Kaspersky has updated its Endpoint Detection and Response (EDR) solution, intended for companies with advanced IT security processes. The new Kaspersky Endpoint Detection and Response Expert provides advanced protection against persistent threats (Advanced Persistent Threats – APT). Its detection and response capabilities are enhanced by automatically merging alerts into incidents, scanning based on the YARA protocol, and integrating server defense APIs.
The novelty also includes a management console for working on the cloud, hosted in the Azure environment – in addition to the previously available local version – so that users with existing cloud infrastructure and those in transition to cloud technology can use all the advantages of the EDR solution, a powerful and of a reliable tool located on a reliable cloud platform.
The EDR solution is considered a necessary component of strong cyber protection, a Gartner predicts that by 2023, more than 50 percent of companies will replace their old antivirus solutions with the EDR solution. In complex IT infrastructures, sometimes it is necessary more than a month to detect an attack. However, the EDR solution helps neutralize the spread of attacks in the shortest possible time, as it offers companies effective defense tools.
Deeper detection, investigation and API integration in response
Kaspersky Endpoint Detection and Response Expert is a comprehensive EDR product that protects businesses from frequent and advanced threats. In addition, it offers users new detection and investigation capabilities to more easily set up suspicious object analysis processes and thus detect attacks among numerous warnings.
Suspicious files that trigger Indicators of Attack (IoA) can now be automatically sent to the sendbox for scanning. If during the check it is observed that a file may be malicious, a warning is automatically created. Added possibility of exceptions in IoA rules, which helps companies separate false positives from admin actions. For example, a rule can be configured to never fire on an administrator’s computer.
To detect malicious files on individual endpoints where there is suspicious activity, security operations center (SOC) analysts and threat hunters can now use YARA server scan rules. Areas such as RAM, specific folders, or all local scores can be scanned on endpoint devices.
Kaspersky Endpoint Detection and Response Expert further enhances investigative capabilities by being able to merge automatic alerts into incidents. This mechanism connects fragmented alerts across different endpoint devices and merges them into an incident, so analysts don’t have to review each individual alert.
When it comes to incident response, security IT teams can do it through third-party systems with server API integration. For example, they can integrate defense mechanisms into automated security platforms such as SIEM or SOAR.
Management console on the Cloud
The management console is available locally (on-premise) as well as through the cloud, so companies can choose the desired option according to their infrastructure settings. The new cloud version is hosted in the Azure environment and enables faster navigation, implementation and administration, wherever you are, as well as greater transparency and lower costs. Thanks to different subscription options, users can quickly change the number of licenses according to the number of nodes to be covered.
„A comprehensive, advanced, EDR solution is an essential element of corporate cyber security, which is why it is adapted to the different needs of users in the detection, response and management of security situations. Considering that we still work from home and that we are increasingly moving to business in the cloud, we are happy that, with this product update, we have responded to the user’s requests that the management of EDR functions is also done via the cloud. The use of products on the cloud platform is in line with Kaspersky’s commitment to the principles of privacy and customer trust, when it comes to data and the location from which work is done. A powerful and reliable EDR solution should be the foundation of cyber protection, as it will help companies have visibility and control over all their security operations.“, said Dragan Davidović, regional director of the Kaspersky company for Eastern Europe.
Together with other Kaspersky enterprise products, Kaspersky EDR Expert contributed to Kaspersky being ranked in the Top Players category in the recent the report Do groups. This recognition confirms the high functionality and strategic vision of Kaspersky’s corporate portfolio and its ability to protect clients from complex cyber threats.
Source: Personal magazin by www.personalmag.rs.
*The article has been translated based on the content of Personal magazin by www.personalmag.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!