Kaspersky Anti Targeted Attack Platform
Discover advanced network threats hiding below the radar of perimeter protection

Overview

Cybercriminals are constantly developing new and increasingly sophisticated tools and techniques to carry out cyberattacks. Organizations face a never-ending barrage of threats: complex threats caused by non-malware attacks, fileless attacks, living-off-the-land attacks, zero-day exploits — and any combination of these built into complex threats, APT-like and targeted attacks. Without adequate, proactive protection against this onslaught, businesses leave themselves open to some very serious, expensive consequences.

The answer is an extended detection and response solution. The Kaspersky Anti Targeted Attack (KATA) Platform, with Kaspersky EDR Expert at its core, is an extended EDR solution that delivers all-in-one protection against complex and targeted attacks, powered by advanced threat intelligence and mapped to the MITRE ATT&CK framework. Every potential entry point is centralized under your control, with full visibility — your network, web, email, PCs, laptops, servers and virtual machines in public clouds.

A unified platform to accelerate innovation in digital transformation through:

• Integral business continuity. Kaspersky build security and compliance into new processes right from the start
• Complete visibility over your corporate IT infrastructure
• Maximum flexibility enabling deployment across both physical and virtual environments, wherever visibility and control is needed
• Automation of threat discovery and response tasks, optimizing the cost-effectiveness of your security, incident response and SOC teams
• Tight, straightforward integration with existing security products, enhancing overall security levels and protecting legacy security investment

Unequalled cybersecurity in a unified solution

Professional cybercriminals these days favor a multi-vector approach. Kaspersky Anti Targeted Attack Platform combines network-level advanced threat discovery and EDR capabilities, while giving IT security specialists all the tools they need to handle superior multi-dimensional threat discovery, apply leading-edge technologies, undertake effective investigations, threat hunt proactively and deliver a rapid, centralized response — all through a single solution.

Your effective extended detection and response capabilities against complex attacks

Top Benefits

Get the full picture

Full visibility
It doesn’t matter what vectors the attackers use to infiltrate your infrastructure, you still need to see them. The KATA Platform fully integrates with Kaspersky Endpoint Security for Business, which shares a single agent with Kaspersky EDR Expert, and with both Kaspersky Security for Mail Server and Kaspersky Security for Internet Gateway to provide automated gateway-level responses to complex threats. The all-in-one nature of this solution significantly reduces the time and effort your IT security teams need to spend on threat protection, thanks to maximum automation of defensive actions at both network and endpoint levels, and contextual incident representation in the single web console.

---

Detect threats with the best advanced methods

Accurate detection
Traditional defenses alone can’t handle sophisticated threats and targeted attacks — a layered approach using advanced detection technologies is needed. The KATA Platform uses basic methods, such as a unique set of IDS rules for traffic analysis based on APT research and the global threat landscape, as well as advanced machine learning and artificial intelligence technologies to determine your organization’s ‘normal’ behavior. Integrated real-time threat intelligence and customizable threat detection tools help detect multi-vector, non-malware threats.

---

Respond in the way that suits you best

Quick response
The KATA Platform with Kaspersky EDR Expert at its core secures multiple potential threat entry-points at both network and endpoint levels, and provides extended detection and response capabilities. It equips your IT security experts with tools that enable ‘one click’ responses right from the central management console, reducing routine manual tasks and cutting response times from hours to minutes. A wide range of response activities are supported, including: kill processes, quarantine or recovery of objects, file deletion, file transfer to the Sandbox for analysis, running specific scripts or third-party programs on a dedicated endpoint, performing full host isolation, putting objects in prevention mode.

---

Hunt for threats before they can cause a problem

Proactive threat hunting
Threat hunting is a critical part of cybersecurity. KATA secures multiple potential threat entry points and delivers a comprehensive toolkit for multi-dimensional threat discovery and proactive threat hunting. By combining the latest technologies and global analytics to proactively detect and respond promptly to threats, you can stop threats in their tracks — before they can cause any damage.

---

Spend time on other tasks

Clear prioritization
To avoid over-burdening your specialists and ensure optimum allocation of work between experts with different specializations, the KATA Platform can automatically assess and classify threats according to their level of critically, and tag each alert with the appropriate label. This helps information security specialists to prioritize alerts quickly, identify the most important alerts in the entire flow of alerts, allocate work resources and plan workloads.

---

Gain enhanced understanding of the TTPs used by threat actors

Data enrichment
The Platform provides a detailed analysis of a threat’s scope and supports an automated comparison of internal investigation results with global reputation data (Kaspersky Security Network) and manual threat queries (the Kaspersky Threat Intelligence Portal), This provides additional context for effective threat hunting and accelerates the incident investigation process. Enrichment with MITRE ATT&CK data provides details about the ATT&CK-defined technique used, descriptions and mitigation strategies so you automatically benefit from top-level threat research without overloading your in-house experts.

Features

Multi-layered sensor architecture

All round visibility achieved through a combination of network, web & email sensors, and endpoint agents.

---

Extensive threat discovery engines

Working with data from network sensors (network traffic analysis) and endpoint agents (EDR capabilities) for rapid verdicts and fewer false positives.

---

Advanced Sandbox

Provides a safe environment for the deep analysis of threat activity, supporting the randomization of OS components, time acceleration in virtual machines, anti-evasion techniques, user activity simulation and results mapping to the MITRE ATT&CK knowledgebase - all contributing to highly efficient behavior-based detection

---

Retrospective analysis

Even in situations where compromised endpoints are inaccessible or when data has been encrypted - through automated data, object and verdict collection, and centralized storage.

---

Two modes of Threat Intelligence interaction

Automated comparison with global reputation data from the Kaspersky Security Network and manual threat hunting and investigation queries through the Kaspersky Threat Intelligence Portal.

---

Real-time automatic threat hunting

Events are correlated with a unique set of Indicators of Attack (IoAs) generated by Kaspersky threat hunters and mapped to the MITRE ATT&CK matrix, providing clear event descriptions, examples and response recommendations.

---

Proactive threat hunting with our powerful flexible query builder

Analysts can build complex queries to search for atypical behavior and suspicious activities, and for threats specific to your infrastructure.

How It Works

The most sophisticated attacks under your focus and control

The Platform acts as an Extended Detection and Response solution delivering all-in-one APT protection powered by our Threat Intelligence and mapped to the MITRE ATT&CK framework. All potential threat entry points – network, web, mail, PCs, laptops, servers, and virtual machines – are under your control.

Kaspersky Anti Targeted Attack Platform is fully integrated with Kaspersky Endpoint Security for Business, sharing a single agent with Kaspersky EDR Expert. It also integrates with both Kaspersky Security for Mail Server and Kaspersky Security for Internet Gateway, which serve a sensors to the Platform, providing an automated response to more complex email and web-borne threats.

Documentation

Download the Kaspersky Anti Targeted Attack Platform Datasheet (PDF).