To integrate the Endpoint Agent configuration with KATA in the corporate IT infrastructure, the following must be deployed:
Kaspersky Anti Targeted Attack Platform version 5.0 or higher.
Kaspersky Security Center version 14.2 or higher.
Setting up KATA Integration involves the following steps:
Installing the Endpoint Detection and Response Expert (on-premise) component
In installation package settings or in the Setup Wizard, or by changing the set of application components in the Windows Control Panel, at the step when you must select application components for installation, select the following:
Full functionality → Endpoint Agent → Endpoint Detection and Response Expert (on-premise) for the built-in agent
Endpoint Agent → Endpoint Detection and Response Expert (on-premise) for the Endpoint Agent configuration
To finish changing the set of application components, you must restart the computer.
Endpoint Detection and Response Expert (on-premise) activation
You need to purchase a separate license for KATA (for example, Kaspersky Endpoint Detection and Response (KATA) Add-on).
Licensing of the stand-alone Endpoint Detection and Response Expert (on-premise) functionality is the same as the licensing of Kaspersky Industrial CyberSecurity for Nodes. The feature becomes available after you add a separate key for Kaspersky Endpoint Detection and Response (KATA). As a result, two keys will be added on the computer: a key for Kaspersky Industrial CyberSecurity for Nodes and a key for Endpoint Detection and Response Expert (on-premise).
For Kaspersky Anti Targeted Attack Platform, you can establish a trusted connection between Kaspersky Industrial CyberSecurity for Nodes and the Central Node component. To configure a trusted connection, you must use a TLS certificate. You can get a TLS certificate in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). Then you must add the TLS certificate to Kaspersky Industrial CyberSecurity for Nodes (see instructions below).
By default, Kaspersky Industrial CyberSecurity for Nodes only checks the TLS certificate of Central Node. To make the connection more secure, you can additionally enable the additional verification of the computer on Central Node. To enable this verification, you must turn on two-way authentication in Central Node and Kaspersky Industrial CyberSecurity for Nodes settings. To use two-way authentication, you will also need a crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help).
Open the Kaspersky Security Center Administration Console.
In the console tree, open the Policies folder.
Select a policy for managing the application and double-click it to open its settings window.
Select the Telemetry collection servers section.
In the KATA Integration block, click the Settings button.
The KATA Integration window opens.
Select the KATA Integration check box.
Under Connection settings, click Add to add one or more Central Node servers. For each server, specify an address (IPv4, IPv6) and port for connecting to the server.
Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection with the server at the first IP address. If a connection cannot be established, Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection at the second IP address in the list and so on.
Click Server connection settings.
The Server connection settings window opens.
Configure the server connection:
Timeout (sec). Maximum Central Node server response timeout. When the timeout runs out, Kaspersky Industrial CyberSecurity for Nodes tries to connect to a different Central Node server.
Server TLS certificate. TLS certificate for establishing a trusted connection with the Central Node server. You can get a TLS certificate in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help).
Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Industrial CyberSecurity for Nodes and Central Node. To use two-way authentication, you need to enable two-way authentication in the Central Node settings, then get a crypto-container and set a password to protect the crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). After configuring the Central Node settings, you need to also enable two-way authentication in Kaspersky Industrial CyberSecurity for Nodes settings and load a password-protected crypto-container.
The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password.
In the Application Console tree, select the Telemetry collection servers → KATA Integration section.
Click the Properties link in the results pane.
The Properties: Endpoint Detection and Response Expert (on-premise) window opens on the General tab.
Select the KATA Integration check box.
Under Connection settings, click Add to add one or more Central Node servers. For each server, specify an address (IPv4, IPv6) and port for connecting to the server.
Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection with the server at the first IP address. If a connection cannot be established, Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection at the second IP address in the list and so on.
Click Server connection settings.
The Server connection settings window opens.
Configure the server connection:
Timeout (sec). Maximum Central Node server response timeout. When the timeout runs out, Kaspersky Industrial CyberSecurity for Nodes tries to connect to a different Central Node server.
Server TLS certificate. TLS certificate for establishing a trusted connection with the Central Node server. You can get a TLS certificate in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help).
Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Industrial CyberSecurity for Nodes and Central Node. To use two-way authentication, you need to enable two-way authentication in the Central Node settings, then get a crypto-container and set a password to protect the crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). After configuring the Central Node settings, you need to also enable two-way authentication in Kaspersky Industrial CyberSecurity for Nodes settings and load a password-protected crypto-container.
The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
Select the Application settings tab.
Select the Telemetry collection servers section.
In the KATA Integration block, click the Configure button.
The KATA Integration window opens.
Select the Enable KATA Integration check box.
Under Connection settings, click Add to add one or more Central Node servers. For each server, specify an address (IPv4, IPv6) and port for connecting to the server.
Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection with the server at the first IP address. If a connection cannot be established, Kaspersky Industrial CyberSecurity for Nodes attempts to establish a connection at the second IP address in the list and so on.
Click Server connection settings.
The Server connection settings window opens.
Configure the server connection:
Timeout (sec). Maximum Central Node server response timeout. When the timeout runs out, Kaspersky Industrial CyberSecurity for Nodes tries to connect to a different Central Node server.
Server TLS certificate. TLS certificate for establishing a trusted connection with the Central Node server. You can get a TLS certificate in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help).
Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Industrial CyberSecurity for Nodes and Central Node. To use two-way authentication, you need to enable two-way authentication in the Central Node settings, then get a crypto-container and set a password to protect the crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). After configuring the Central Node settings, you need to also enable two-way authentication in Kaspersky Industrial CyberSecurity for Nodes settings and load a password-protected crypto-container.
The crypto-container must be password-protected. It is not possible to add a crypto-container with a blank password.