Simple defense against complex attacks

An integrated approach arms even small companies with automated tools that repel complex attacks.

As logic suggests, an attack on a company makes sense only if the potential profit outweighs the organizational cost. Until fairly recently, cybercriminals guarded their know-how from each other like trade secrets. Tools for advanced attacks, if sold on the darknet at all, were not generally available — and then only at exorbitant prices. Truly sophisticated attacks were aimed only at major enterprises or government agencies. Therefore, for SMBs, protection against mass threats was enough.

Trends have changed. Tools for complex attacks now periodically pop up — if not in the public domain, then on the open market; malware authors are increasingly renting out their creations under the malware-as-a-service model, and cybercriminal groups have united in cartels of a sort. The net result is that the cost of organizing an attack is plummeting. Consequently, the break-even point is falling, and cybercriminals can afford to attack even SMBs with fairly sophisticated tools.

As long as threats to the company are limited to employee carelessness and spam е-mails with malware attached, traditional endpoint protection solutions may suffice. But now that it’s obvious your business could become the target of a more serious attack, a new approach is required. These days, even with a small company as their target, attackers can carry out supply-chain attacks, hide unnoticed in the victim’s infrastructure for years, spy on it, and exploit zero-day vulnerabilities and malicious tools operating through legitimate software.

Enterprise-level companies use fundamentally different defensive tools against such threats, primarily Endpoint Detection and Response (EDR) solutions. But such platforms generally require if not their own full-fledged security operations center, then at least a proper team of infosec specialists. Not every company can afford to employ this amount of IT security.

But that doesn’t mean that corporate infrastructure has to be left unguarded. We have developed another approach to endpoint protection, featuring integrated EPP and EDR platforms with additional tools. Thus, we have created an automated solution that can counter both mass and advanced threats.

The main novelty here is the Kaspersky Endpoint Detection and Response Optimum component. In our product line, it occupies a niche between fully automated Kaspersky Endpoint Security for Business and our powerful, enterprise-class solution for targeted and APT attacks — Kaspersky EDR. Kaspersky EDR Optimum enables you to implement the basic EDR scenarios required for a wide range of companies, and it provides infrastructure visibility as well as incident investigation and response capabilities.

The above enables the solution to quickly pinpoint the root of the problem, evaluate the true scale and source of the attack, and deliver an automatic response across all workstations. That in turn minimizes any damage and ensures the continuity of business processes.

Probably the most noteworthy feature of our new product is its ease of use. It does not require a high level of user expertise, and because of its high level of automation, it requires much less attention and routine maintenance than you might expect from an EDR-class security solution. Those key elements allow small companies to begin building its defense against complex threats without spending significant resources and completely restructuring processes.

Depending on the functionality your company requires, our integrated solution can include additional tools for protecting mail servers and Internet gateways, as well as Kaspersky Sandbox, an advanced tool for examining suspicious objects in an isolated environment. This lets you automatically block advanced, unknown, and complex threats without involving additional resources, thus reducing the burden on IT.

If you are already using our time-tested Kaspersky Endpoint Security for Business, you can easily upgrade it with Kaspersky EDR Optimum capabilities by activating an additional license key. Learn more about our integrated approach and the functionality of our security solutions on the offer page, where you can also request a trial version.

Tips