Kaspersky Endpoint Detection and Response (KATA) Integration

Kaspersky Endpoint Detection and Response (KATA) is a component of the Kaspersky Anti Targeted Attack Platform solution. Integration with the Kaspersky Endpoint Detection and Response (KATA) component is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response (KATA) (EDR (KATA)).

Kaspersky Endpoint Security is compatible with the Kaspersky Anti Targeted Attack Platform solution, which is designed to protect the IT infrastructure of organizations and promptly detect threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). To read more, check out the Kaspersky Anti Targeted Attack Platform Help.

This feature is not supported in the KESL container.

When interacting with Kaspersky Endpoint Detection and Response (KATA), Kaspersky Endpoint Security can:

• Send data about events on devices (telemetry) to the Kaspersky Anti Targeted Attack Platform server with the Central Node component ("KATA server"). Kaspersky Endpoint Security sends monitoring data on processes, open network connections, and modified files to the KATA server, as well as data on threats detected by the application and data on the results of processing these threats.
• Execute response actions to ensure security when receiving commands from Kaspersky Anti Targeted Attack Platform.

For integration with Kaspersky Endpoint Detection and Response (KATA), the Behavior Detection component must be enabled.

Integration of the Kaspersky Endpoint Security application with Kaspersky Endpoint Security and EDR (KATA) is possible only with Behavior Detection enabled. Otherwise, the required telemetry data cannot be transmitted.

Kaspersky Endpoint Detection and Response (KATA) can additionally use data received from the following components:

• File Threat Protection.
• Network Threat Protection.
• Web Threat Protection.

When integrated with Kaspersky Endpoint Detection and Response (KATA), devices with Kaspersky Endpoint Security establish secure connections to the KATA server via the HTTPS protocol. To ensure a secure connection, the following certificates issued by the KATA server are used:

• KATA server certificate. The connection is encrypted using the server's TLS certificate. You can elevate the security of the connection by verifying the server certificate on the Kaspersky Endpoint Security side. To do this, add the integration server certificate before enabling the Kaspersky Endpoint Detection and Response (KATA) Integration.
• Client certificate. This certificate is used for additional protection of the connection using two-way authentication (scanning devices with Kaspersky Endpoint Security KATA server). The same client certificate can be used by multiple devices. By default, the KATA server does not check client certificates, but two-way authentication can be enabled on the Kaspersky Anti Targeted Attack Platform side. In this case, you need to enable two-way authentication in the Kaspersky Endpoint Detection and Response (KATA) Integration settings and add the client certificate (cryptocontainer with certificate and private key).

Certificates for securing the connection to the KATA server are provided by the Kaspersky Anti Targeted Attack Platform administrator.

A proxy server is used to connect to the KATA server if use of a proxy server is configured in the general application settings of Kaspersky Endpoint Security.

By default, the Kaspersky Endpoint Detection and Response (KATA) Integration is disabled. You can enable or disable the integration, and configure the following integration settings via the command line, Web Console, and Administration Console:

• Configure general KATA server connection settings.
• Add or remove KATA server certificates.
• Configure two-way authentication when connecting to KATA servers and add client certificates.
• Configure event forwarding.
• Enable or disable sending telemetry.

  If integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response is enabled, process exclusions are not applied when sending telemetry.

Managing Kaspersky Endpoint Detection and Response (KATA) Integration settings in Kaspersky Security Center Cloud Console is not supported.