Kaspersky Anti Targeted Attack Platform (KATA) is a complex solution for enterprises with multiple layers of detecting technologies to protect against targeted attacks. Real time monitoring of network traffic combined with object sandboxing and endpoint behavior analysis, delivers a detailed insight into what's happening across a business’ IT infrastructure. By correlating events from multiple layers including network, endpoints and the global threat landscape, KATA achieves “near realtime” detection of complex threats and helps to enable retrospective investigations. This solution exemplifies Kaspersky Lab’s multi-layered, next generation approach to advanced protection.
In past years, commodity malware remained hidden in the shadow of more sophisticated targeted long-term and better-prepared attack campaigns, so called APTs (Advanced Persistent Threats). Being targeted towards the victim, such attack easily bypasses single-layered protection. But with more detecting techniques involved, the probability of attacker’s mistake raises.
The main purpose of the anti-targeted attack solution is to raise cost of an attack to the level where the attack is not profitable. Therefore, ideal solutions should resemble a puff pie – layers of detecting technologies with tasty filling in the very middle.
KATA incorporates the following detection techniques:
KATA gets data for analysis from different sources:
The main purpose of KATA is to detect the targeted attack on every stage as it develops. Every layer of protection is responsible for detection of one or more stages of the attack: Sandbox, Yara and AV monitor infiltration, IDS is responsible for communication and exfiltration, TAA monitors almost all stages, and KSN helps all of the above with necessary data.
As a result, the Information Security Officer sees everything malicious, suspicious and abnormal that happens in the corporate network.