Kaspersky

Endpoint
Detection and
Response
Expert
 Kaspersky Endpoint Detection
and Response Expert
A single solution
Cybercriminals are becoming ever more sophisticated and capable
Kaspersky EDR Expert is a single of successfully bypassing existing protection. Every area of your
solution that can be managed
from both a cloud-based central business can be exposed to risk, disrupting business-critical
management platform and from processes, damaging productivity and increasing operating costs.
an offline console in air-gapped
environments.
Boost your endpoint defenses first
Corporate endpoints are where data, users and corporate
systems come together to generate and implement business
processes. These endpoints continue to be the primary target
for cybercriminals.

Kaspersky Endpoint Detection and Response (EDR) Expert provides

comprehensive visibility across all endpoints on your corporate
network and delivers superior defenses, automating routine EDR
tasks and enabling analysts to quickly hunt, prioritize, investigate and
neutralize complex threats and APT-like attacks.

Today's Challenges With Kaspersky EDR Expert, your organization can

IT security teams lack the visibility

and transparency they need to 1 Effectively control and monitor all your endpoints
effectively monitor endpoints.
Detecting an incident may take weeks
or even months more than it should, By being able to see all aspects of the full picture - where the threat originated,
just because it can be so difficult to how it spread, which hosts it affected, and what exactly can and should be done to
see and understand exactly what’s prevent the consequences.
happened, how it happened and how
to fix it.

Inefficiency. Forcing analysts to work

across multiple decentralized consoles 2 Streamline your IT security team’s work
slows everything down, while creating
opportunities for human error. And
the same goes for obliging IT security Fast, accurate threat containment and incident resolution across distributed
professionals to manually handle infrastructures is supported through centralized and automated actions, helping to
routine detection processes. streamline your IT security team’s work. No more costly additional resources needed,
no more expensive downtime and no lost productivity.

Lack of relevant intelligence. The

inability to operationalize threat 3 Successfully hunt and mitigate threats - fast
intelligence and no clear view of the
adversary’s tactics, techniques and
procedures can hamper both alert Raw data and verdicts are centrally aggregated, and investigation capabilities
prioritization and further investigation boosted through our unique Indicators of Attack (IoAs), through MITRE ATT&CK
and response. enrichment and a flexible query builder, and through access to our Threat Intelligence
Portal knowledge base. All this significantly facilitates effective threat hunting and
fast incident response, for damage limitation and prevention.
Today's Challenges With Kaspersky EDR Expert, your organization can

Shortfalls in response and

investigation. Just understanding 4 Respond faster — and more effectively
that something’s happening in the
infrastructure and that the information
security solution has detected Guided investigation and a faster, more accurate response are crucial in dealing with
a potential threat doesn’t guarantee complex and APT-like attacks. Kaspersky EDR Expert provides a seamless workflow
that subsequent actions will be with centralizing incident management and guided investigation across all endpoints
effective. It’s important to be able to on the corporate network.
respond to the threat effectively in
real time, and to be able to investigate
the incident fully to prevent
a reoccurrence.

Wastage of expensive resources.

Analysts can’t focus fully on complex 5 Get maximum value from your solution — and your experts
threats if they’re forced to waste time
dealing with trivial alerts that should
have been automatically handled by an There’s no point hiring expensive analysts to work with your EDR solution if your EPP
effective endpoint protection solution. leaves them dealing with alerts that don’t require their skills. Our EDR solutions are
As well as being a waste of resources, based on our most tested, most awarded EPP solution, which automatically handles
this can lead to analyst burn-out, and the vast majority of alerts, and freeing-up analysts to focus on those that really
important alerts being missed amid all require their attention and expertise. Our EPP and EDR products work together as
the ‘noise’. a single solution, through the same endpoint agent.

Kaspersky EDR Kaspersky EDR Expert gives you the power to:
Expert is ideal if your
• Detect threats using the best, most advanced methods. Profiling
organization wants to: potential threat actors’ activity is an efficient way of detecting
• Upgrade your security with an malicious activity within an infrastructure.
easy-to-use, enterprise solution for
incident response.
• Automate threat identification &
response without business disruption
Kaspersky EDR Expert allows centralized Indicators of Compromise (IoC) to
during investigations.
be loaded from threat data sources and supports automatically scheduled IoC
• Understand the specific Tactics,
scanning, streamlining analysts’ work
Techniques, and Procedures (TTPs)
used by threat actors to achieve
their goals, enabling more powerful
defenses and the effective allocation
of security resources.
• Enhance your endpoint visibility With our Indicators of Attack (IoA) engine, Kaspersky EDR Expert can discover
& threat detection with advanced suspicious actions using the unique set of IoAs generated by Kaspersky’s threat
technologies. hunters, provisioning real-time automated threat hunting capabilities
• Establish unified and effective threat
hunting, incident management and
response processes.
• Increase the efficiency of your in-
house SOC so they don’t waste their To give you a more accurate picture of what’s happening, a file or process can be
time analyzing irrelevant endpoint sent to the Sandbox for behavioral analysis, either manually or automatically
logs and alerts.
• Support compliance by enforcing
endpoint logs, alert reviews and the
documenting of investigation results.
IoAs and Sandbox detections are mapped to MITRE ATT&CK for the further
analysis of the adversary’s Tactics, Techniques and Procedures. Individual
events in the incident's tree are enriched with MITRE knowledgebase context,
including the identification of MITRE-defined tactics used and visualization
of the event on the incident graph
 • Investigate the causes of the incident and prevent any recurrence.
Kaspersky EDR Expert provides high-level endpoint protection
and increases the efficiency of your SOC, providing access
to retrospective data, even in situations where compromised
endpoints are inaccessible or when data has been encrypted during
an attack. Boosted investigation capabilities through our unique
IoAs, MITRE ATT&CK enrichment and a flexible query builder,
plus access to our Threat Intelligence Portal knowledge base - all
Counteraction facilitate threat hunting and fast incident response, leading to
recommendations effective damage limitation and prevention.
The automatic analysis of all • Choose a convenient telemetry storage option for forensics.
endpoint events, correlated
with the intelligence data A centralized database stores endpoint telemetry for 30 days by
acquired, arms you with default and objects and verdicts with no time limit, meaning that
clear event descriptions, forensic analysis can be performed without relying on endpoint
examples and counteraction availability. If you find you need more telemetry retention time, this
recommendations. can be increased to 60 or 90 days. In on-prem installations, it’s up
to you to determine the period of data storage, depending on the
capacity and characteristics of your hardware.

• Respond in the way that suits you best. Your IT security experts
are equipped with tools that enable a ‘one click’ response via the
central management console, reducing the number of manual tasks
and cutting response times from hours to minutes.

• Work smoothly and efficiently. The endpoint activity tree and

click‑down event tree visualization tools enable your investigators
to easily pivot on interesting data elements during threat path
evaluation or drill down for more information. Linking events and
How it works consolidating alerts helps reveal the full impact of an attack.

Verdicts
Data analysis and incident investigation
DATA STORAGE

Objects

Telemetry

Monitoring and Threat Incident

Visualization Discovery Investigation

Incident
Response
DATA COLLECTION

Server
Automated advanced Retrospective
detection analysis

loC- and loA- based Global Threat

PC detection Intelligence

Proactive MITRE ATT&CK

Threat Hunting enrichment
Laptop
 Awards and recognition
Kaspersky products are regularly assessed by global research firms,
and our ability to help our customers protect themselves against
cyberattacks is widely recognized and proven. We are the most
tested, most awarded cybersecurity vendor.

Kaspersky Endpoint Detection Kaspersky named a Major Detection quality confirmed

and Response wins highest Player in Modern Endpoint by MITRE ATT&CK Evaluation
grade in SE Labs test Security for Enterprise and
SMB by IDC MarketScape Recognizing the importance of
Kaspersky EDR has achieved the Tactics, Techniques and Procedures
highest AAA award in SE Labs’ To help organizations evaluate the (TTPs) analysis in complex incident
Enterprise Advanced Security best endpoint protection platforms investigation and the role of MITRE
test (previously known as Breach and endpoint detection and response ATT&CK in the security market today:
Response Test). The solution was solutions for their needs, the • Kaspersky EDR has participated in
noted for its ability to detect complex IDC MarketScape reviewed data MITRE Evaluation Round2 (APT29)
targeted attacks, track malicious submitted by MES vendors between and demonstrated a high level
behavior from the beginning to April and September 2021, to position of performance in detecting key
the end of an attack and generate the capabilities of the companies. ATT&CK Techniques from Round2
no false positive results. During scope applied at crucial stages of
the evaluation, the product was today’s targeted attacks.
exposed to the tools, techniques, and • Kaspersky EDR’s detections are
procedures used by advanced threat enriched with data from the MITRE
groups. ATT&CK knowledge base, for deep
analysis of your adversary’s TTPs.

Read more

www.kaspersky.com

© 2022 AO Kaspersky Lab.

Registered trademarks and service marks To find out more about how Kaspersky EDR Expert
are the property of their respective owners. can empower your IT Security team – get in touch!