The new version is designed to help organizations gain deeper visibility into their networks and detect sophisticated cyberthreats earlier and more accurately, as expanding attack surfaces and the erosion of traditional network perimeters continue to challenge security teams.
Kaspersky has announced a significant update to its network threat detection solution with the release of Kaspersky Anti Targeted Attack 8.0 (KATA 8.0). The new version is designed to help organizations gain deeper visibility into their networks and detect sophisticated cyberthreats earlier and more accurately, as expanding attack surfaces and the erosion of traditional network perimeters continue to challenge security teams.
KATA 8.0 addresses these challenges by introducing advanced detection technologies, broader network observability, and tighter integration with both Kaspersky’s own security ecosystem and third-party solutions. The update aims to improve threat detection efficiency while reducing operational complexity and alert fatigue for security analysts.
One of the key enhancements in KATA 8.0 is the introduction of new anomaly detection technology. This capability identifies suspicious behavior by analyzing deviations in commonly abused protocols such as DNS, HTTP, and Kerberos. Rather than inspecting all network traffic indiscriminately, the system focuses on protocol-specific anomalies while accounting for an organization’s unique infrastructure and usage patterns. This targeted approach significantly improves detection accuracy and reduces false positives.
The updated solution also strengthens visibility through shadow IT detection, enabling organizations to identify the use of unauthorized public services. With support for more than 5,000 external services—including widely used cloud storage and collaboration platforms—KATA 8.0 helps security teams regain control over corporate data flows and better manage hidden risks within the network.
To support deeper investigations, KATA 8.0 introduces retrospective scanning of user-uploaded traffic copies. Security teams can upload PCAP files manually or automatically from other security systems and analyze them using the latest detection rules across Kaspersky’s anti-malware, sandbox, IDS, and other engines. This capability allows organizations to uncover threats that may have gone undetected during earlier stages of an incident.
In addition, KATA 8.0 now collects a comprehensive set of network observables, including file names, URLs, and hashes for both malicious and non-malicious objects. This broader data collection enables analysts to identify potentially compromised users and suspicious activity even when objects initially appear safe, supporting a more proactive and contextual approach to threat detection.
The update also enhances integration with other security solutions to speed up investigations and response. Integration with Kaspersky Security for Mail Server enables dynamic scanning of password-protected email attachments in the KATA Sandbox, while enriched alerts provide full visibility into actions taken on suspicious content. For Managed Detection and Response users, KATA 8.0 acts as a network sensor feeding telemetry directly to the MDR cloud, allowing analysts to request additional context without involving customers and accelerating investigation workflows.
Further integrations include automated file submission from Kaspersky Endpoint Security to the KATA Sandbox for deeper endpoint-level analysis, as well as new connectors for Check Point NGFW. These connectors allow KATA 8.0 to automatically generate and enforce firewall blocking rules in near real time based on detected malicious activity, strengthening active response capabilities.
“The solution was designed to deliver high levels of visibility, proactive threat detection, deeper investigations, and more confident response decisions. As part of Kaspersky’s long-term strategy, future releases will move KATA to the Open Single Management Platform, enabling unified management and seamless integration across multiple security technologies within a single ecosystem.”
– Ilya Markelov, Head of Unified Platform Product Line, Kaspersky
