By introducing a comprehensive EDR solution, Kaspersky Lab helps companies to establish next generation incident response process.
The persistent nature of advanced threats requires enterprises to reevaluate their cybersecurity ecosystems, putting more focus to early identification of ongoing attacks and incident response. In a world where no network is completely secure, companies need to look for intrusion evidences proactively. To help companies go beyond reactive malware protection and to automate threat hunting, Kaspersky Lab has introduced a comprehensive endpoint detection and response (EDR) solution that features award-winning, multi-layered detection and automated remediation across the entire network. The piloting program for Kaspersky EDR starts on September 21.
Over a quarter (27%) of businesses have experienced targeted attacks during the past year1, with some malware staying undiscovered within corporate infrastructure for months. Hidden attacks are spreading in the network due to security teams often being overwhelmed when manually processing the sheer number of alerts generated by modern security solutions, while the most crucial incident indicators get lost in the noise. Even if an alert is noticed, understanding advanced threats requires strong threat analysis skills such as reverse engineering, malware analysis and digital forensics, which not all companies are lucky enough to possess. As a result, slow response time and a lack of visibility over endpoints are severely impacting organizations and contributing to the costs associated with recovering from a targeted attack, which can reach up to $977K.
To address these pressing issues, companies are looking to speed up incident analysis & response through a dedicated class of security solutions called EDR. To meet the demands of enterprise customers, Kaspersky Lab has introduced Kaspersky Endpoint Detection and Response with enhanced incident mitigation, better visibility over endpoints, compatibility with traditional endpoint protection products and investigative capabilities for security teams and SOC (Security Operations Center). Kaspersky EDR customers will benefit from Kaspersky Lab’s vast experience in threat intelligence, advanced protection technologies and a long history of discovering some of the world's most high-profile APTs, all embedded into the solution’s threat hunting functionality.
These four pillars comprise Kaspersky Lab’s offering to the market and shape its strategic approach to EDR security:
- Monitoring: Kaspersky EDR solution allows businesses to get full-scale incident visibility without need to collect the data manually;
- Detection: Kaspersky EDR’s advanced detection technologies, including machine learning-based Targeted Attack Analyzer, help enterprises to assess data from endpoint sensors and rapidly generate threat detection verdicts;
- Aggregation: to properly define an attack kill chain, Kaspersky EDR aggregates and visualizes key digital forensics data from endpoints, including information about unknown files and endpoint metadata about processes, programs, services, modules, files, autoruns, network connections and timelines;
- Response: effective EDR is impossible without a response that enables organizations to clean infected systems remotely as an alternative to the costly and disruptive manual reimaging of computers. Prevention of the advanced threat repetitive assault is one of the key advantages of Kaspersky EDR. Teams will be able to prohibit the launch of suspicious PE files, office documents and scripts, and set up rules to proactively delete files on the endpoints making sure that a threat will not affect the corporate environment again.
“Today, information security has become an executive board priority, being one of the top business risks for every enterprise. Companies are getting trapped by adopting a reactive security approach which makes malefactors’ job easier. For this to be changed, EDR solutions should become an imperative for any modern enterprise security strategy,” said Nikita Shvetsov, CTO at Kaspersky Lab. “Kaspersky Lab takes a comprehensive approach to EDR that increases visibility across a business’s IT infrastructure and helps SOC teams make informed decisions on the best strategy to mitigate both low priority malware and the most advanced threats.”
Kaspersky EDR is a part of Kaspersky Lab’s holistic enterprise security portfolio, built with adaptive security strategies in mind. This security portfolio provides businesses with prevention through its next-generation endpoint security suit, detection based on the Kaspersky Anti Targeted Attack platform, and prediction and response by threat intelligence services.
Kaspersky EDR will be available as part of a new pilot program starting on September 21st. Customers interested in this pilot, can find further information at https://www.kaspersky.com/enterprise-security/edr-piloting.
1 https://calculator.kaspersky.com