Kaspersky has updated its Endpoint Detection and Response (EDR) product for businesses with mature IT security processes. The new Kaspersky Endpoint Detection and Response Expert offers advanced APT-like attack protection functions. The product's threat investigation and response capabilities have been expanded with API integration for automatic linking of alerts to events, scanning based on YARA rules, and response on hosts. The new version also includes the cloud-based management console hosted in Azure as well as the previously available on-premises version.
Gartner predicts that more than 50% of organizations will replace their legacy antivirus solutions with EDR by 2023. Detecting an attack in distributed IT infrastructures sometimes takes more than a month. EDR, on the other hand, can help eliminate the attack as early as possible before it spreads, and equip businesses with effective security tools.
New API for deeper detection, investigation and response
Kaspersky Endpoint Detection and Response Expert stands out as a full-fledged EDR product that protects against both collective and advanced corporate threats. It also offers new detection and investigation capabilities to help customers fine-tune their analysis of suspicious objects and detect attacks from the alert pool.
Suspicious files that trigger Indicator of Attack (IoA) rules can be automatically sent to the sandbox for scanning. If a sandbox check shows that a file is malicious, a warning is generated. The ability to create detailed exceptions to IoA rules helps businesses avoid false positives from legitimate admin actions. For example, the rule can be configured so that it is not triggered on the administrator's computer.
Security operations center (SOC) analysts and threat hunters can now use YARA rule scanning on hosts to detect malicious files on endpoints with suspicious activity. This allows it to scan areas such as random access memory (RAM), specific folders, or entire local disks at the endpoint.
Kaspersky Endpoint Detection and Response Expert also increases investigative capability with the ability to combine automated alerts with events. The mechanism associates fragmented alerts from different endpoints and can combine them into a single event. Thus, analysts do not need to review the warnings on their own.
When it comes to incident response, IT security teams can do so through third-party systems with API integration for response on hosts. For example, it can integrate the ability to initiate response actions into security orchestration platforms such as SIEM or SOAR.
Cloud-based management console
The product management console is available in cloud as well as on-premises deployment. Thus, institutions can choose the appropriate option according to the infrastructure setup. The new cloud version is hosted on Azure and provides faster piloting and management from anywhere, as well as greater transparency and lower total cost of ownership. Thanks to the subscription model offered, customers can quickly change the license volume according to the number of nodes they need to cover.
Sergey Martsynkyan, Vice President of Enterprise Product Marketing at Kaspersky, says: “A full-fledged EDR tool is an essential element of corporate cybersecurity. It must therefore be designed to suit different customer needs in detection, response and security management. Continuing the trend of remote working and cloud adoption, the ability to manage EDR functions from the cloud is a requirement we're happy to add to our product update. Hosting the product on a third-party cloud platform is a step in line with Kaspersky's commitment to customers' data privacy and trust in terms of data processing and location. Going forward, a powerful and reliable EDR tool should offer further expanded protection to help organizations increase visibility into their infrastructure and gain control over all areas of security.”
Along with Kaspersky enterprise products, Kaspersky EDR Expert contributed to the recognition of Kaspersky as a Top Player in Radicati's recent “Advanced Persistent Threat (APT) Protection – Market Quarter 2022” report. This supports the high functionality of the company's corporate portfolio and its strategic vision and ability to protect customers from complex cyber threats.
Be the first to comment