Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response (025.6)

 

Prerequisites

  • Basic understanding of Kaspersky Security Center.
  • Basic understanding of networking technologies, such as DNS, routing, email, web.
  • Basic Windows and Linux management skills.
  • Understanding of contemporary threats and information technologies.

Course Objectives

Kaspersky Anti Targeted Attack platform and Kaspersky EDR together form a native eXtended Detection and Response (XDR) solution that helps organizations build a reliable protection system against advanced cyberattacks.

The theoretical part of the course and the hands-on labs provide participants with the knowledge and skills needed to plan and deploy the solution, understand how it works, configure and maintain it.

Course Content

1. Introduction

  • Threat landscape
  • Challenges in building an information security system
  • Approaches to building a cybersecurity system
  • The tasks KATA Platform helps solve

2. Pre-deployment

  • Components, capabilities
  • Deployment schemas, scaling, compatibility

3. KATA platform deployment

  • Installation of Central Node as a cluster and Sensor installation
  • Installing and configuring Sandbox
  • Activation, updates, users
  • Interconnecting the servers
  • Lab 1 Install and configure the central node
  • Lab 2 Check KATA Sandbox settings
  • Lab 3 Prepare KATA platform for operation

4. KATA operation

  • Connecting to traffic sources
  • KATA detection technologies
  • Lab 4 Connect the central node to the network infrastructure (SPAN)
  • Lab 5 SSH brute force attack
  • Lab 6 SYN flood attack on a corporate server
  • Lab 7 Create a custom IDS rule
  • Lab 8 Connect the central node to the mail system using SMTP
  • Lab 9 Connect a sensor to the proxy server (ICAP)
  • Lab 10 Prevent superfluous http traffic processing
  • Lab 11 Creating a custom YARA rule

5. Installing the Agents

  • Agent types
  • Centrally managed installation
  • Installation without centralized management
  • Installation result and data collection
  • Lab 12 Install KES using KSC
  • Lab 13 Connect KES to Central Node

6. KEDR operation

  • KEDR detection technologies
  • Incident investigation
  • Incident response

7. Sandbox analysis results

  • Sandbox alert card
  • Results of analysis in a virtual environment
  • Sandbox debug information
  • Lab 14 Attack on a corporate Linux server
  • Lab 15 Attack on a corporate Windows computer
  • Lab 16 Examine details of file execution in the sandbox
  • Lab 17 Create a custom TAA rule

8. KATA platform maintenance

  • VIP status
  • Scanning password-protected archives
  • External API
  • Reports
  • Email notifications
  • Integration with SIEM
  • Server monitoring using SNMP
  • Collecting system information
  • Updates
  • Upgrade from previous versions
  • Saving and restoring settings
  • Modifying system settings
  • Kaspersky Private Security Network (KPSN)
  • Lab 18 Configure integration with Active Directory
  • Lab 19 Working with API

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • on request
Book now
Enquire a date
Classroom Training

Duration
3 days

Price
  • on request
Book now
Enquire a date

Schedule

Currently there are no training dates scheduled for this course.

Enquire a date