Integration with Kaspersky Anti Targeted Attack Platform

Kaspersky Endpoint Security is compatible with the Kaspersky Anti Targeted Attack Platform solution, which is designed to protect the IT infrastructure of organizations and promptly detect threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). To read more, check out the Kaspersky Anti Targeted Attack Platform Help.

The Kaspersky Endpoint Security application can integrate with the following components of the Kaspersky Anti Targeted Attack Platform solution:

Integration with these components of the Kaspersky Endpoint Detection and Response (KATA) solution is provided by the following components of the Kaspersky Endpoint Security application:

You can configure the integration of the Kaspersky Endpoint Security application with all components of the Kaspersky Anti Targeted Attack Platform solution, as well as with each component individually.

To integrate with Kaspersky Anti Targeted Attack Platform components, you need to activate the Kaspersky Anti Targeted Attack Platform solution (see the solution help for more details). There is no need to activate the Kaspersky Endpoint Security components that provide integration. The main licenses for Kaspersky Endpoint Security include this functionality.

For proper Integration of the Kaspersky Endpoint Security application with Kaspersky Anti Targeted Attack Platform, the Behavior Detection component must be enabled. If Behavior Detection is disabled, necessary telemetry is not transmitted (except for synchronization requests and threat detection data from other protection components).

If Behavior Detection uses the eBPF mechanism to get system telemetry (available on 64-bit operating systems with kernel version 5.3 and later with eBPF support), the telemetry data is more comprehensive.

The EDR (KATA) and NDR (KATA) components can use data from the following components:

While integrated with the Kaspersky Anti Targeted Attack Platform solution, devices running Kaspersky Endpoint Security establish encrypted connections to the KATA/NDR/Sandbox server using the HTTPS protocol. To ensure the security of the connection, the following certificates issued by the KATA/NDR/Sandbox server are used:

Certificates for securing the connection to the KATA/NDR/Sandbox server are provided by the Kaspersky Anti Targeted Attack Platform administrator.

A proxy server is used to connect to the KATA/NDR/Sandbox server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.

By default, integration with Kaspersky Anti Targeted Attack Platform solution components is disabled. You can enable, disable, or configure the integration using the command line, the Web Console, and Administration Console: When integrated with any Kaspersky Anti Targeted Attack Platform component, you can:

When integrated with Kaspersky Endpoint Detection and Response (KATA), you also can:

In this section

Configuring EDR (KATA) / NDR (KATA) in the Web Console

Configuring EDR (KATA) / NDR (KATA) in the Administration Console

Configuring EDR (KATA) / NDR (KATA) on the command line

Configuring the KATA Sandbox integration in the Web Console

Configuring the KATA Sandbox integration on the command line

Page top