KL 025: Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response

Title

Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Detection and Response

Code

KL 025

Target group

The course is aimed at presale engineers who work with Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response.

Applications covered in the course:

Kaspersky Anti Targeted Attack Platform
Kaspersky Endpoint Detection and Response

Duration

3 Days

Please fill out the form below to register for the course:
Name(Required)
Date(Required)

Unit 1. KATA and KEDR overview

1. Featured products and applications
2. Threat landscape
3. Products’ architecture

Unit 2. Deployment planning

1. System requirements
2. Sizing
3. Typical topologies
4. Licensing

Unit 3. Installation

1. Workflow
2. Server installation

  • Lab 1. Install and configure Central Node Lab
  • Lab 2. Configure Kaspersky Sandbox
  • Lab 3. Connect the Central Node to the Sandbox

3. Activation and initial setup

  • Lab 4. Activate Central Node
  • Lab 5. Create an information security officer account

4. Connecting KATA to traffic sources

  • Lab 6. Connect Central Node to the network infrastructure (SPAN)
  • Lab 7. Make sure that traffic is being analyzed
  • Lab 8. Connect the Central Node to the mail system using SMTP
  • Lab 9. Configure the mail server to send copies of messages to the Central Node
  • Lab 10. Make sure mail is being analyzed
  • Lab 11. Prevent superfluous mail processing
  • Lab 12. Connect Sensor to proxy server (ICAP)
  • Lab 13. Make sure ICAP traffic is being analyzed
  • Lab 14. Prevent superfluous http traffic processing

5. Deploying Kaspersky Endpoint Agent

  • Lab 15. Enable Kaspersky Endpoint Agent using the task ‘Change application components’ of Kaspersky Endpoint Security
  • Lab 16. Install Kaspersky Endpoint Agent using Kaspersky Security Center

6. Activation and initial setup of Kaspersky Endpoint Agent

  • Lab 17. Connect Kaspersky Endpoint Agent to the Central Node Lab
  • Lab 18. Activate Kaspersky Endpoint Agent
  • Lab 19. Make sure that the TAA subsystem operates properly

7. Distributed installation

Unit 4. Incident processing

1. Processing alerts

2. Health check for detection technologies

  • Lab 20. Simulate a malicious payload

3. Threat identification

  • Lab 21. Demonstrate KATA operation results

4. Threat containment with KEDR

5. KEDR response tools

  • Lab 22. Demonstrating analysis and response to a TAA alert

6. Sandbox analysis results

  • Lab 23. Examine details of file execution in the sandbox

7. Search for indicators of attack/compromise with KEDR

Unit 5. Configuration

1. Dashboards and reports
2. Notifications and SIEM
3. Custom rules and exceptions

  • Lab 24. Add third-party IDS rules
  • Lab 25. Write a custom IDS rule
  • Lab 26. Create an exception to an IDS rule
  • Lab 27. Write a custom YARA rule

4. Kaspersky Anti Targeted Attack Sensor settings
5. Configuring Kaspersky Endpoint Agent

Unit 6. Maintenance

1. Updates
2. Collecting system information
3. Saving and restoring settings
4. Upgrade
5. Modifying system settings

Unit 7. External API & KPSN

1. External API
2. Integration with KPSN

Requirements for participants

  • Basic understanding of Kaspersky Security Center.
  • Basic understanding of networking technologies: DNS, routing, email, web.
  • Basic Windows and Linux managing skills.
  • Understanding of contemporary threats and information technologies.