Kaspersky Anti Targeted Attack
Network Traffic Analysis driven by Machine Learning
Today’s cybercriminals constantly design unique and innovative methods of penetration and compromise. To avoid perimeter prevention technologies they use social engineering, non-malware and supply chain attacks to operate under the radar of security designed to catch ‘bad’ traces. It’s not enough to just ‘know’ what’s bad or dangerous – enterprises need to understand what’s normal, and use AI-driven techniques that simplify and automate this process. Targeted Attack Analyzer is a machine learning engine that involves self-learning to establish the baseline of normal, legitimate activities of an entire network. Through continuous network telemetry collection it finds deviations, detects suspicious activities and predicts further malicious actions at the initial stages of multilayered attacks.
Threat Emulation with Advanced Sandboxing
The static analysis of network traffic doesn’t provide adequate security on its own. Multi-layered malware, additional payloads and hidden command and control communications all require multi-dimensional detection capabilities at perimeter level, to prevent endpoints and servers from being compromised. Enterprises need extremely powerful detection engines to discover threats at the earliest stage, before lateral movement is established. Kaspersky’s Advanced Sandbox provides multi-layered detection, mapping to the MITRE ATT&CK knowledge base for further analysis of adversaries’ tactics, techniques and procedures. Sandbox supports several emulation modes, the randomization of OS components, time acceleration in virtual machines, anti-evasion techniques and user activity simulation.
The ML-based correlation engine aggregates network-level telemetry and verdicts and empowers it with endpoint-level data from Kaspersky EDR. It gives complete visibility and correlates incidents with rich context, fully automated and easy to use for better decision making.
Built around a Machine Learning core (Targeted Attack Analyzer) the platform combines advanced detection capabilities using static, behavioral, cloud reputation, sandboxing, YARA and pattern-based detection engines.
In addition to full network traffic analysis the platform automatically analyzes URLs in emails, password-protected archives and attachments to protect mail traffic, regardless of implementation mode: cloud, on-premise or encrypted. To prevent threats, the platform integrates with the Kaspersky Secure Mail Gateway.
Professional help is available whenever you need it. Operating in more than 200 countries, from 34 offices worldwide, we have you covered 24/7/365. Take advantage of our Premium support packages, or call on our Professional Services to ensure that you derive maximum benefit from your Kaspersky Lab security installation.
* Appliances can be virtual, VMware vSphere is recommended as a platform.
As the adoption of digital technologies such as the cloud, big data, mobile IoT and artificial intelligence continues apace, together with increasing inter-connectivity, new security, compliance and data protection challenges arise.
Data management and compliance issues which can slow business evolution
Lack of a planning and a unified security strategy for Incident Response
Shadow IT and low visibility over business assets, and the corresponding risks
New business initiatives suffering from ineffective or unsuitable security
Too many alerts to be verified due to 'false positives'
Stolen credentials and permissions which can put businesses at significant risk