Kaspersky Anti Targeted Attack Platform (EDR)
| Kaspersky Endpoint Security for Windows supports working with the Kaspersky Endpoint Detection and Response component as part of the Kaspersky Anti Targeted Attack Platform (EDR (KATA)) solution. Kaspersky Anti Targeted Attack Platform is a solution designed for timely detection of sophisticated threats such as targeted attacks, advanced persistent threats (APT), zero-day attacks, and others. Kaspersky Anti Targeted Attack Platform includes two functional blocks: Kaspersky Anti Targeted Attack (hereinafter also referred to as "KATA") and Kaspersky Endpoint Detection and Response (hereinafter also referred to as "EDR (KATA)"). You can purchase EDR (KATA) separately. For details about the solution, please refer to the Kaspersky Anti Targeted Attack Platform Help. |
Threat Intelligence tools
Kaspersky Endpoint Detection and Response uses the following Threat Intelligence tools:
- The Kaspersky Security Network (hereinafter also referred to as "KSN") cloud service infrastructure, which provides access to real-time file, website, and software reputation information from the Kaspersky knowledge base. Using data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.
- Integration with the Kaspersky Threat Intelligence Portal portal, which contains and displays information about the reputation of files and web addresses.
- Kaspersky Threats database.
Principle of operation of the solution
Kaspersky Endpoint Security is installed on individual computers on the corporate IT infrastructure and continuously monitors processes, open network connections, and files being modified. Information about events on the computer (telemetry data) is sent to the Kaspersky Anti Targeted Attack Platform server. In this case, Kaspersky Endpoint Security also sends information to the Kaspersky Anti Targeted Attack Platform server about threats discovered by the application as well as information about processing results for these threats.
The EDR (KATA) integration is configured on the Kaspersky Security Center console. The built-in agent is then managed using the Kaspersky Anti Targeted Attack Platform console, including running tasks, managing quarantined objects, viewing reports, and other actions.
Kaspersky Endpoint Security configurations for working with KATA (EDR)
The following configurations can be used for working with KATA (EDR):
- [KES+built-in agent]. In this configuration, Kaspersky Endpoint Security acts as both the application that ensures the security of the computer and the application for working with KATA (EDR). The built-in agent is available in Kaspersky Endpoint Security 12.1 for Windows or later.
- [third-party EPP+EDR Agent]. In this configuration, the security of the IT infrastructure is provided by the third-party Endpoint Protection Platform (EPP). The interaction with KATA (EDR) is provided by Kaspersky Endpoint Security in the Endpoint Detection Response Agent (EDR Agent) configuration. In this configuration, EDR Agent is compatible with third-party EPP applications. EDR Agent is available in Kaspersky Endpoint Security 12.3 for Windows or later.
Support for previous versions of Kaspersky Endpoint Security
If you are using Kaspersky Endpoint Security 11.2.0 – 11.8.0 for interoperability with Kaspersky Anti Targeted Attack Platform (EDR), the application includes Kaspersky Endpoint Agent. You can install Kaspersky Endpoint Agent side-by-side with Kaspersky Endpoint Security.
If you are using Kaspersky Endpoint Security 11.9.0 – 12.0, you need to install Kaspersky Endpoint Agent separately because starting from Kaspersky Endpoint Security 11.9.0 the Kaspersky Endpoint Agent distribution package is no longer part of the Kaspersky Endpoint Security distribution kit.
