KL 025 Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response
KL 025: Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response
Title
Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response
Code
KL 025
Target group
The course is aimed at presale engineers who work with Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response.
Applications covered in the course:
Kaspersky Anti Targeted Attack Platform
Kaspersky Endpoint Detection and Response
Duration
3 Days
Please fill out the form below to register for the course:
Unit 1. KATA and KEDR overview
1. Featured products and applications
2. Threat landscape
3. Products’ architecture
Unit 2. Deployment planning
1. System requirements
2. Sizing
3. Typical topologies
4. Licensing
Unit 3. Installation
1. Workflow
2. Server installation
- Lab 1. Install and configure Central Node Lab
- Lab 2. Configure Kaspersky Sandbox
- Lab 3. Connect the Central Node to the Sandbox
3. Activation and initial setup
- Lab 4. Activate Central Node
- Lab 5. Create an information security officer account
4. Connecting KATA to traffic sources
- Lab 6. Connect Central Node to the network infrastructure (SPAN)
- Lab 7. Make sure that traffic is being analyzed
- Lab 8. Connect the Central Node to the mail system using SMTP
- Lab 9. Configure the mail server to send copies of messages to the Central Node
- Lab 10. Make sure mail is being analyzed
- Lab 11. Prevent superfluous mail processing
- Lab 12. Connect Sensor to proxy server (ICAP)
- Lab 13. Make sure ICAP traffic is being analyzed
- Lab 14. Prevent superfluous http traffic processing
5. Deploying Kaspersky Endpoint Agent
- Lab 15. Enable Kaspersky Endpoint Agent using the task ‘Change application components’ of Kaspersky Endpoint Security
- Lab 16. Install Kaspersky Endpoint Agent using Kaspersky Security Center
6. Activation and initial setup of Kaspersky Endpoint Agent
- Lab 17. Connect Kaspersky Endpoint Agent to the Central Node Lab
- Lab 18. Activate Kaspersky Endpoint Agent
- Lab 19. Make sure that the TAA subsystem operates properly
7. Distributed installation
Unit 4. Incident processing
1. Processing alerts
2. Health check for detection technologies
- Lab 20. Simulate a malicious payload
3. Threat identification
- Lab 21. Demonstrate KATA operation results
4. Threat containment with KEDR
5. KEDR response tools
- Lab 22. Demonstrating analysis and response to a TAA alert
6. Sandbox analysis results
- Lab 23. Examine details of file execution in the sandbox
7. Search for indicators of attack/compromise with KEDR
Unit 5. Configuration
1. Dashboards and reports
2. Notifications and SIEM
3. Custom rules and exceptions
- Lab 24. Add third-party IDS rules
- Lab 25. Write a custom IDS rule
- Lab 26. Create an exception to an IDS rule
- Lab 27. Write a custom YARA rule
4. Kaspersky Anti Targeted Attack Sensor settings
5. Configuring Kaspersky Endpoint Agent
Unit 6. Maintenance
1. Updates
2. Collecting system information
3. Saving and restoring settings
4. Upgrade
5. Modifying system settings
Unit 7. External API & KPSN
1. External API
2. Integration with KPSN
Requirements for participants
- Basic understanding of Kaspersky Security Center.
- Basic understanding of networking technologies: DNS, routing, email, web.
- Basic Windows and Linux managing skills.
- Understanding of contemporary threats and information technologies.