Sensor component

The following modules of Kaspersky Anti Targeted Attack Platform run on each server hosting the Sensor component:

• Sensor. Receives data from network and mail traffic and sends the data for processing to the server with the Central Node component.
• Intrusion Detection System (hereinafter also referred to as IDS). Scans the Internet traffic for signs of intrusions into the corporate IT infrastructure.
• KSN. Checks the reputation of files and URL addresses in the Knowledge Base of Kaspersky Security Network on behalf of Kaspersky Anti Targeted Attack Platform and provides information about categories of websites (for example, malicious website, phishing website).

  Kaspersky Security Network (hereinafter also "KSN") is an infrastructure of online services that provides access to Kaspersky's online Knowledge Base with information on the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

  If you do not want to participate in KSN, you can use Kaspersky Private Security Network (hereinafter also referred to as KPSN). KPSN is a solution that allows users to access the reputation databases of Kaspersky Security Network and other statistical data without actually sending data from their own computers to Kaspersky Security Network.

• URL Reputation. Detects malicious and phishing URL addresses, and URL addresses that were previously used by hackers in targeted attacks against and intrusions into the corporate IT infrastructure.

You can also use a mail sensor as a Sensor component, which is a server or virtual machine on which Kaspersky Secure Mail Gateway (KSMG) or Kaspersky Security for Linux Mail Server (KLMS) is installed. These applications send email messages to Kaspersky Anti Targeted Attack Platform for processing. Based on the results of processing of email messages in Kaspersky Anti Targeted Attack Platform, KSMG and KLMS may block the transfer of messages.

The Sensor component can also be used as a proxy server for outgoing connections from the Kaspersky Endpoint Agent application.

If KSMG or KLMS is being used as a Sensor component, scan exclusion lists configured for message recipients and MD5 checksums of files are not transmitted to KSMG and KLMS and are not applied when messages are processed by KSMG and KLMS.