Kaspersky Anti Targeted Attack
Platform (KATA)

Proven advanced threat detection empowered by machine learning and HuMachine® intelligence

SOLUTION OVERVIEW

Kaspersky Anti Targeted Attack Platform (KATA) is designed to detect new generation targeted attacks and threats. KATA enhances traditional information security products, which are based on signature and heuristic analysis.

Enabling businesses to detect targeted attacks, advanced threats and already compromised systems. Based on leading security intelligence and advanced machine learning technologies, the Kaspersky Anti Targeted Attack Platform combines network and endpoint monitoring, advanced sandbox technology and threat intelligence-driven analysis to correlate different events and prioritize incidents to help you reveal and recognize and uncover complex attacks.

KATA Architecture
ENDPOINT SENSORS CENTRAL NODE SENSORS SANDBOX SERVER WEB INTERFACE

ENDPOINT SENSORS

Endpoint Sensors are installed on workstations and servers. The application collects data about processes, executable files and established connections. The collected data is sent to Central Node for further analysis. Central Node additionally queries Endpoint Sensors for files and memory dumps. Endpoint Sensor can be installed on endpoints on which a third-party security product is installed without hindering its operation.

CENTRAL NODE

Central Node is the main component of the system. It retrieves data from sensors, performs in-depth analysis, detects network anomalies and publishes results. It also interacts with Sandbox Servers, sending objects for payload analysis.

SENSORS

- Sensors are used to integrate with the organization’s infrastructure. The sensor retrieves network, web and mail traffic.And then performs a preliminary scan: network packets and links are analyzed. It also extracts files from the traffic and forwards them together with metadata to Central Node for a more detailed analysis.

SANDBOX SERVER

Sandbox Server is a set of virtual machines running different operating systems and versions of the most common applications. The virtual machines start running when Central Node sends a task to perform monitoring of an object's behavior in a special environment. This environment is as realistic as possible. The file or link is forwarded to the virtual machine and run. All actions are recorded and then analyzed. Sandbox runs executable files, office documents, scripts and multimedia files.

WEB INTERFACE

The web interface is the main security tool for monitoring and studying the results of analysis performed by the KATA platform. The component is implemented as a web server on Central Node, which can be connected to using any popular web browser

BENEFITS

Reduce financial & operational damage caused by cybercrime

Minimize disruption to business-critical processes

Avoid costly legal action and regulatory or compliance issues

Protect your infrastructure against ongoing long-term stealth damage

Avoid remedial costs (like additional training, staffing, system hardening)

IMPLEMENTATION AND FEATURES

Kaspersky Anti Targeted Attack Platform is a solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats.

Integrate into the local area network, receive and process mirrored traffic, and extract objects and metadata from the HTTP, FTP, SMTP, and DNS protocols.

Connect to the proxy server, receive and process ICAP data of HTTP and FTP traffic, as well as HTTPS traffic if the administrator has configured SSL certificate replacement on the proxy server.

Be installed on individual computers that belong to the corporate IT infrastructure and run the Microsoft® Windows® operating system to constantly monitor processes running on those computers, active network connections, and files that are modified.

Connect to the proxy server, receive and process ICAP data of HTTP and FTP traffic, as well as HTTPS traffic if the administrator has configured SSL certificate replacement on the proxy server.

Integrate with the Kaspersky Lab program Kaspersky Secure Mail Gateway and process copies of email messages.

Integrate with the Kaspersky Lab program Kaspersky Endpoint Security and monitor processes, active network connections, and files that are modified by users of Kaspersky Endpoint Security in your organization’s network.

Integrate with the Kaspersky Lab information system known as Kaspersky Threat Intelligence Portal, which contains and displays information about the reputation of files and URLs.