News

New Kaspersky EDR Expert launches in cloud and on-premise with greater detection and investigation settings

Thursday, June 16, 2022

Kaspersky today announces the company has updated its Endpoint Detection and Response (EDR) product for enterprises with mature IT security processes. The newly-named Kaspersky Endpoint Detection and Response Expert delivers advanced APT-like attack protection functions. Its investigation and response capabilities are enhanced with automatic merging of alerts into incidents, YARA rules-based scanning and API integration for the response on hosts. The new upgrade also features a cloud-based management console hosted in Azure, along with the previously available on-premise version so customers with cloud-native infrastructure or those on their cloud journey can benefit from the proven and powerful EDR tool hosted on a cloud-platform they trust.

EDR solutions have become a “must have” for cyber protection, with Gartner predicting that more than 50% of enterprises will replace their legacy antivirus solutions with EDR by 2023. Within distributed IT infrastructure, it can take more than a month to detect an attack. However, EDR can help to eliminate an attack spread path as early as possible, arming enterprises with effective investigation tools.

More granular detection and investigation, and API for response

Kaspersky Endpoint Detection and Response Expert is the fully-fledged EDR product protecting against both mass and advanced enterprise threats. The product offers new detection and investigation capabilities to help customers fine-tune their analysis of suspicious objects and detect attacks from a sea of alerts.

Suspicious files that trigger Indicator of Attack (IoA) rules can now be automatically sent to the sandbox for scanning. If a file appears to be malicious as a result of a sandbox check, an alert will be created. The added ability to build granular exceptions in IoA rules helps businesses to avoid false positives from legitimate administrator actions. For example, the rule can be configured so that it does not trigger on the administrator's computer.

To detect malicious files on individual endpoints where there is suspicious activity, security operations center (SOC) analysts and threat hunters can now use YARA rules scanning on hosts[1]. On the endpoint, they can scan such areas as random-access memory (RAM), specified folders or all local discs.

Kaspersky Endpoint Detection and Response Expert also upgrades the investigation capability with the ability to merge automatic alerts into incidents[2]. The mechanism correlates fragmented alerts in different endpoints and merges them into an incident so analysts do not need to review all alerts with their own hands.

When it comes to incident response, IT security teams can conduct this through their third-party systems with API integration for the response on hosts. For example, they can integrate the ability to launch response actions to their security orchestration platform, such as SIEM or SOAR[3].

Cloud-based management console

The product management console is available in on-premise deployment as well as from the cloud allowing organizations to choose their preferred option according to infrastructure setup. The new cloud version is hosted in Azure and enables faster piloting, implementation and administration from anywhere, as well as greater transparency and a lower total cost of ownership for the protection product. Thanks to the subscription model, customers can quickly change the volume of licenses according to the number of nodes they need to cover.

"A fully-fledged EDR tool is an essential element of enterprise cybersecurity so it should be adapted to suit various customer needs in detection, response, and security management,” said Sergey Martsynkyan, vice president of corporate product marketing at Kaspersky. “With remote work ongoing and the trend in cloud adoption growing, the ability to manage EDR functions from the cloud is a requirement we’re happy to meet with this product update. Hosting the product on a third-party cloud platform also aligns with Kaspersky’s commitment to customers’ data privacy and trust in terms of data processing and location. Moving forward, a powerful and reliable EDR tool should be the foundation for further extended protection that will help enterprises gain visibility and control over all their security domains."

Along with Kaspersky enterprise products, Kaspersky EDR Expert contributed to Kaspersky’s recognition as a Top Player in a recent ‘Advanced Persistent Threat (APT) Protection – Market Quadrant 2022’ report by Radicati. The recognition confirms the high functionality and strategic vision of the enterprise portfolio and its ability to protect customers from complex cyberthreats.

To learn more about Kaspersky Endpoint Detection and Response Expert please visit the web page.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.