Tunisia Tribune (EDR Expert Kaspersky) – Kaspersky has updated its endpoint discovery and response (EDR) product for companies with mature IT security operations. The new Kaspersky Endpoint Detection and Response Expert product provides advanced protection against APT-type attacks. Investigation and response capabilities are enhanced by integrating automatic incident alerting, YARA rule-based analysis, and on-host response API integration. The new upgrade also includes a management console hosted in Azure – in addition to the previously available on-premises version – so customers with a cloud-native infrastructure or those just getting started in the cloud can take advantage of the powerful, proven EDR tool hosted on a trusted cloud platform.
An EDR solution is a recognized necessity for customized electronic protection. Gartner predicts that more than 50% of companies will replace their legacy antivirus solutions with EDR devices by 2023. In a distributed IT infrastructure, it can sometimes take more than a month to detect an attack. However, EDR can help eliminate the spread of the attack as soon as possible, and provide organizations with effective investigative tools.
More accurate detection, investigation and response API
Kaspersky Endpoint Detection and Response Expert is the ultimate EDR product that protects businesses from mass and advanced threats. It also provides new detection and investigation capabilities to help customers improve their analysis of suspicious objects and detect attacks in a sea of alerts.
Suspicious files triggering IoA rules can now be automatically sent to the sandbox for analysis. If a file appears to be malicious after a sandbox scan, an alert will be generated. The added ability to create subtle exceptions in IoA rules helps organizations avoid false positives from legitimate administrator actions. For example, the rule can be configured so that it does not run on the administrator’s computer.
To detect malicious files on individual endpoints if suspicious activity is present, SOC analysts and threat hunters can now use YARA rules to scan hosts. On the device, they can scan areas such as RAM, specific folders, or all local disks.
Kaspersky EDR Expert also enhances investigation capability with the ability to integrate automatic alerts into incidents. The mechanism links hashed alerts at different endpoints and aggregates them into a single incident, so analysts don’t need to review all alerts by hand.
For incident response, IT teams can perform it through third-party systems with on-host response API integration. For example, they can integrate the ability to trigger response actions into their security coordination platform, such as SIEM or SOAR.
Cloud-based management console
The product management console is available for on-premises or cloud deployment, so companies can choose their preferred option based on their infrastructure setup. The new cloud version is hosted on Azure and enables faster trial, implementation, and management from anywhere, greater transparency, as well as a lower total cost of ownership for the protection product. With the subscription model, customers can quickly change the size of licenses based on the number of nodes they need to cover.
” The perfect EDR tool is an essential part of enterprise cybersecurity. Therefore, it must be adapted to the different needs of customers in terms of detection, response and security management. With the ongoing remote work and the increasing trend of cloud adoption, the ability to manage EDR functionality from the cloud is a requirement that we are pleased to address with this product update. Hosting this product on a third-party cloud platform is also consistent with Kaspersky’s commitment to protecting customer data and trusting data and site management. In the future, a robust and reliable EDR tool should be the foundation of extensive protection that will help organizations gain visibility and control over all of their security areas.“, comments Sergey Martsinkian, Vice President, Corporate Product Marketing at Kaspersky.
With Kaspersky Enterprise products, Kaspersky EDR Expert has contributed to the company’s recognition as a Top Player in a recent report titled “Advanced Persistent Threat Protection (APT) – Market Quadrant 2022” from Radicati. This recognition underscores the high functionality and strategic vision of Kaspersky’s enterprise solutions suite and its ability to protect customers from complex cyber threats..
To learn more about Kaspersky EDR experts, visit this page.
to me About Kaspersky
Kaspersky is an international cybersecurity and digital privacy protection company founded in 1997. Kaspersky’s expertise in threat intelligence and computer security continually enriches the creation of security solutions and services to protect businesses, critical infrastructures, public authorities and individuals around the world. Kaspersky’s broad portfolio of security solutions includes advanced endpoint protection as well as customized security solutions and services to combat sophisticated and evolving digital threats. Kaspersky technologies help more than 400 million users and 240,000 companies protect what matters most to them. For more information: www.kaspersky.fr.