The Kaspersky Anti Targeted Attack [KATA] Platform is a premium multilayered solution aimed at stopping the most dangerous targeted threats, while the company also announced a series of new services, including penetration testing, cybersecurity training and threat intelligence sharing.
CANCUN — Kaspersky Lab has announced the Kaspersky Anti Targeted Attack Platform [KATA], a multilayered solution aimed at targeted attacks, and designed to combat this top one per cent of threats. The company also announced new enterprise-focused Security Intelligence Services, including penetration testing, cybersecurity training and threat intelligence sharing. No SMB solutions were announced at this time, but the company indicated that a new SMB-focused cloud product, Kaspersky Endpoint Security Cloud, will be coming later this year. It will have a maximum of 1000 users per customer.
Kaspersky has made deeper penetration of the enterprise a key priority in 2016, and KATA, with its focus on the most dangerous enterprise threats, will be a key component of this strategy.
“Kaspersky Anti Targeted Attack is the headliner of the whole year for us,” said Nikita Shvetsov, Kaspersky Lab’s Chief Technology Officer.
Shvetsov said that KATA consists of “two big parts.” One is a series of lightweight network, web proxy and e-mail sensors. The other – completely integrated with the first – is a Targeted Attack Analyzer focused on endpoints.
“All that information from all these locations is taken and processed through an advanced Sandbox engine,” said Michael Canavan, Vice President of Presales System Engineering at Kaspersky Lab. “That engine uses machine learning to assess and deliver actionable information from the system. A lot of the value here comes from the strength of our intelligence. It is based on the sandboxes we have used internally for over 10 years. It’s not OEMed.”
Canavan said that KATA is the evolution of functionality Kaspersky used previously — but using completely different technology.
“In the context of our enterprise security model, we had similar functionality in the detect area within our endpoint solution, called System Watcher,” he stated. “KATA is the evolution of this to a network level, but it uses completely different technology. It has the same type of detect capability, but it is comparing apples and oranges at a technical level.”
“This is a multi-multi layered approach to finding an attack,” said David Balcar, KATA Security Evangelicist. “KATA exercises this multi-layered control over the environment to focus on the targeted threats that traditional IT can’t identify.”
Balcar stressed that while competitors have products designed to do similar things, they are much less effective because they are essentially point products.
“They don’t see things from the perspective of end-to-end protection,” he said. “Because of this, they are easy to counter. People post videos on YouTube on how to bypass them!”
Canavan said that the true target audience for KATA isn’t defined simply by the size of the customer.
“It’s not segmented for a certain size of user. It’s a premium option for customers with the highest criticality around security.”
KATA comes in three packages – Standard, Advanced, and Enterprise. The Standard Package, which has one sensor, supports up to 1000 users, although Balcar indicated there is interest among smaller customers – one had 300 users – who have huge bandwidth concerns. The Advanced has two sensors and supports up to 5,000 users, and the Enterprise has three censors and supports an unlimited number of users. None of these are inexpensive. Even the Standard package is fairly pricey. It lists at $50,000, while the Advanced lists at $150,000 and the Enterprise is $250,000. Additional sensors are $50,000 each.
“It’s not cheap, but it’s a lot of extra work to find those one per cent of threats,” Balcar said. Customers also will need to be counselled wisely on the specific package for them because for now at least, there is no upgrade path, and a customer who wants to move up in scale will have to buy a whole new box.
KATA is fully compatible with all other solutions, including competitor products. At launch, it only supports Windows, but Balcar said that support for Macs and Linux will be here before the end of the year. A specialization for KATA will also be launched later this quarter.
The other new offering announced is actually a range of Security Intelligence Services, including penetration testing, cybersecurity training and threat intelligence sharing, which are available to partners to sell as security-as-a-service products. A key market for these will be larger customers, including governmental agencies, ISPs, telcos and MSPs.
Two new Security Assessment Services are available now – Penetration Testing and Application Security Assessment.
“These are meant to be offered as complementary services and are available to any partner to fulfill,” Canavan said. “The actual delivery is done by Kaspersky. These are meant to give partners options if they don’t have the services themselves or they need a higher level of expertise. The majority of partners do have some level of services they provide, and these are designed to augment that.”
Another service, for Distributed Denial of Service [DDoS] protection, will be available soon.
“This service is available in Europe and the Middle East now, but not yet in North America, although it is coming here soon,” Shvetsov said. “We initially created it to protect our own websites.”
New cybersecurity training is also now available, and covers two areas.
“The first is online training for entire organizations from the front desk staff to the CEO,” Canavan said. It covers the basics of how not to do dumb stuff, and is a resell opportunity for partners.
“The other training area is for IT security pros, and involves a whole series of courses, with the top level including how to reverse engineer malware,” Canavan stated. “This is something partners could use themselves or resell.”
Kaspersky is also making Threat Intelligence services available to anyone who wants to use them, even organizations who use other security products. They include Threat Data Feeds and Botnet Tracking, and are compatible with popular third-party SIEM solutions. These are also available in a form of tailored Intelligence Reporting, made-to-order reports on specific aspects of the threat landscape as well as actionable reports on the latest threats.
“These can all be branded under the partner’s name,” said Joe Conti, MSP channel manager at Kaspersky Lab. “MSPs have often had a hard time delivering educational types of services, but these have a gaming interface and are fun and somewhat competitive.”
“We think that once organizations use this, they will come over to more of our products,” Whitlock said.
“This is really something that we had been talking about for the last year, and began to make available without an official launch,” Canavan said. “We finally rolled it into this security services launch. It originally started with a lot of media generated reports on high profile attacks, and was aimed at organizations who wanted to see a version that went beyond the press release on the attack, that would help them protect against future attacks.”
Finally, Kaspersky also discussed a significant new product offering at their North American Partner Conference that is scheduled for release in September – Kaspersky Endpoint Security Cloud.
“A lot of MSPs don’t want to host their own datacenters any more, and this is for them,” Conti said.
Kaspersky Endpoint Security Cloud is hosted by Kaspersky on Microsoft Azure, and while it has most of the functionality of Kaspersky Endpoint Security, there are some differences. First, there is a restriction on customer size, with a maximum of 1000 nodes per customer.
“The functionality is also simpler compared to the regular version, but all the major components are in place,” said Konstantin Voronkov, Head of Endpoint Product Management at Kaspersky Lab. This includes anti-malware, firewall/IPS, web protection, mail antivirus, web control and device control.
“With the basic interface, you see where the users and devices are, in a true user-based management model, the first product we have designed this way,” Voronkov stated.
“This makes protection of wireless devices very simple,” he added. “You don’t have to set up a security centre or do configuration. You just push a button. It makes business with mobile much simpler. We have partners who said that before, doing mobile management was so complex, it wasn’t worth doing with the demand available.”
For now, only Windows is supported, with Mac support coming later in 2016. File Server Security is also Windows only. Endpoint control tools are there for device and web control, but there is no application control at this point. For MDM and MAM, Android and iOS are supported, but not Windows Phone or any other OS.
As far as RMM and PSA platform integration goes, Kaspersky has existing relationships with Autotask and Kaseya. Integration with LabTech and ConnectWise platforms are scheduled for later in 2016, with the LabTech one scheduled to be first.