Kaspersky KATA 7.0: the next level of targeted attack protection
Kaspersky has announced a major update to its Kaspersky Anti Targeted Attack (KATA). With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats detection and other critical security features.
According to Kaspersky's IT Security Economics 2024 report, an overwhelming majority of organizations report network attacks. Large enterprises lead with 97% reporting an attack, followed by SMEs at 88%, and SMBs at 83%. With this in mind, Kaspersky updates its solutions regularly to ensure businesses are equipped to meet evolving security requirements.
The latest enhancements in KATA 7.0 address key customer challenges by delivering full visibility across IT infrastructure, advanced defense against sophisticated threats, and a streamlined, resource-efficient security solution. The update introduces network telemetry export from Kaspersky Endpoint Security for Windows and Linux, adding one more additional source of network data collection to copy of SPAN traffic, which improves visibility and threat detection.
The introduction of new asset management, network map, and network session table modules, provides SOC analysts with enhanced tools for monitoring and managing network security through graphical representations, advanced filtering, and interactive features. These additions create a complete network inventory and management system.
The updated platform also strengthens internal traffic monitoring with new NDR IDS rules for east-west traffic analysis, improving the detection of lateral movement, data exfiltration and other malicious attempts that could previously have gone unnoticed. Additionally, new risk and anomaly detection capabilities identify hidden threats and potential security vulnerabilities before they escalate into breaches, helping organizations proactively manage cybersecurity risks.
As KATA offers comprehensive security at both the network and endpoint levels, its Endpoint Detection and Response technology, EDR Expert, has also undergone significant updates in version 7.0. The variety of collected telemetry types has been expanded, providing enhanced visibility into an event at endpoints.
Threat hunting search capabilities have also been improved, with search now available across all the events attributes. This enables more effective threat detection and creates more accurate exceptions to minimize false positives. Sigma-rules support has also added with this update meaning it is now possible to find threats according to the condition contained in the Sigma rule in historical data or new events collected from the endpoints.
'With the launch of KATA 7.0, we are reinforcing our commitment to providing enterprises with a fully integrated security solution capable of detecting and mitigating complex threats across both network and endpoint levels,' said Alexander Rumyantsev, Senior Product Manager Cloud & Network Security at Kaspersky. 'These enhanced NDR capabilities, expanded visibility, and real-time intelligence empower organizations to detect and mitigate threats more effectively than ever before.' About Kaspersky:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mid East Info
20-03-2025
- Mid East Info
Kaspersky KATA 7.0: the next level of targeted attack protection
Kaspersky has announced a major update to its Kaspersky Anti Targeted Attack (KATA). With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats detection and other critical security features. According to Kaspersky's IT Security Economics 2024 report, an overwhelming majority of organizations report network attacks. Large enterprises lead with 97% reporting an attack, followed by SMEs at 88%, and SMBs at 83%. With this in mind, Kaspersky updates its solutions regularly to ensure businesses are equipped to meet evolving security requirements. The latest enhancements in KATA 7.0 address key customer challenges by delivering full visibility across IT infrastructure, advanced defense against sophisticated threats, and a streamlined, resource-efficient security solution. The update introduces network telemetry export from Kaspersky Endpoint Security for Windows and Linux, adding one more additional source of network data collection to copy of SPAN traffic, which improves visibility and threat detection. The introduction of new asset management, network map, and network session table modules, provides SOC analysts with enhanced tools for monitoring and managing network security through graphical representations, advanced filtering, and interactive features. These additions create a complete network inventory and management system. The updated platform also strengthens internal traffic monitoring with new NDR IDS rules for east-west traffic analysis, improving the detection of lateral movement, data exfiltration and other malicious attempts that could previously have gone unnoticed. Additionally, new risk and anomaly detection capabilities identify hidden threats and potential security vulnerabilities before they escalate into breaches, helping organizations proactively manage cybersecurity risks. As KATA offers comprehensive security at both the network and endpoint levels, its Endpoint Detection and Response technology, EDR Expert, has also undergone significant updates in version 7.0. The variety of collected telemetry types has been expanded, providing enhanced visibility into an event at endpoints. Threat hunting search capabilities have also been improved, with search now available across all the events attributes. This enables more effective threat detection and creates more accurate exceptions to minimize false positives. Sigma-rules support has also added with this update meaning it is now possible to find threats according to the condition contained in the Sigma rule in historical data or new events collected from the endpoints. 'With the launch of KATA 7.0, we are reinforcing our commitment to providing enterprises with a fully integrated security solution capable of detecting and mitigating complex threats across both network and endpoint levels,' said Alexander Rumyantsev, Senior Product Manager Cloud & Network Security at Kaspersky. 'These enhanced NDR capabilities, expanded visibility, and real-time intelligence empower organizations to detect and mitigate threats more effectively than ever before.' About Kaspersky: Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them.
Mid East Info
27-02-2025
- Mid East Info
North Korea-aligned DeceptiveDevelopment targets freelance developers with infostealers, ESET Research discovers
Since 2024, ESET researchers have observed a series of malicious North Korea-aligned activities, where the operators, posing as software development recruiters, entice the victims with fake employment offers. Subsequently, they try to serve their targets with software projects that conceal infostealing malware. ESET Research calls this activity cluster DeceptiveDevelopment. This North Korea-aligned activity is currently not attributed by ESET to any known threat actor. It targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers. 'As part of a fake job interview process, the DeceptiveDevelopment operators ask their targets to take a coding test, such as adding a feature to an existing project, with the files necessary for the task usually hosted on private repositories on GitHub or other similar platforms. Unfortunately for the eager work candidate, these files are trojanized: Once they download and execute the project, the victim's computer gets compromised,' explains ESET researcher Matěj Havránek, who made the discovery and analyzed DeceptiveDevelopment. DeceptiveDevelopment's tactics, techniques, and procedures are similar to several other known North Korea-aligned operations. Operators behind DeceptiveDevelopment target software developers on Windows, Linux, and macOS. They steal cryptocurrency primarily for financial gain, with a possible secondary objective of cyberespionage. To approach their targets, these operators use fake recruiter profiles on social media. The attackers don't distinguish based on geographical location, instead aiming to compromise as many victims as possible to increase the likelihood of successfully extracting funds and information. DeceptiveDevelopment primarily uses two malware families as part of its activities, delivered in two stages. In the first stage, BeaverTail (infostealer, downloader) acts as a simple login stealer, extracting browser databases containing saved logins, and as a downloader for the second stage, InvisibleFerret (infostealer, RAT), which includes spyware and backdoor components, and is also capable of downloading the legitimate AnyDesk remote management and monitoring software for post-compromise activities. In order to pose as recruiters, the attackers copy profiles of existing people or even construct new personas. They then either directly approach their potential victims on job-hunting and freelancing platforms, or post fake job listings there. While some of these profiles are set up by the attackers themselves, others are potentially compromised profiles of real people on the platform, modified by the attackers. Some of the platforms where these interactions occur are generic job-hunting ones, while others focus primarily on cryptocurrency and blockchain projects and are thus more in line with the attackers' goals. The platforms include LinkedIn, Upwork, We Work Remotely, Moonlight, and Crypto Jobs List. Victims receive the project files either directly via file transfer on the site, or through a link to a repository like GitHub, GitLab, or Bitbucket. They are asked to download the files, add features or fix bugs, and report back to the recruiter. Additionally, they are instructed to build and execute the project in order to test it, which is where the initial compromise happens. The attackers often use a clever trick to hide their malicious code: They place it in an otherwise benign component of the project, usually within backend code unrelated to the task given to the developer, where they append it as a single line behind a long comment. This way, it is moved off-screen and stays mostly hidden. 'The DeceptiveDevelopment cluster is an addition to an already large collection of money-making schemes employed by North Korea-aligned actors and conforms to an ongoing trend of shifting focus from traditional money to cryptocurrencies,' concludes Havránek. For a more detailed analysis and technical breakdown of DeceptiveDevelopment, check out the latest ESET Research blogpost, 'DeceptiveDevelopment targets freelance developers,' on Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
Mid East Info
14-02-2025
- Mid East Info
ESET Triumphs as AV-Comparatives´ 2024 Product of the Year - Middle East Business News and Information
ESET, a global leader in cybersecurity solutions, is proud to announce that ESET HOME Security Essential has been named AV-Comparatives' Product of the Year for 2024. This prestigious award recognizes ESET HOME Security Essential for Windows for its outstanding performance and reliability in protecting consumers against a wide range of cyber threats. In 2024, AV-Comparatives subjected 16 consumer security products for Windows to rigorous testing, evaluating their ability to protect against real-world Internet threats, identify recent malicious programs, defend against advanced targeted attacks, and provide protection without slowing down the PC. ESET HOME Security Essential emerged as the top performer, receiving the highest Advanced+ Award in all seven tests conducted throughout the year. As stated in the AV-Comparatives´ Summary Report 2024, 'Reviewers were impressed by the clean, intuitive user interface designed for non-expert users, as well as the extensive customization and scan options available for power users.' Although the majority of vendors make auto-renewal mandatory, the report points out that, most commendably, ESET is among those vendors who do not impose auto-renewal on users. The report further highlights ESET HOME Security Essential as a well-designed and easy-to-use security product that provides safe default settings and essential features easily accessible to all users. Andreas Clementi, founder and CEO of AV-Comparatives, commented on ESET's recognition: 'ESET's performance throughout our 2024 tests has been consistently strong, earning high ratings across multiple categories. The awards reflect the product's reliability in malware protection, usability, and system performance. ESET HOME Security Essential demonstrated a well-balanced approach, providing effective security without imposing a significant burden on the system, which many users will appreciate.' 'We are honored to be recognized as AV-Comparatives' Product of the Year for 2024. This award is a testament to our commitment to providing high-performance, technologically advanced security solutions that protect digital lives of our customers without compromising their device performance. We will continue to innovate and enhance our products to address real-life cybersecurity and privacy needs of our users, so they can enjoy the full potential of themselves and their technology in a secure digital world,' said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET. ESET HOME Security for Windows is designed to offer high-performance protection with low system impact, utilizing multilayered technologies that go beyond basic antivirus capabilities. About ESET: ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyberthreats — securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network.
