Kaspersky Anti Targeted Attack Reviews

The product is a combination of different Kaspersky solutions. It includes Kaspersky Secure Mail Gateway, Kaspersky Sandbox, and Kaspersky EDR. It is used for USB blocking. If any malicious software is installed in any system, it will be analyzed in a sandbox environment and blocked according to the results.

The email security feature is really good. I like the email security feature because most XDRs do not provide such features. If any email with a malicious code or link comes to the environment, the tool first checks in the sandbox whether the link is malicious. After analyzing it, the solution delivers the email to the employees.

If my primary solution is down, no backup solution is available to restore it. It is one of the biggest weaknesses of the platform. If I need to update the solution, there is no option to pick the events and the logs from it and deploy it in another solution. The backup and recovery features of the product are not good. I need backup. If the tool is down for some time, I cannot get the logs at that particular time.

I have been using the solution for one year.

I rate the product’s stability a five out of ten. I still see some issues with stability. The stability must be improved. The solution was released one or two years ago. It needs to be more mature. I think the vendor is working to improve the product.

I rate the product’s scalability a six out of ten. Eight people, including the end-users and administrators, are using the solution in our organization.

I rate the ease of setup a six out of ten. It is a complicated process. There are different components. The deployment process is very hectic. We need four to five people from the vendor and other teams from our organization to work together and deploy the product.

I rate the pricing a seven out of ten on a scale where one is cheap, and ten is expensive.

We can benefit from all the features provided by the product. The tool provides email security and sandboxing features, which are the most important features of any SOC environment. It also provides the proxy feature for network traffic. It is an all-in-one solution for any organization, whether they need email security, web proxy, sandboxing, or EDR. I would recommend the tool to any small or big organization. Overall, I rate the product a seven out of ten.

We use the Kaspersky Anti-Targeted Attack Platform for targeted attack prevention and endpoint detection and response. We leverage this solution to detect threats that break traditional endpoint security measures. It uses a sandbox environment within the customer's IT infrastructure to identify advanced and persistent threats, including those without signatures. It's implemented across email, web, and endpoints.

The solution is very easy to use. Its interface is very simple, and you can build IOC's indicators. You can use your rules to detect these attacks because you can leverage threat intelligence. You can develop rules and preventive policies. You can also perform an IOC sweep in your environment, which helps identify the potential compromises.

The solution lacks cloud integrations.

I have been using Kaspersky Anti-Targeted Attack Platform for five years.

I rate the solution's stability a nine out of ten, primarily due to its robust cloud capabilities.

The solution’s scalability is excellent. It can be deployed either as software or on bare metal, and it efficiently accommodates increasing requirements such as additional nodes or users, whether they are being added to the environment, branch office, or site office. Its scalability is facilitated by sensor appliances, enabling the addition of regions or users with ease. The scalability is contingent on hardware sizing, but leveraging threat intelligence, building rules, implementing preventive policies, and conducting IOC sweeps in the environment are all possible, making it a robust and flexible solution.

The initial setup is easy. It offers options for both virtual and physical appliances. You can build it on your virtual environment or, if you have a partner and a hypervisor with the operating system, you can deploy these products. Many customers already have these resources in their data centre, so it also provides the option to deploy it as software. You can deploy it on a dedicated server.
The Kaspersky Anti-Targeted Attack Platform provides comprehensive guides, including step-by-step instructions available on their portal, making deployment straightforward for engineers with little knowledge.

Its price is reasonable; it's neither very high nor very low, considering its capabilities.

The Kaspersky Anti-Targeted Attack Platform is designed to detect various attacks, such as Mitraframe, and provide alerts for each attack technique and procedure. It also offers alerts for potential threats and conducts thorough analyses through its sandbox environment, which isolates and executes malware or unknown files within virtual machines. This allows for real-time threat detection and feedback on potential threats.

The platform is a SOC tool and thus requires skilled resources for effective operation, as it involves both automation and manual understanding of attack scales. Third-party intelligence integration enriches the alert system but may lead to occasional false positives, which can be fine-tuned through exclusion options and custom rule creation.

The platform offers extensive customization options, allowing users to create rules specific to file detection or PowerShell activities. It provides visibility into telemetry data, enabling comprehensive monitoring of environmental activities. Integration with frameworks like Mitraframe helps tailor policies and rules to suit specific environments.

The platform competes with products like FireEye, Snowflake, and Trend Micro. Integration between Kaspersky and other products is seamless, allowing unified threat detection.

It is a solid choice for enterprises seeking advanced threat detection capabilities in the Middle East.

Overall, I rate the solution eight out of ten.

There are two main use cases. The first is EDR. It is a monitoring tool installed on the endpoint device, primarily workstations and servers, to monitor any system activity and identify some abnormal activities that might trace the compensation of the infrastructure. Secondly, it helps to monitor network activity via network traffic that passes across the infrastructure.

So many cyberattacks are still unknown, with no known signatures or attributes that allow you to identify them definitively. However, any kind of cyberattack leaves traces behind. For example, after some activities, attackers may be unable to delete all the clues they go through in the infrastructure. An EDR solution can identify abnormal activities on the endpoint, such as a user opening a malicious email attachment or a workstation downloading a payload. In most cases, antivirus software cannot detect these attacks, but EDR can. You can collect all necessary metadata from EDR, which can then be analyzed automatically by a data anti-barging site or manually by threat-hunting analysts.

The most valuable use is detailing metadata collection from the endpoint and network.

The blind spot or gap in the platform is network analysis functionality. Unfortunately, at the moment, network analysis capability is still quite limited, especially compared to some competitors on the market, such as ExtraHop, Darktrace, and Coralogix.

I have been using Kaspersky Anti-Targeted Attack Platform for five or six years. We are using the latest version of the solution.

I rate the solution’s scalability a five out of ten.

I did not have such an experience with technical support because I contacted my former peers when I switched from Kaspersky to another company, I got my former peers. After all, it was much faster than technical support and collecting all the logs.

I’ve used Trend Micro, McAfee, and Think Dynamics. The main difference between EDR and NDR solutions is the detection logic inside the product. Based on my experience at Kaspersky, the critical approach is immediately exercising the product to create new detection rules. This approach differs entirely from Kaspersky's competitors, and the results are much better.

Deployment is straightforward, while others, such as fine-tuning and deploying in distributed environments, can be complicated. Customers may need to contact support or product experts for assistance in these cases. With their advanced capabilities, some areas of the product have complex deployment procedures that cannot be handled by end users alone. In a standard or smooth environment, deploying Kaspersky Anti-Targeted Attack Platform may take four to six working hours. It may take several working days or 16 to 32 working hours in large and distributed environments. The most important step is to deploy the sandbox node to analyze unknown objects that can be gathered from the endpoints on the network. The most important step is distributing the endpoint agent to the Windows or Linux machines to collect telemetry and metadata. The standard deployment is easy, in which you install one node and then another, followed by the installation of agents. However, in a complex environment, this can be more challenging. I rate the solution’s deployment a five to six out of ten.

One person performed the deployment procedure itself. Due to the high volume of projects, we have several persons for deployment.

The solution has competitive pricing. The data platform is an add-on to the antivirus, especially endpoint security. Many customers upgrade their endpoint security to the KATA platform.

I recommend involving an integrator with expertise in Kaspersky Anti-Targeted Attack Platform for integration or deployment. This is an extended support option, but it will cost an additional budget. It is my only recommendation for complex environments, big companies, or companies with a limited IT team. For simple networks, integration is straightforward. If the company does not have expertise in working with the output of expert systems like KATA, they should consider outsourcing this capability. It is expensive to create this expertise from scratch. Overall, I rate the solution an eight out of ten.

Kaspersky Anti-Targeted Attack Platform is not a good product. We had problems with endpoints and the solution did not detect it. We didn't get any alerts about the attack. 

Kaspersky Anti-Targeted Attack Platform is stable and runs all the time. 

The solution is not scalable. 

The tool's contract did not include support and we were asked to pay for support hours. 

Kaspersky Anti-Targeted Attack Platform is cheap. 

I would rate the Kaspersky Anti-Targeted Attack Platform a five out of ten. 

I use the solution in my company since it has many good features, like sandbox features and other tech aspects. When I find other use cases or see feedback, I learn what the tool's strengths are from the other side or other people.

The most valuable features of the solution are associated with the deployment area, especially when deployed on an on-prem model. The brand comes from Russia, so I heard that in Russia, the knowledge of threats is advanced, especially since some of the threats come from the United States. I think CrowdStrike is better than Kaspersky.

I think the tool is still not really good enough for integration compared to other products. If you need to integrate with the ecosystem of the Kaspersky primary, and if we are going to the third party, there can still be a few limitations. For the integration, the tool is still not good enough.

I have been using Kaspersky Anti-Targeted Attack Platform for a year. My company is a reseller of the tool.

I have experience with FireEye.

Compared to CrowdStrike, the integration part of Kasersky is more advanced. CrowdStrike can work on a lot of tools using the APIs to connect to others and collaborate with others. Kaspersky needs to learn from CrowdStrike.

The product's deployment phase is easy.

The product is an on-prem threat intelligence platform.

The product's implementation phase takes two weeks, including the integrations.

In terms of cost savings, I feel that the Kaspersky Anti-Targeted Attack Platform is better than SentinelOne or CrowdStrike. Kaspersky can also be deployed in an on-premises environment, so it is a very big product. In our country everyone is okay with deploying tools on an on-prem model since they believe that it is better than cloud solutions.

My company tried to move to McAfee but we are trying to find another more stable tool for the company.

I evaluated other platforms like the EDR tools from CrowdStrike and SentinelOne.

I recommend the tool for enterprise customers. Previously, carry, like only antivirus products, was used by many. If you want to upsell a product, then you need to go with EDR and Kaspersky Anti-Targeted Attack Platform.

The Kaspersky threat intelligence capability is good because it has many customers worldwide. I see that Kaspersky software can be used to monitor a lot of new technologies.

New features in Kaspersky improve efficiency. The tool uses a lot of CPU memory, which I think is very good.

I think the tool is good enough with AI, especially for suggestions on what kind of methods are to be used in a certain framework and for analysis.

In terms of how customizable the tool's AI sensitivity is to our company's customers, I would say that there are areas in the tool that can be a little bit difficult to customize. In my company, we are still trying to learn about the more advanced customization areas.

I recommend the tool to others, except the financial industry.

I rate the tool an eight out of ten.

I feel the anti-ransomware update is one of the tool's valuable features. There is another feature in the solution that gives us a lot of problems.

Kaspersky Anti-Targeted Attack Platform has highlighted that it's an anti-ransomware tool. They also have a roll-back, but it is not the unique roll-back we have in Harmony. With the pricing, they do provide competition. At times, the reason for considering it is due to its pricing. The pricing of the product should be improved.

The technical side of the tool is okay because we have dedicated two engineers, and they have been doing a really good job. Pricing-wise or package-wise, if Kaspersky can support us, then I think that could be an ideal situation in Sri Lanka because it is a small island. Also, we don't have many big companies or conglomerates. Hence, we have small and medium customers. There are big players, but most of the customers are actually in the middle, like SMBs. Therefore, if you can have a good package with good pricing, we can sell much more of Kaspersky. If you can have packages where if a customer buys thirty solutions, then he gets this much, or what he gets with twenty, fifty, or hundred solutions. Then customers will get a variety of pricing, and that would be the ideal situation. So, if you can have packages, like, indicating the price of, let's say, ten, twenty, thirty, or fifty solutions. It would be good to even have a bundle with Quadrant SPARK. We do have packages at the moment. However, those are not very attractive.

I have experience with Kaspersky Anti-Targeted Attack Platform. The solution's new version is giving us a big challenge, not the old version.

I don't think Kaspersky is very advanced like Check Point Harmony in terms of stability.

I don't think Kaspersky is very advanced like Check Point Harmony in terms of scalability.

I don't think Kaspersky's setup is complicated. I also installed it some time ago because I worked at Kaspersky's agent company named Avian Technologies using Kaspersky. It's not a very complicated process to install Kaspersky. Even when you want to remove Kaspersky, you can remove it without any problem.

Kaspersky is one of the cheaper solutions.

We have a separate team for Check Point. There is another team in our same company, which is just another subsidiary company. They do actually have Kaspersky. There is no internal competition as such because we have a set of customers, and they have a set of customers, but I come across some proposals all the time. Just because of pricing, at times, I used to lose my daily deals. In Sri Lanka, they recently had more than 5,000 node requirements. Kaspersky was the cheapest quotation, so they went ahead with that. Harmony was very expensive in Sri Lanka.

With pricing and package-wise pricing, if Kaspersky can play some trick, that's what I really want to be improved. With regards to pricing, some customers claim if the price of Kaspersky is like this, then they would have bought Harmony. I don't mind them buying Harmony. Since Kaspersky's price is very high, most of the time, the aforementioned event happens here.

I have been improving my knowledge about Check Point Harmony and Harmony Connect SASE Solution. That will improve more with the training programs we have here.

In some of the places I have come across, even though they use Kaspersky, the ransomware enters their system. So, that means it is not a good solution. I have heard those stories. However, with Check Point Harmony, I haven't received a single complaint from my customers. Customers say that Kaspersky is not capable of preventing ransomware attacks.

I rate the overall solution a six out of ten.