Kaspersky has announced a major update to Kaspersky Anti Targeted Attack 8.0 (KATA 8.0), designed to help organizations improve visibility across their networks and detect sophisticated cyberthreats earlier and with greater accuracy.
As the attack surface continues to expand and traditional network perimeters dissolve, security teams face growing challenges in controlling network traffic security. KATA 8.0 addresses these challenges with new detection technologies, broader network observability and tighter integration with Kaspersky’s security ecosystem and third-party solutions.
Advanced detection technologies for modern threats
KATA 8.0 introduces several new detection capabilities aimed at improving threat detection while reducing alert fatigue.
The new anomaly detection technology identifies suspicious network behavior by analyzing key protocols commonly abused in cyberattacks, such as DNS, HTTP and Kerberos. Instead of inspecting all network traffic, the technology focuses on protocol-specific deviations while taking into account the organization’s infrastructure and usage patterns. This approach significantly improves detection accuracy and helps reduce false positives.
With shadow IT detection, KATA 8.0 enables organizations to identify the use of unauthorized public services. The solution supports more than 5,000 external services, including popular cloud storage and collaboration platforms, helping security teams improve network visibility and regain control over corporate data flows.
KATA 8.0 also introduces retrospective scanning of user-uploaded traffic copies. Security teams can now upload PCAP files manually or automatically from other security systems and analyze them using the latest detection rules and updates across Kaspersky’s anti-malware, sandbox, IDS and other engines. This enables deeper investigations and the discovery of threats that may have gone undetected at the time of the incident.
In addition, KATA now can collect all the observables from the network traffic including file names, URLs and hashes – not only malicious objects, but also the safe ones. This allows analysts to identify potentially compromised users and suspicious activity even when objects initially appear clean, providing a broader and more proactive security perspective.
Stronger integrations for faster investigations and response
KATA 8.0 also enhances integration with other Kaspersky solutions and external platforms to streamline investigations and improve response times.
Integration with Kaspersky Security for Mail Server (KSMS) enables dynamic scanning of password-protected email attachments in the KATA Sandbox, while enriched KATA alerts now include full visibility into actions taken by KSMS, such as blocking or deleting suspicious content.
For organizations using Managed Detection and Response (MDR), KATA 8.0 acts as a network sensor supplying telemetry directly to the MDR cloud. MDR analysts can now also request additional context from KATA directly through the MDR interface, without involving the customer, significantly accelerating investigations.
The solution also supports automated file submission from Kaspersky Endpoint Security (KES) to the KATA Sandbox, enabling deeper analysis of suspicious files discovered on endpoints and faster response actions when malicious verdicts are confirmed.
To strengthen active response capabilities, KATA 8.0 introduces new connectors for Check Point NGFW, allowing the solution to automatically generate blocking rules based on detected malicious network activity and enforce them at the firewall level in near real time.
Ilya Markelov, Head of Unified Platform Product Line at Kaspersky, says: “Kaspersky Anti Targeted Attack 8.0 was designed to provide high level of visibility, enabling proactive threat detection, deeper investigations and more confident response decisions through advanced analytics and tight integration with endpoint protection, email security, MDR and other products and services. As part of its long-term development strategy, in future releases we plan to move KATA to the Open Single Management Platform (OSMP). This will enable seamless integration with multiple Kaspersky solutions and third-party components through a unified web console, supporting NDR, EDR, SIEM, XDR and more within a single security ecosystem.”
