RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Kaspersky Anti Targeted Attack Platform (KATA)

Product
Developers: Kaspersky Kaspersky
Last Release Date: 2019/10/08
Technology: Information Security - Fraud Detection System (Fraud),  Information Security Information and Event Management (SIEM)

Content

To protect against complex targeted attacks of any complexity, Kaspersky Lab"" has developed a specialized Kaspersky Anti Targeted Attack Platform solution. The platform helps companies identify any unauthorized intrusion into the corporate network and allows specialists to information security quickly take the measures necessary to preserve data.

In addition, Kaspersky Lab has a special service for providing analytical reports on ART-class threats. Thanks to this service, companies receive the necessary data to help them better understand the specifics of targeted attacks, as well as directly compromise indicators, which simplify early detection of an attack, the company says.

The main purpose of the ART class attack is to steal confidential information, which can subsequently be used to gain geopolitical advantage or sell to interested parties. According to Kaspersky Lab's observations, government and diplomatic organizations, financial companies, enterprises operating in the energy and space industries, health and education institutions, telecommunications and IT companies, suppliers for the armed forces, as well as public and political activists are most at risk of becoming a victim of a targeted attack.

"
We have been studying complex targeted attacks for more than six years and can say with confidence that recently they have been increasingly used not only for espionage, but also for theft of money. Targeted attacks affect a variety of organizations, their victims can be not only government agencies. Of no less interest to cybercriminals are large companies that have valuable intellectual property or have access to large financial assets, "said Yuri Namestnikov, head of the Russian research center at Kaspersky Lab. - In such a situation, early detection of a targeted attack is critical for any organization that wants to keep its sensitive data. However, with traditional security solutions, this is very difficult to do, since attackers often use non-trivial methods and carefully hide their activity. So companies can be helped by either analytical services or special solutions to identify targeted attacks. "

Kaspersky Anti Targeted Attack Platform is a solution for protecting against targeted attacks. The main danger of these attacks is that they are carefully worked out for each specific organization and do not find themselves in any way. The result can be a leak of confidential data, a simple enterprise or a blow to reputation. According to Kaspersky Lab, the average damage from targeted attacks for medium and small businesses in the world is $84 thousand, and for large companies it increases to $2.54 million. Kaspersky Anti Targeted Attack Platform resists attacks at all stages and is capable of both detecting an attack that has already begun and minimizing damage from it, and protecting the enterprise from potential threats by assessing security risks in the current infrastructure.

2024

As part of PAC "Alcor"

The technological alliance of the companies Graviton, Kaspersky Lab, Astra Group and Axoft was presented by the Russian PAK Alcor. An IT solution based on domestic servers and information security systems is designed to monitor and protect against complex threats and targeted attacks. It also includes Kaspersky Anti Targeted Attack (KATA) software. This was announced on November 25, 2024 by representatives of Axoft. Read more here.

As part of PAC "Nerpa + KATA + KEDR"

The manufacturer of IT equipment Nerpa and the developer of information security solutions Kaspersky Lab, with the participation of OCS Distribution, have released two hardware and software complexes (PAC) - to protect companies from various cyber threats and unified information security management. OCS Distribution announced this on June 6, 2024.

Within the framework of cooperation, vendors have implemented comprehensive solutions cyber security that allow them to withstand complex ones. to the attacks The first implemented PAC is "Nerpa + KATA + KEDR." The system includes ON Kaspersky Anti Targeted Attack and, Kaspersky EDR Expert as well as a productive two. processor server Nerpa Nord More here.

2023

Using Axiom JDK Certified as a Platform

Kaspersky Lab will use Axiom JDK Certified, a Russian certified Java platform, as part of its solutions. Kaspersky Lab announced this on November 27, 2023.

The certified platform Java is planned to be used in comprehensive protection of the native XDR class against complex threats and targeted attacks consisting of Kaspersky Anti Targeted Attack and solutions. Kaspersky EDR Expert This will increase their security and significantly speed up the certification process, FSTEC where, together with the solution, verification of the code of the environment of its operation is required. More. here

Delta Tioga Pass and Delta Argut compatibility

and Delta Computers Kaspersky Lab"" confirmed the compatibility and correctness of software Kaspersky the Anti Targeted Attack Platform (KATA), Kaspersky Endpoint Detection and Response (KEDR) Kaspersky Unified Monitoring and Analysis Platform (KUMA) server and with products. This was Delta Tioga Pass и Delta Argut announced on September 6, 2023 by Delta Computers. More. here

2022: As part of PAC based on Depo Storm Kaspersky Anti Targeted Attack Platform (KATA)

Axoft, Kaspersky Lab and DEPO Computers presented Russian hardware and software complexes based on the DEPO Storm server platforms and Kaspersky Lab software products. The complexes were tested by engineers of the DEPO Computers technology center and are ready for use in government agencies and enterprises of the corporate sector. Read more here.

2019: As part of Kaspersky and Angara's joint services to protect against targeted attacks

On October 8, 2019, Kaspersky Lab announced that it was starting to work on the MSSP model in Russia. The first partner of the company was the Angara Professional Assistance service provider.

As part of the collaboration, the companies announced the creation of a joint service for large and medium-sized businesses to protect against targeted attacks, identify and respond to complex threats: ACR Services EDR and antiAPT.

With this service, companies can automate the processes of detecting and responding to incidents, determine the severity of the threat in a timely and correct manner and raise the protection of IT infrastructure from cyber attacks to a qualitatively different level.

ACR Services EDR and antiAPT are based on the platform for protection against targeted attacks Kaspersky Anti Targeted Attack (KATA), solutions for detecting, investigating and responding to complex incidents on end devices Kaspersky Endpoint Detection and Response (KEDR) and Angara Cyber ​ ​ Resilience Center (ACRC) platform designed for monitoring, investigating and analyzing cyber threats.

This service can be transformed to a full-fledged SOC ACRC Cyber ​ ​ Resistance Center. In addition, during the contract on special terms, it is possible to connect the following MSSP services: anti, phishing protection against DDoS attack, filtering - Internet traffic, monitoring, SLA protection of web applications, etc.

{{quote 'author=comments Oksana Vasilyeva, CEO of Angara Professional Assistance' Recently, clients are faced with a lack of budget for expensive information security solutions with a shortage of information security specialists. We are pleased to introduce ACR Services EDR and antiAPT to address these issues. Thanks to the subscription model with clear billing parameters, you can easily connect to services, flexibly manage connected services and control them, delegating continuous analysis of events to qualified analysts, }}

File:Aquote1.png
We have the opportunity, in partnership with Angara Professional Assistance, to create a popular service with which protection against targeted cyber attacks has become more accessible to many companies that previously could not afford this service,
added Zemkov Sergey, Managing Director of Kaspersky Lab in Russia and the CIS
File:Aquote2.png

2017

100% of detected threats in ICSA Labs test

Kaspersky Lab's specialized platform for protecting against the most complex targeted cyber threats Kaspersky Anti Targeted Attack Platform (KATA) demonstrated an ideal result during the last ICSA Labs qualification test: 100% of threat detections in the absence of false positives. Thus, for the third time in a row, KATA has successfully passed the test, this time showing the best result of all time, Kaspersky Lab said in a statement[1]

The testing was a simulation of the real environment and lasted 37 days. During this time, 585 mixed attacks with 519 "clean samples" were carried out on servers protected by Kaspersky Anti Targeted Attack Platform - these are objects that contain suspicious activity, but are not malicious (for example, a program that takes screenshots but does not use them for malicious purposes).

Attack scenarios were unique for each test and designed to fully mimic the behavior of cybercriminals - in fact, this is a test in "combat conditions."

File:Aquote1.png
ICSA Labs is one of the leaders among independent testing companies, and it is very important for us to participate in this testing. We broke our own record of 99.44 per cent detections, and yet there was not a single false response - a superb result to be proud of. In addition, he shows that the use of next-generation technologies, such as behavioral analysis and machine learning algorithms, allows our solution to invariably protect customers from any threats, regardless of what complex tools and tricks cybercriminals use, "said Oleg Glebov, Head of Solution Development for countering targeted attacks" Kaspersky Lab. "
File:Aquote2.png

May update

Kaspersky Lab announced in May 2017 the release of an updated version of Kaspersky Anti Targeted Attack Platform (KATA). The solution combines advanced machine learning algorithms and optimized adaptability to the client infrastructure. In combination with expert services to protect against cyber threats, this allows you to counteract even the most complex attacks in the early stages. In addition, the technical requirements for integration with Kaspersky Private Security Network, a local reputation base from which information does not go beyond the corporate network, have decreased.

The new version of Kaspersky Anti Targeted Attack Platform easily integrates with Kaspersky Endpoint Security for Business and allows you to use the workplace protection solution as a sensor. In addition, e-mail is optimized: the new KATA is capable of blocking malicious emails and is compatible with the Kaspersky Secure Mail Gateway solution. Now, when protecting mail, not only files are processed, but also web addresses - they are transferred to the sandbox and checked in a secure environment. In addition, it became possible to check even password-protected archives.

The sandbox infrastructure - a specially dedicated environment that simulates the usual work on a computer to check the behavior of various programs in this environment - has become decentralized, due to which it can be scaled. This allows you to work with a large number of analyzed objects even on loaded networks.

The Kaspersky Anti Targeted Attack Platform management console has become more visible and understandable for tracking all workflows. The panel displays detailed information about the status of checks, recent events and incidents, as well as possible links between them. Different users of the solution can now be given different levels of access depending on their responsibilities and competencies. In addition, the presentation of information about certain parts of the infrastructure may be limited in accordance with the company's security policy, Kaspersky Lab noted.

"We focused
on three main areas of product improvement. The first and most important - added new operational scenarios, expanded the ability to analyze and automate the search for relationships between events. Second, we have seriously worked on the scalability of the solution, its flexibility and the ability to adapt to the client's requirements. Finally, the third direction is clarity. A clean and understandable interface that can be configured for yourself is vital for the prompt detection of incidents and response to them, "said Artem Serebrov, head of the Kaspersky Anti Targeted Attack Platform development department at Kaspersky Lab.

In general, according to the developers, Kaspersky Anti Targeted Attack Platform (KATA) is a solution for protecting against targeted attacks. The main danger of these attacks is that they are carefully worked out for each specific organization and often do not find themselves in any way for a long time. The result can be a permanent leak of confidential data, a simple enterprise or a blow to reputation. KATA resists attacks at all stages and is capable of both detecting an attack that has already begun and minimizing damage from it, and protecting the enterprise from potential threats by assessing security risks in the current infrastructure, according to Kaspersky Lab.

2016

In 2016, the Kaspersky Anti Targeted Attack Platform security solution received a certificate from the FSB of Russia, which confirms that it meets the requirements of the Federal Security Service for antivirus tools.

"Targeted attacks are rapidly becoming one of the main cyber threats to business - they are carefully thought out and verified, well disguised and for a long time do not give themselves away. In Kaspersky Anti Targeted Attack Platform, we use statistical analysis of the behavior of computers on the organization's network to stop the attack at the very beginning and reduce or prevent damage. The presence of a certificate of the Federal Security Service is necessary when using a product to protect the highest government bodies of the Russian Federation, "said Evgenia Naumova, head of corporate sales at Kaspersky Lab in Russia. - Kaspersky Anti-Virus for Linux File Server already had a previously issued FSTEC certificate, but we are constantly updating this product. The new version can be used on certified operating systems for working with classified data. This is especially important for many customers with high security requirements. "

Notes