KATA protection and integration of Kaspersky Secure Mail Gateway with Kaspersky Anti Targeted Attack Platform

You can configure the integration of Kaspersky Secure Mail Gateway with Kaspersky Anti Targeted Attack Platform.

Kaspersky Anti Targeted Attack Platform (KATA) (hereinafter also referred to as "the program") is a solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereinafter also referred to as "APT").

After its integration, Kaspersky Secure Mail Gateway will be able to send email messages to Kaspersky Anti Targeted Attack Platform for scanning and receive the scan results. KATA scans messages for signs of targeted attacks and intrusions into the corporate IT infrastructure.

Based on the results of a KATA scan, Kaspersky Secure Mail Gateway can block individual messages.

Entering integration settings for Kaspersky Secure Mail Gateway

To enter the Kaspersky Secure Mail Gateway settings for its integration with Kaspersky Anti Targeted Attack Platform:

1. In the main window of the web interface of Kaspersky Secure Mail Gateway, open the management console tree and select the Settings section and the Protection subsection.
2. Select the KATA Protection section.
3. Select the switch next to the name of the KATA Protection settings group.
4. In the KATA Protection section, click any link to open the KATA Protection window.
5. In the KATA Central Node IPv4-address field, enter the IP address of the Kaspersky Anti Targeted Attack Platform server with the Central Node component.
6. In the KATA Central Node port field, enter the port used to connect to the Kaspersky Anti Targeted Attack Platform server with the Central Node component.
7. In the KATA response timeout field, enter the maximum time to wait for the result of message scanning by Kaspersky Anti Targeted Attack Platform.
8. In the KATA Quarantine maximum size field, enter the maximum size of the quarantined messages for Kaspersky Anti Targeted Attack Platform. When this size of the quarantined messages is exceeded, messages will not be placed in Quarantine.
9. In the Maximum number of messages in KATA Quarantine field, enter the maximum number of quarantined messages for Kaspersky Anti Targeted Attack Platform. When this number is exceeded, messages will not be placed in Quarantine.
10. If you want to set the default values for the KATA Central Node port, KATA response timeout, KATA Quarantine maximum size and Maximum number of messages in KATA Quarantine settings, click the Set default values link in the lower part of the KATA Protection window.
11. Click the Apply button.

    The KATA Protection window closes.

Kaspersky Secure Mail Gateway attempts to establish a connection with the Kaspersky Anti Targeted Attack Platform server that has the Central Node component.

Proceed to confirmation of Kaspersky Anti Targeted Attack Platform integration with Kaspersky Secure Mail Gateway.

Confirming integration for Kaspersky Anti Targeted Attack Platform

To confirm integration of Kaspersky Anti Targeted Attack Platform integration with Kaspersky Secure Mail Gateway:

1. Log in to the management console of the Kaspersky Anti Targeted Attack Platform server with the Central Node component via the SSH protocol or through a terminal.
2. In response to the system prompt, enter the administrator account name of the Kaspersky Anti Targeted Attack Platform server with the Central Node component and the administrator password.

   The program administrator menu is displayed.

3. In the application administrator menu, select Program settings.
4. Press ENTER.

   The Select action window is displayed.

5. Select Configure KSMG Sensor connections.
6. Press ENTER.

   The Configure KSMG Sensor connections window is displayed.

7. Select the line containing the IP address of the Kaspersky Secure Mail Gateway server. The line containing the unconfirmed connection is marked with an asterisk.
8. Press ENTER.

   This opens a window containing the fingerprints of public keys for the connection between Kaspersky Secure Mail Gateway and Kaspersky Anti Targeted Attack Platform.

9. Make sure that the Kaspersky Secure Mail Gateway key matches the key fingerprint in the web interface of Kaspersky Secure Mail Gateway.
10. Select Accept KSMG Sensor.
11. Press ENTER.

    You are returned to the Configure KSMG Sensor connections window. The line containing the IP address of the Kaspersky Secure Mail Gateway server will not be marked with an asterisk.

Integration of Kaspersky Secure Mail Gateway with Kaspersky Anti Targeted Attack Platform will be confirmed by Kaspersky Anti Targeted Attack Platform.

Checking the connection between Kaspersky Secure Mail Gateway and Kaspersky Anti Targeted Attack Platform

To check the connection between Kaspersky Secure Mail Gateway and Kaspersky Anti Targeted Attack Platform:

1. In the main window of the web interface of Kaspersky Secure Mail Gateway, open the management console tree and select the Settings section and the Protection subsection.
2. Select the KATA Protection section.
3. Select the switch next to the name of the KATA Protection settings group.
4. In the KATA Protection section, click the KATA connection state link to open the KATA connection state window.

   The IP address of the Kaspersky Anti Targeted Attack Platform server with the Central Node component will be displayed next to the name of the KATA Central Node IPv4-address setting.

   The status of the connection between Kaspersky Secure Mail Gateway and Kaspersky Anti Targeted Attack Platform is displayed next to the name of the Connection state setting.

   The Kaspersky Secure Mail Gateway key fingerprint is displayed next to the name of the KSMG public key fingerprint setting.

   The Kaspersky Anti Targeted Attack Platform key fingerprint is displayed next to the name of the KATA public key fingerprint setting.

If the KATA connection state window displays the key fingerprints of both servers and shows the Connected status for the connection between Kaspersky Secure Mail Gateway and Kaspersky Anti Targeted Attack Platform, this means that integration of Kaspersky Secure Mail Gateway with Kaspersky Anti Targeted Attack Platform has been correctly configured and a connection has been established between the servers.

Configuring the forwarding of Kaspersky Secure Mail Gateway messages to Kaspersky Anti Targeted Attack Platform for scanning

To configure the forwarding of email messages by Kaspersky Secure Mail Gateway to Kaspersky Anti Targeted Attack Platform for scanning:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the link containing the name of the rule for which you want to configure the forwarding of email messages by Kaspersky Secure Mail Gateway to Kaspersky Anti Targeted Attack Platform for scanning.
3. Select the KATA protection section.
4. Flip on the toggle switch next to the name of the KATA protection settings group if it is off.
5. In the If KATA detected an event drop-down list, select one of the following actions to take on messages in which KATA detected events:
   • Delete message
   • Reject
   • Skip
6. Add a tag to the Subject field of messages in which KATA detected events. To do so, perform the following:
   1. In the KATA protection settings group, click the link to the right of the Add the following text to the subject of an email message setting name to open the Tag for messages with a KATA detect window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages in which KATA detected events. For example, you can add the KATA detect tag.
   3. Click the OK button.

      The Tag for messages with a KATA detect window closes.

7. Select the check box next to the name of the Place copy in Backup setting if you want the application to automatically save copies of messages in Backup before they are processed.
8. Click the Apply button in the lower part of the workspace.

For the selected rule, you have configured the forwarding of email messages by Kaspersky Secure Mail Gateway to Kaspersky Anti Targeted Attack Platform for scanning.

Enabling and disabling KATA protection

To enable or disable KATA protection:

1. In the main window of the web interface of Kaspersky Secure Mail Gateway, open the management console tree and select the Settings section and the Protection subsection.
2. In the KATA Protection section, do one of the following:
   • Flip off the toggle switch next to the name of the KATA Protection settings group to ensable Anti-Phishing protection of messages.
   • Flip off the toggle switch next to the name of the KATA Protection settings group to disable Anti-Phishing protection of messages.

Configuring KATA protection settings

To configure KATA protection settings and Kaspersky Secure Mail Gateway settings for its integration with Kaspersky Anti Targeted Attack Platform:

1. In the main window of the web interface of Kaspersky Secure Mail Gateway, open the management console tree and select the Settings section and the Protection subsection.
2. Select the KATA Protection section.
3. Select the switch next to the name of the KATA Protection settings group.
4. In the KATA Protection section, click any link to open the KATA Protection window.
5. In the KATA response timeout field, enter the maximum time to wait for the result of message scanning by Kaspersky Anti Targeted Attack Platform.
6. In the KATA Quarantine maximum size field, enter the maximum size of the quarantined messages for Kaspersky Anti Targeted Attack Platform. When this size of the quarantined messages is exceeded, copies of messages will not be placed in Quarantine.
7. In the Maximum number of messages in KATA Quarantine field, enter the maximum number of quarantined messages for Kaspersky Anti Targeted Attack Platform. When this number is exceeded, copies of messages will not be placed in Quarantine.
8. Click the Apply button.

Setting default values for KATA protection settings

To set default values for Anti-Spam engine settings:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the KATA Protection section, click any link to open the KATA Protection window.
3. In the lower part of the KATA Protection window, click the Set default values link.
4. Click the Apply button.

Enabling and disabling KATA protection for a rule

You can enable or disable KATA protection for one or several rules. KATA protection is enabled by default.

Before enabling or disabling KATA protection for a rule, make sure that KATA protection is enabled in application settings.

To enable or disable KATA protection for a rule:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the name of the rule to open the rule for which you want to enable or disable KATA protection.
3. Select the KATA protection section.
4. Do one of the following:
   • Flip on the toggle switch next to the name of the KATA protection settings group to enable the KATA protection for a rule.
   • Flip off the toggle switch next to the name of the Content Filtering settings group to disable the KATA protection for a rule.
5. Click the Apply button in the lower part of the workspace.

Configuring actions on messages based on KATA scan results

To configure the actions to be performed by Kaspersky Secure Mail Gateway on messages based on KATA scan results:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the link with the rule name to open the rule for which you want to configure actions on messages based on KATA scan results.
3. Select the KATA protection section.
4. Flip on the toggle switch next to the name of the KATA protection settings group if it is off.
5. In the If KATA detected an event drop-down list, select one of the following actions to take on messages in which KATA detected events:
   • Delete message
   • Reject
   • Skip

   The Delete message action is selected by default.

6. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that KATA protection is enabled for the rule and that the rule for which you have configured settings is enabled.

Configuring tags added to message subjects based on KATA scan results

To configure tags added by Kaspersky Secure Mail Gateway to message subjects based on KATA scan results:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the rule name to open the rule for which you want to configure tags added to message subjects based on KATA scan results.
3. Select the KATA protection section.
4. Flip on the toggle switch next to the name of the KATA protection settings group if it is off.
5. Add a tag to the Subject field of messages in which KATA detected an event. To do so, perform the following:
   1. In the KATA protection settings group, click the link to the right of the Add the following text to the subject of an email message setting name to open the Tag for messages with a KATA detect window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages in which KATA detected an event. For example, you can add the KATA detect tag.
   3. Click the OK button.

      The Tag for messages with a KATA detect window closes.

6. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that KATA protection is enabled for the rule and that the rule for which you have configured settings is enabled.