The new Kaspersky Endpoint Detection and Response Expert solution offers better detection and investigation and can be used on-premises or via the cloud. The solution is intended to provide more protection against APT attacks and combines individual alerts into one incident.
Kaspersky is updating its Endpoint Detection and Response solution, aimed at organizations with mature IT security processes. Under the new name of Kaspersky Endpoint Detection and Response Expert [1], the solution offers companies additional protection against advanced, APT-like attacks. For better investigation and incident response, alerts are now automatically merged into incidents and rules-based scanning with YARA and API integration for host response are introduced. In addition to the already available on-premise version, the updated solution alternatively offers a cloud management console hosted in Azure. This means that all customers who use cloud solutions benefit from the advantages of the proven and strong EDR solution, which is hosted on a trustworthy cloud platform.
EDR is now a basic protection
EDR solutions have become indispensable for protecting companies from cyber attacks. Gartner assumes that by 2023 more than half of all companies will replace traditional antivirus solutions with EDR products [2]. With a highly distributed IT infrastructure, attacks often go undetected for more than a month [3]. With EDR, companies have effective investigative capabilities to detect attacks as early as possible and thus contain their spread.
More accurate detection and investigation and API for response
Kaspersky Endpoint Detection and Response Expert provides companies with comprehensive protection against all common and advanced cyber threats. With the new possibilities for detecting and examining suspicious objects, companies can refine their analysis and better filter out threats from the mass of all alerts.
The suspicious files found via attack indicators (Indicator of Attack, IoA) can be automatically sent to the sandbox for further investigation in an isolated environment. An alert is only triggered if the file actually turns out to be dangerous. Exceptions can be defined in different granularities for the IoA rules. This avoids that companies have to process too many false positive warnings in addition to real danger reports.
On-premise and cloud management console
Using the on-site console, threat hunters and specialists in the Security Operations Center (SOC) can now examine the suspicious files identified on endpoints on the host computer according to YARA rules. Endpoint scanning can be limited to random access memory (RAM) and specific directories, or it can be performed on all local hard drives. Using the cloud management console, Kaspersky Endpoint Detection and Response Expert enables fragmented alerts on different endpoints to be automatically associated with a single incident, eliminating the need for IT security specialists to investigate each individual alert.
In the on-premises version, incident response can also be performed with the integration of third-party systems on the host due to API integration. For example, the security team can also use SIEM or SOAR platforms for their response.
Cloud version in Azure
The new cloud version in Azure lowers the total cost of ownership and enables rapid piloting, implementation and management of the protection solution from any location, while also offering greater transparency. Flexible subscription options allow customers to quickly adjust the number of licenses needed to cover all endpoints.
“A full-fledged EDR tool is essential for enterprise cybersecurity. And that's why it should be adaptable to the different customer requirements for detection, response and security management,” says Sergey Martsynkyan, vice president of corporate product marketing at Kaspersky. “Remote working and cloud usage are ongoing trends. We are therefore pleased to be able to offer EDR functions via the cloud with the new solution. Hosting the product on a third-party cloud platform demonstrates Kaspersky's commitment to privacy and customer confidence in data processing and location. A powerful and reliable EDR solution lays the foundation for future, expanded protection options and helps companies to have more visibility and control over all security matters.”
Advanced Persistent Threat (APT) Protection
Along with Kaspersky Enterprise products, Kaspersky EDR Expert helps Kaspersky be recognized as a top player in Radicati's latest Advanced Persistent Threat (APT) Protection - Market Quadrant 2022 report. The recognition confirms the high functionality and strategic vision of the company's portfolio and its ability to protect customers from complex cyber threats.
[1] https://www.kaspersky.de/enterprise-security/endpoint-detection-response-edr[2] https://www.gartner.com/en/newsroom/press-releases/2020-09-15-gartner-survey-finds-the-evolving-threat-landscape-is-top-priority-for-security-and-risk-management-leaders
[3] https://www-csoonline-com.cdn.ampproject.org/c/s/www.csoonline.com/article/3639014/enterprises-with-subsidiaries-more-prone-to-cyberattacks-study-says.amp.html More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/