Kaspersky Anti Targeted Attack Platform
Discover advanced network threats hiding below the radar of perimeter protection
Corporate security should act as a catalyst for accelerated innovation, a cornerstone of your digital business strategy, proactively identifying and mitigating risk and reducing the impact of digital disruption in alignment with your overall business vision. Where cybersecurity is still viewed as a necessary burden and a potential progress inhibitor rather than a nurturer of corporate growth, Kaspersky Lab can help transform expectations.
Network Traffic Analysis driven by Machine Learning
Today’s cybercriminals constantly design unique and innovative methods of penetration and compromise. To avoid perimeter prevention technologies they use social engineering, non-malware and supply chain attacks to operate under the radar of security designed to catch ‘bad’ traces. It’s not enough to just ‘know’ what’s bad or dangerous – enterprises need to understand what’s normal, and use AI-driven techniques that simplify and automate this process. Targeted Attack Analyzer is a machine learning engine that involves self-learning to establish the baseline of normal, legitimate activities of an entire network. Through continuous network telemetry collection it finds deviations, detects suspicious activities and predicts further malicious actions at the initial stages of multilayered attacks.
Threat Emulation with Advanced Sandboxing
The static analysis of network traffic doesn’t provide adequate security on its own. Multi-layered malware, additional payloads and hidden command and control communications all require multi-dimensional detection capabilities at perimeter level, to prevent endpoints and servers from being compromised. Enterprises need extremely powerful detection engines to discover threats at the earliest stage, before lateral movement is established. Kaspersky’s Advanced Sandbox provides multi-layered detection, mapping to the MITRE ATT&CK knowledge base for further analysis of adversaries’ tactics, techniques and procedures. Sandbox supports several emulation modes, the randomization of OS components, time acceleration in virtual machines, anti-evasion techniques and user activity simulation.
Automated correlation and complete network visibility
The ML-based correlation engine aggregates network-level telemetry and verdicts and empowers it with endpoint-level data from Kaspersky EDR. It gives complete visibility and correlates incidents with rich context, fully automated and easy to use for better decision making.
Multi-dimensional advanced detection
Built around a Machine Learning core (Targeted Attack Analyzer) the platform combines advanced detection capabilities using static, behavioral, cloud reputation, sandboxing, YARA and pattern-based detection engines.
As the adoption of digital technologies such as the cloud, big data, mobile IoT and artificial intelligence continues apace, together with increasing inter-connectivity, new security, compliance and data protection challenges arise.
- Data management and compliance issues which can slow business evolution
- Shadow IT and low visibility over business assets, and the corresponding risks
- Too many alerts to be verified due to 'false positives
- Lack of a planning and a unified security strategy for Incident Response
- New business initiatives suffering from ineffective or unsuitable security
- Stolen credentials and permissions which can put businesses at significant risk
A corporate cybersecurity strategy to meet digital disruption challenges
With the increasing adoption, throughout business and society at large, of digital technologies such as the cloud, big data, mobile, IoT and artificial intelligence, the growing connectivity of everything brings challenges as never before in terms of security, compliance and data protection.
A strategic approach to advanced enterprise security
Kaspersky Anti Targeted Attack Platform delivers a new, strategic approach to detecting targeted attacks. Complemented by our multi-layered prevention technologies and solutions, as well as an extensive portfolio of Security Intelligence Services for response and prediction, Kaspersky Lab delivers a truly integrated, strategic approach to targeted attacks and to threat detection and response.
Digital transformation – a new role for cybersecurity
Cybersecurity, along with compliance and data usage, has become a key strategic priority for digital business. Organizations are looking for security approaches that facilitate a clear focus on business needs.
A trusted security solution delivering complete privacy
All object analysis is performed on-site, with no outbound data flow, and the Kaspersky Private Security Network delivers real-time inbound reputation updates while preserving the full isolation of corporate data.
Integrates with existing enterprise security
Existing security solutions can be fed with new context and verdicts for blocking. Blocking rules can be sent to NextGeneration Firewalls (NGFWs), breach event data sent to your Security Information Event Management system (SIEM) and unique URL and Domain insights added to Secure Web Gateways (SWGs).
A unified solution to accelerate innovation in digital transformation
- Integral business continuity, achieved through building security and compliance into new processes right from inception.
- Visibility over shadow IT and hidden threats
- Maximum flexibility enabling deployment across both physical and virtual environments, wherever visibility and control is needed
- The automation of investigation and response tasks, optimizing the costeffectiveness of your security, incident response and SOC teams
- Tight, straightforward integration with existing security products, enhancing overall security levels and protecting legacy security investment
«The Kaspersky Anti Targeted Attack Platform provides advanced threat detection across all layers of a targeted attack – initial infection, command and control communications, and lateral movements and data exfiltration»- – a competitive analysis of Advanced Persistent Threats (APT) protection by Radicati Group 2017.
Automated aggregation of essential telemetry and data across the entire network
The platform leverages network and endpoint data to deliver complete visibility across distributed enterprise networks for early threat detection and comprehensive response. Objects can be collected through SPAN, ICAP, POP3S or SMTP. Suspicious objects can also be extracted from third party systems’ custom connectors.
Multi-dimensional advanced detection
Based on leading security intelligence and advanced machine learning technologies, the Kaspersky Anti Targeted Attack Platform combines network and endpoint data, sandbox and intelligent analysis to correlate incidents, search for Indicators of Compromise and help uncover the most complex targeted attacks. Connecting up of the various pieces of an incident provides a comprehensive view of the entire attack chain, increasing confidence in assigned threat scores and reducing false positives to zero.
Automated prevention of advanced threats and comprehensive response
The Kaspersky Anti Targeted Attack platform can automatically share verdicts with traditional security Kaspersky Lab solutions via an on-premise intelligence sharing layer – Kaspersky Private Security Network. This tight integration from global to network to endpoint level, between Kaspersky Anti Targeted Attack Platform, Kaspersky Security for Mail Gateway, Kaspersky Endpoint Security, Kaspersky security for Virtualization and Kaspersky Endpoint Detection and Response, means immediate, informed action can be taken when an incident emerges.
Download the Kaspersky Anti Targeted Attack Platform (PDF).