Kaspersky Anti Targeted Attack Platform can detect risks to which the information system resources are exposed. The application identifies the risks based on traffic analysis results and the received device information.
Detected risks can belong to the following categories:
Each risk is scored from 0.0 to 10.0. When calculating the risk score, the application takes into account the available information about the device with which the detected risk is associated. When calculating the score, the application takes into account the importance level of the device, as well as other risks associated with that device. The base score is used as the initial value for the calculation. The base scores of risks in the Vulnerability category follow the Common Vulnerability Scoring System (CVSS). For the rest of the risk categories, the base scores are taken from the table of risk types.
Risk information is uploaded to the database of detected risks on the Central Node. The total amount of stored records in the database cannot exceed the specified limit. If the amount exceeds the limit, the application automatically deletes 10% of the oldest records. You can set the maximum size of detected risk information when configuring the storage settings.
The contents of the detected risk database is displayed in the Risks section of the application web interface. You can also view an overview of device risks in the Assets section on the Devices tab.