Kaspersky Anti Targeted Attack Platform

Kaspersky Anti Targeted Attack Platform is a solution for protection of an organization's IT infrastructure and early detection of threats such as zero-day attacks, targeted attacks, and advanced persistent threats (hereinafter also referred to as APT). The application is intended for corporate users.

Kaspersky Anti Targeted Attack Platform solution includes three functional units:

• Kaspersky Anti Targeted Attack (hereinafter also referred to as KATA) – protects the enterprise's IT infrastructure perimeter.
• Kaspersky Endpoint Detection and Response (hereinafter also KEDR) – protects computers in the organization local network.
• Network Detection and Response, which protects the corporate LAN.

For details about the solution, please refer to the Kaspersky Anti Targeted Attack Platform Help.

Principle of operation of the solution

Kaspersky Industrial CyberSecurity for Nodes is installed on individual computers running Windows that are included in the organization's IT infrastructure. The application constantly monitors processes, open network connections, and files being modified. Information about events on the computer, threats detected by the application, and the results of processing these threats is sent to the Central Node server.

Integration with KEDR (KATA) is configured in the Kaspersky Security Center Administration Console or Kaspersky Security Center Web Console. The built-in agent or Endpoint Agent configuration is then managed using the Kaspersky Anti Targeted Attack Platform console, including running tasks, managing quarantined objects, viewing reports, and other actions.

Kaspersky Industrial CyberSecurity for Nodes configurations for integration with Kaspersky Anti Targeted Attack Platform

Kaspersky Industrial CyberSecurity for Nodes can be integrated with Kaspersky Endpoint Detection and Response as part of the Kaspersky Anti Targeted Attack Platform solution. The following configurations are possible:

• [KICS+built-in agent]. In this configuration, Kaspersky Industrial CyberSecurity for Nodes acts as both the application that ensures the security of the computer and the application for working with KEDR. The built-in agent is available in Kaspersky Industrial CyberSecurity for Nodes starting with version 4.2.
• [third-party EPP+Endpoint Agent configuration]. In this configuration, the security of the IT infrastructure is provided by the third-party Endpoint Protection Platform (EPP). Integration with KEDR is provided by Kaspersky Industrial CyberSecurity for Nodes in the Endpoint Agent configuration. The Endpoint Agent configuration is available in Kaspersky Industrial CyberSecurity for Nodes starting with version 4.2.

Support for previous versions of Kaspersky Industrial CyberSecurity for Nodes

Kaspersky Industrial CyberSecurity for Nodes 4.2 supports integration with the Kaspersky Anti Targeted Attack Platform (EDR) solution using the built-in agent or an Endpoint Agent configuration; you do not need to install Kaspersky Endpoint Agent.

If you are using Kaspersky Industrial CyberSecurity for Nodes older than 4.2 for integration with Kaspersky Anti Targeted Attack Platform (EDR), you must install Kaspersky Endpoint Agent separately.

In this section Configuring KATA integration Configuring telemetry

Page top