Endpoint Detection and Response Release

Wednesday, October 4, 2017 @ 01:10 PM gHale

Kaspersky Lab released an endpoint detection and response (EDR) solution that features multi-layered detection and an automated remediation solution.

Businesses can join Kaspersky Lab’s pilot program for Kaspersky EDR starting now in an effort to look for indicators of compromise of intrusion proactively.

Over a quarter (27 percent) of businesses have experienced targeted attacks during the past year, with some threats staying undiscovered within corporate infrastructure for months. Hidden attacks typically spread in the network due to security teams often being overwhelmed when manually processing the sheer number of alerts generated by modern security solutions. Additionally, the lack of necessary skills to analyze the data also presents a challenge, therefore some of the most crucial incident indicators get lost in the noise.

To meet the demands of enterprise customers, Kaspersky Lab’s EDR will offer enhanced incident mitigation, better visibility over endpoints, interoperability with the company’s traditional endpoint protection product, and investigative capabilities for security teams and SOCs (Security Operations Centers).

Kaspersky Lab’s approach to EDR security consists of:
• Monitoring: Kaspersky Lab’s incident detection and visibility features make it possible to collect data automatically.  
• Detection: Kaspersky EDR’s detection technologies, including a machine learning-based Targeted Attack Analyzer to help enterprises assess data from endpoint sensors and rapidly generate threat detection verdicts.  
• Aggregation: To properly define an attack kill chain, Kaspersky EDR aggregates and visualizes key digital forensics data from endpoints, including information about unknown files and endpoint metadata on processes, programs, services, modules, files, auto runs, network connections and timelines.
• Response: Effective EDR is impossible without a timely response that enables organizations to clean infected systems remotely as an alternative to the costly and disruptive manual reimaging of computers. Prevention of the advanced threat repetitive assault is one of the key advantages of Kaspersky EDR. Teams will be able to prohibit the launch of suspicious PE files, office documents and scripts, and set up rules to proactively delete files on the endpoints making sure that a threat will not continuously impact the business.

Leave a Reply

You must be logged in to post a comment.