Linux and Kaspersky Endpoint Security for Mac, you can do the following to react to detected threats:

When the Central Node server is integrated with Kaspersky Endpoint Security 12 for Linux, you can do the following to react to detected threats:

The principle of operation of Kaspersky Anti Targeted Attack Platform is shown in the following picture.

kata_standalone_scheme

Principle of operation of Kaspersky Anti Targeted Attack Platform

You can configure settings of each Central Node component individually or manage several components in a centralized way in distributed solution mode.

A distributed solution is a two-tier hierarchy of Central Node servers. This structure sets apart a primary control server known as the Primary Central Node (PCN) and secondary servers known as Secondary Central Nodes (SCN).

The principle of operation of Kaspersky Anti Targeted Attack Platform in distributed solution mode is shown in the following picture.

kata_distributed

Principle of operation of Kaspersky Anti Targeted Attack Platform in distributed solution mode

See also

Kaspersky Anti Targeted Attack Platform Help

Kaspersky Anti Targeted Attack Platform

Data provision

Application licensing

Architecture of the application

Distributed solution and multitenancy

Sizing Guide

Installing and performing initial configuration of the application

Configuring the sizing settings of the application

Configuring the integration of Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Agent component

Getting started with the application

Managing accounts of application administrators and users

Authentication using domain accounts

Participation in Kaspersky Security Network and use of Kaspersky Private Security Network

Managing the Sandbox component through the web interface

For administrators: Getting started with the application web interface

For security officers: Getting started with the application web interface

Managing user-defined Sandbox rules

Sending notifications

Managing Kaspersky Endpoint Agent for Windows

Managing Kaspersky Endpoint Security for Windows

Managing Kaspersky Endpoint Security for Linux

Managing Kaspersky Endpoint Security for Mac

Backing up and restoring data

Upgrading Kaspersky Anti Targeted Attack Platform

Interaction with external systems via API

Sources of information about the application

Contacting the Technical Support Service

Information about third-party code

Trademark notices

Page top