1. Home
  2. kaspersky Authorized Training Center
  3. KL025.37

KL 025.37: Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response

Title
Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response
Code
KL 025.37
Target group
The course is aimed at presale engineers who work with Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response.
Applications covered in the course:
  • Kaspersky Anti Targeted Attack Platform

  • Kaspersky Endpoint Detection and Response

Recommended for preparation for the following exams
KLE 025.37 Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response
Duration
3 days

The main aim of this course is to provide all know-how required to plan, deploy, configure, and demonstrate the solution.

Contents


Unit 1. KATA and KEDR overview


1. Featured products and applications


2. Threat landscape


3. Products’ architecture


Unit 2. Deployment planning


1. System requirements


2. Sizing


3. Typical topologies


4. Licensing


Unit 3. Installation


1. Workflow


2. Server installation

  • Lab 1. Install and configure Central Node Lab

  • Lab 2. Configure Kaspersky Sandbox

  • Lab 3. Connect the Central Node to the Sandbox

3. Activation and initial setup

  • Lab 4. Activate Central Node

  • Lab 5. Create an information security officer account

4. Connecting KATA to traffic sources

  • Lab 6. Connect Central Node to the network infrastructure (SPAN)

  • Lab 7. Make sure that traffic is being analyzed

  • Lab 8. Connect the Central Node to the mail system using SMTP

  • Lab 9. Configure the mail server to send copies of messages to the Central Node

  • Lab 10. Make sure mail is being analyzed

  • Lab 11. Prevent superfluous mail processing

  • Lab 12. Connect Sensor to proxy server (ICAP)

  • Lab 13. Make sure ICAP traffic is being analyzed

  • Lab 14. Prevent superfluous http traffic processing

5. Deploying Kaspersky Endpoint Agent

  • Lab 15. Enable Kaspersky Endpoint Agent using the task ‘Change application components’ of Kaspersky Endpoint Security

  • Lab 16. Install Kaspersky Endpoint Agent using Kaspersky Security Center

6. Activation and initial setup of Kaspersky Endpoint Agent

  • Lab 17. Connect Kaspersky Endpoint Agent to the Central Node Lab

  • Lab 18. Activate Kaspersky Endpoint Agent

  • Lab 19. Make sure that the TAA subsystem operates properly

7. Distributed installation


Unit 4. Incident processing


1. Processing alerts


2. Health check for detection technologies

  • Lab 20. Simulate a malicious payload

3. Threat identification

  • Lab 21. Demonstrate KATA operation results

4. Threat containment with KEDR


5. KEDR response tools

  • Lab 22. Demonstrating analysis and response to a TAA alert

6. Sandbox analysis results

  • Lab 23. Examine details of file execution in the sandbox

7. Search for indicators of attack/compromise with KEDR


Unit 5. Configuration


1. Dashboards and reports


2. Notifications and SIEM


3. Custom rules and exceptions

  • Lab 24. Add third-party IDS rules

  • Lab 25. Write a custom IDS rule

  • Lab 26. Create an exception to an IDS rule

  • Lab 27. Write a custom YARA rule

4. Kaspersky Anti Targeted Attack Sensor settings


5. Configuring Kaspersky Endpoint Agent


Unit 6. Maintenance


1. Updates


2. Collecting system information


3. Saving and restoring settings


4. Upgrade


5. Modifying system settings


Unit 7. External API & KPSN


1. External API


2. Integration with KPSN


Requirements for participants

  • Basic understanding of Kaspersky Security Center.

  • Basic understanding of networking technologies: DNS, routing, email, web.

  • Basic Windows and Linux managing skills.

  • Understanding of contemporary threats and information technologies.