AUTHORIZED
TRAINING CENTER
As an authorized training partner of Kaspersky, 2B Academy delivers official ATC programs based on Kaspersky’s global training framework.
These courses are designed around real cybersecurity operations — focusing on how threats are detected, analyzed, and handled in actual environments, not just theory.
All ATC programs combine instructor-led sessions with hands-on labs and follow Kaspersky’s certified curriculum.
3. Threat Detection & Response Systems
Kaspersky Anti Targeted Attack Platform (Administration & Investigation)
Module 1: Introduction to Targeted Attacks & APTs
- Understanding Advanced Persistent Threats (APTs)
- Attack lifecycle (Kill Chain model)
- Common attack vectors (phishing, exploits, lateral movement)
- Limitations of traditional security tools
Module 2: KATA Platform Overview & Architecture
- Components of Kaspersky Anti Targeted Attack Platform
- Network Sensor, Sandbox, Endpoint Agent overview
- Integration with Kaspersky Security Center
- Data flow and threat intelligence integration
Module 3: Deployment & Initial Configuration
- System requirements and architecture planning
- Deployment of KATA components
- Network configuration and traffic mirroring (SPAN/TAP)
- Integration with endpoints and mail/web gateways
Module 4: Traffic Analysis & Threat Detection
- Network traffic inspection techniques
- Detection of suspicious activities
- Behavioral analysis and anomaly detection
- Signature-based vs behavior-based detection
Module 5: Sandbox & Advanced Threat Analysis
- Sandbox architecture and workflow
- Dynamic malware analysis
- File detonation and behavior tracking
- Indicators of Compromise (IoCs) extraction
Module 6: Incident Investigation
- Incident creation and classification
- Root cause analysis
- Attack chain visualization
- Threat correlation across network and endpoints
Module 7: Incident Response & Remediation
- Containment strategies
- Blocking malicious activity
- Endpoint isolation
- Recovery and remediation workflows
Module 8: Threat Hunting
- Proactive threat hunting techniques
- Using IoCs for advanced search
- Detecting stealth attacks
- Building custom detection rules
Module 9: Reporting & Monitoring
- Dashboard customization
- Alert management
- Report generation for SOC teams
- Compliance and audit reporting
Module 10: Integration & Automation
- Integration with SIEM tools
- API usage and automation basics
- Security orchestration concepts
- Workflow automation
Kaspersky Unified Monitoring & Analysis Platform (SIEM)
Module 1: Introduction to SIEM & Security Operations
- What is SIEM and why it matters
- Role of SIEM in SOC (Security Operations Center)
- Log management vs event correlation
- Overview of threat detection lifecycle
Module 2: Platform Overview & Architecture
- Kaspersky SIEM components and architecture
- Data flow: collection → normalization → correlation → response
- Storage architecture and scalability
- Deployment models (on-prem / hybrid)
Module 3: Data Collection & Integration
- Log sources (endpoints, servers, firewalls, applications)
- Syslog, agents, API-based integration
- Parsing and normalization of logs
- Integrating with Kaspersky and third-party solutions
Module 4: Event Correlation & Rule Management
- Correlation engine fundamentals
- Creating correlation rules
- Use cases for threat detection
- Reducing false positives
Module 5: Dashboards & Visualization
- Custom dashboard creation
- Real-time monitoring views
- Data visualization for SOC teams
- KPI tracking and reporting
Module 6: Incident Detection & Investigation
- Identifying suspicious activities
- Event triaging and prioritization
- Incident investigation workflows
- Attack timeline reconstruction
Module 7: Threat Intelligence Integration
- Using threat intelligence feeds
- IoC enrichment and correlation
- External intelligence sources
- Context-aware detection
Module 8: Incident Response & Automation
- Alert handling and escalation
- Response workflows
- Automated actions (blocking, notifications)
- Integration with SOAR concepts
Module 9: Compliance & Reporting
- Compliance requirements (ISO, GDPR basics)
- Audit logs and reporting
- Scheduled reports for stakeholders
- Data retention policies
Module 10: Maintenance & Optimization
- Performance tuning
- Storage management
- Backup and disaster recovery
- Troubleshooting SIEM issues