Kaspersky Lab has announced renewed Kaspersky Anti Targeted Attack Platform, a solution to detect advanced threats and targeted attacks for enterprises. The solution blends advanced machine learning algorithms, actionable worldwide threat intelligence and adaptivity to customer infrastructure, to help large businesses uncover the most sophisticated and damaging attacks at any stage of their development. The new Kaspersky Anti Targeted Attack Platform also features scalability improvements with Sandbox clustering, and optimized visibility with major GUI updates.
The Kaspersky Anti Targeted Attack Platform combines network and endpoint sensors, sandbox technology and intelligent analysis to correlate different indicators of compromise and help businesses discover even the most complex targeted attacks. To counter advanced cyber threats, the latest solution improvements bring in new powerful tools such as the monitoring of corporate workflow, including web and e-mail traffic, when integrated with the Kaspersky Security for Mail Gateway solution.
Oleg Glebov, Anti Targeted Attacks Solution Business Lead at Kaspersky Lab, comments: “According to our strategic view on efficient adaptive security for enterprise, we’ve introduced three major areas of product improvement. The first, and most important one, is the addition of new operation scenarios aimed at improving overall visibility, analysis capabilities, and the automated correlation of various events likely connected to a single incident. Second, is the solution’s new scalability, flexibility, and ability to adapt to unique performance requirements. Finally, there is the visibility factor: a clean, understandable, customizable visualization of how our solution is operating is also vital for faster detection and aligned response”.
Detection. The efficiency of Kaspersky Anti Targeted Attack platform has already been praised by customers and independent testing institutions. The 2017 update ups performance with better endpoint integration, via Kaspersky Lab’s endpoint security solution or a standalone endpoint that allows users to detect behavior anomalies and request additional data for processing. To make sure that even a well-hidden attack eventually gets uncovered, a process of repeatedly scanning suspicious objects and keeping them in an archive has been added.
Should a threat actor host a malicious payload externally (as is often the case), Kaspersky Anti Targeted Attack Platform improves the visibility and analysis of an attack. This is achieved by processing not only files, but also URLs using a sandbox. In addition, it is now possible to process password-protected archives to address another common criminal tactic of sending protected attachments with a password. Archived payloads are now analyzed with a better detection rate overall.
Scalability. Sandbox infrastructure is now decentralized and can be scaled depending on the needs of a customer, with better adaptivity to existing hardware/virtualized infrastructure and lower cost of deployment. In addition, the solution’s connection to network and e-mail traffic has been simplified with additional deployment options suitable for a particular IT infrastructure. The new Kaspersky Anti Targeted Attack Platform is capable of blocking malicious e-mails, when integrated with the Kaspersky Security for Mail Gateway solution.
Visibility. Today CISOs encounter a lack of visibility at the crucial point of deciding on their incident response. Deconstructing an attack kill chain, they need to see the whole picture and understand what alert is more important to investigate – is it the chief accountant’s data being compromised or is it BSD on the CEO desktops at regional offices? A major factor that improves response is having a security officer view and analyse the results. Kaspersky Anti Targeted Attack Platform enables this via a fully reworked dashboard, with detailed information on the status of periodic checks, the latest events, and incident information with collated data on corresponding events. To ensure privacy, different roles have been implemented for administrators. Access to information concerning certain parts of the infrastructure with sensitive data can now also be restricted according to a company’s privacy policy.
Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab, commented: “The new features of Kaspersky Anti Targeted Attack Platform are a direct result of our efforts to address customer feedback. A series of deployments, including one at a major financial institution has showed the advantages of our advanced algorithms, along with the need to better adapt to customer requirements in terms of accuracy of detection, ability to scale and visibility. Convenience, cost of ownership and usability contribute to the faster detection and remediation of threats – just as much as the latest technology does. As we continue to enhance the detection and response capabilities in our solutions, we have dedicated a sizeable share of resources towards making sure our products reflect the true needs of our customers”.
Kaspersky Anti Targeted Attack platform is already available in the Middle East, Turkey and Africa. More information about Kaspersky Lab’s most advanced solution can be found on the official website.