With digital transformation melting protection perimeters, IT security teams in enterprises are having to deal with the fact that complex threats are already within their network, as illustrated by the 48% of enterprises that believe that their organisation may already be hacked.
To bring visibility back to corporate networks and reduce response times, the new Kaspersky Threat Management and Defense brings together and reinforces the capabilities of Kaspersky Anti Targeted Attack, Kaspersky Cybersecurity Services and new Kaspersky EDR within a single platform.
Step 1: Discover the most evasive threats with Kaspersky Anti Targeted Attack
Like many fatal diseases, targeted attacks can penetrate an organisation’s critical systems and stay unnoticed for years, causing irreparable damage in the process. Separate symptoms can be misleading and only an all-around examination provides an accurate diagnosis.
As part of the Threat Management and Defense platform, the next generation of Kaspersky Anti Targeted Attack does just that: utilising a comprehensive set of technologies for the detection of previously unknown threats and targeted attacks, it correlates different indicators of compromise in the network that are likely connected to a single operation, in order to help businesses discover even the most complex attacks.
Accuracy of detection is achieved through Next Generation technologies and capabilities, including machine learning threat analysis and correlation algorithms, advanced sandbox technology and network traffic analysis. It is also empowered by the array of metadata available for analysis from the telemetry of endpoint and network sensors and by global threat intelligence from Kaspersky Security Network.
With the new Kaspersky Anti Targeted Attack solution, security teams get a redesigned dashboard showing a detailed overview of the status of periodic checks, the latest events, and incident information to help shape the informed action on the next step of the incident response cycle.
Step 2: Ensure visibility and simplify response with Kaspersky EDR
It is usually slow responses that make complex cybersecurity incidents more devastating – recovering from data breaches caused by advanced threats can now cost enterprises up to $977K on average – meaning enterprises have to change how they react. Kaspersky EDR, the next component of the Threat Management and Defense platform, enables companies to speed up their incident response process and improve the quality of cybersecurity incident investigation.
Kaspersky EDR offers increased visibility through the aggregation and visualisation of key digital forensics data collected from endpoints – which will be available no matter what techniques cybercriminals use to try and hide their tracks.
An efficient and timely response is ensured through the automation and remote deployment of the key IR functions, which eliminates the manual work and guarantees an ability to clean up the infected assets remotely, within a required timeframe. There are several ways to achieve this, such as quarantining or deleting a suspicious file, moving it to the sandbox for further analysis or isolating a particular endpoint from the network. By shining a light on the endpoint activity, Kaspersky EDR ensures cybersecurity teams get complete insight into the systems to understand exactly what is happening and how the threat can be mitigated.
Step 3: Cover your back with Kaspersky Cybersecurity Services
Full visibility and accurate detection are only two parts of the battle. The very nature of targeted attacks means attackers will come back with new tools and techniques. If an emergency occurs, the cybersecurity team might need a trusted partner with the relevant skills and experience.
That’s why Kaspersky Cybersecurity Services includes a number of offerings for rapid incident recovery (Incident Response service), the proactive assessment and rectifying of damage (Targeted Attack Discovery) and a full, outsourced threat hunting service (Kaspersky Managed Protection).
“As they are fighting against hackers and cybercriminals that have significant financial resources and are constantly looking to exploit any vulnerability, enterprises need an integrated approach to complex threat detection and response,” says Alessio Aceti, head of the enterprise business division at Kaspersky Lab. “To address this need we have introduced a three-pronged Threat Management and Defense platform – incorporating 20 years of experience of analysing advanced threats – which should serve as the framework for the kind of solid cybersecurity strategies required by under-fire enterprises.”
The power of three
Also available as standalone solutions, Kaspersky Anti Targeted Attack, Kaspersky EDR and Kaspersky Cybersecurity Services perform best as a single Threat Management and Defense platform, allowing for unified administration and automation of the whole threat management cycle. With the support of all three components of the platform, businesses can adopt a strategic approach to detecting complex attacks across the corporate IT infrastructure and successfully gain control and visibility of their security environment by mitigating risk in today’s digital world.