The Kaspersky Anti Targeted Attack Platform analyzes data collected from different points of the corporate IT infrastructure. The solution’s sensors cover data acquisition duties over network traffic, web and e-mail, as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyzer for a final verdict.
The Advanced Sandbox provides an isolated and virtualized environment to analyze suspicious objects and detect their intent. The Targeted Attack Analyzer utilizes data processing and machine learning technologies to assess and combine verdicts from different analysis engines. This is where the final decision to alert staff is made.
Additional technologies that help to reduce false positive alerts include Kaspersky Lab’s anti-malware engine to rule out generic attacks that can be blocked by traditional solutions, URL analysis, threat data feeds delivered from Kaspersky Lab’s cloud security network, an Intrusion Detection System and support for custom rules to detect specific activity in a corporate network.
Kaspersky Lab’s Security Intelligence Services comprise three major areas and are designed to meet the most frequent demands of large organizations, governmental agencies, ISPs, Telecoms and Managed Security Service Providers.
Security Assessment Services is a new security offering from Kaspersky Lab that includes Penetration Testing and Application Security Assessment. In enabling corporate clients to predict the specifics of a cyber-attack before it happens, Kaspersky Lab speeds up the transformation of intelligence into real protection. Kaspersky Lab’s team of security experts supports this service offering and can test a company’s protection against a wide variety of attack methods.
Another part of the Security Intelligence Services offering is the Cybersecurity Awareness program for the businesses workforce.
Kaspersky Lab also shares its security expertise with fellow IT security professionals. A major part of the Cybersecurity Training offering is Cybersecurity Fundamentals and Digital Forensics and Malware Analysis/Reverse Engineering training. Aimed at speeding up the response to cyber-attacks, this training suits enterprises and MSSPs as well as governmental and law enforcement agencies. One of the notable examples of intelligence sharing is Kaspersky Lab’s cooperation with the City of London Police and Interpol.
'Threat Intelligence' is another branch of the Security Intelligence Services package that allows companies to access threat intelligence data from Kaspersky Lab through Threat Data Feeds and Botnet Tracking. Threat Data Feeds include prompt information on malicious programs and URLs, phishing attacks and mobile threats, and are compatible with third-party SIEM solutions.