Kaspersky Anti Targeted Attack Platform
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
Kaspersky EDR is a cybersecurity solution for the protection of corporate IT systems. It adds endpoint detection and response (EDR) capacities to IT security:
Not long ago, a typical cyberattack would use mass malware. It would target separate endpoints and detonate within single computers. Mass malware attacks are automatic, they pick out random victims via mass emails, phishing websites, rogue Wi-Fi hotspots etc. The remedy was endpoint protection solutions (EPP), which would protect hosts from mass malware.
Facing the effective EPP-based detection, attackers switched to the more costly, but more effective, tactic of launching targeted attacks against particular victims. Due to high cost, targeted attacks are usually used against companies, with the aim of getting profit. Targeted attacks involve reconnaissance and are designed for penetrating the victim’s IT system and evading its protection. The attack kill chain involves many hosts of the IT system.
Due to the high variety of methods and their human-led, interactive nature, targeted attacks can evade EPP-based security:
To address targeted attacks, cybersecurity vendors extend EPP solutions with endpoint detection and response (EDR) features:
In essence, EDR adds new layers of endpoint protection against advanced attacks.
Kaspersky EDR adds protection power to an existing EPP solution. EPP specializes on simpler mass attacks (viruses, Trojans etc), while the EDR concentrates on advanced attacks. With this solution, analytics view malware activity as well as events with legit software in the context of an attack, uncovering the whole kill chain.
Kaspersky EDR is fully integrated with Kaspersky Enterprise Security EPP, and it can work with EPP solutions of other vendors. The EDR adds the following:
Elements
EDR as part of Kaspersky Threat Management and Defense
Kaspersky EDR, Kaspersky Anti Targeted Attack platform and Kaspersky Cybersecurity Service (KCS) make up a suit for advanced protection and threat intelligence:
Integration with Security information and event management (SIEM) systems
You can integrate our EDR with 3rd party SIEM systems (detect data is exported in common event format, CEF).
Continuous centralized event aggregation and visibility. The EDR aggregates events from hosts in real time:
Automatic detection. Threats visible in the scope of a single host are detected by Kaspersky Endpoint Security with heuristic, behavioral and cloud detection (or with another EPP host application). Above this, the EDR adds layers of detection with a multi-host scope, based on correlation of events feed from multiple hosts.
Apart from event-based detection, EDR host agents automatically send suspicious objects or parts of memory to the central node for a deeper analysis with algorithms unavailable for regular host computation power, including heavy pre-processing, heuristics and machine learning algorithms, sandbox, extended cloud detection, detection based on Kaspersky Lab’s threat data feed, custom detection rules (Yara).
Manual detection, or threat hunting, is the proactive search by an operator for traces of attacks and threats. The EDR lets you “hunt” through the whole history of events from many hosts, aggregated in the storage:
Response is actions that an operator can take when they detect a threat. These actions include:
Prevention is the policies that restrict object activities on endpoints:
Management of Kaspersky EDR is role-based and provides workflow management: alert assignment, tracing alert status, logging alert processing. Email notifications are flexibly configured according to alert types and their combos (detect type, severity etc).
EDR host agents routinely send events to the in-house EDR server.
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Preventing business disruption by eliminating the risks posed by advanced threats
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Preventing business disruption by eliminating the risks posed by advanced threats
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
The leading multi-layered endpoint protection platform based on Next Gen cybersecurity technologies.
Multi-layered approach allows effective protection against different types of malware.
The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats
Kaspersky Anti Targeted Attack Platform (KATA) protects against targeted attacks.
Multi-layered approach allows effective protection against different types of malware.
The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats
Kaspersky Anti Targeted Attack Platform (KATA) protects against targeted attacks.
Multi-layered approach allows effective protection against different types of malware.
The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats