The persistent nature of advanced threats requires enterprises to re-evaluate their cybersecurity ecosystems, putting more focus to early identification of ongoing attacks and incident response.
In a world where no network is completely secure, companies need to look for intrusion evidences proactively. To help companies go beyond reactive malware protection and to automate threat hunting, Kaspersky Lab has introduced a comprehensive endpoint detection and response (EDR) solution that features award-winning, multi-layered detection and automated remediation across the entire network.
The pilot programme for Kaspersky EDR started on 21 September.
Over a quarter (27%) of businesses globally have experienced targeted attacks during the past year¹, with some malware staying undiscovered within corporate infrastructure for months. Hidden attacks are spreading in the network due to security teams often being overwhelmed when manually processing the sheer number of alerts generated by modern security solutions, while the most crucial incident indicators get lost in the noise.
Even if an alert is noticed, understanding advanced threats requires strong threat analysis skills such as reverse engineering, malware analysis and digital forensics, which not all companies are lucky enough to possess. As a result, slow response time and a lack of visibility over endpoints are severely impacting organisations and contributing to the costs associated with recovering from a targeted attack, which can reach up to $977 000.
To address these pressing issues, companies are looking to speed up incident analysis and response through a dedicated class of security solutions called EDR. To meet the demands of enterprise customers, Kaspersky Lab has introduced Kaspersky Endpoint Detection and Response with enhanced incident mitigation, better visibility over endpoints, compatibility with traditional endpoint protection products and investigative capabilities for security teams and SOC (security operations centre).
Kaspersky EDR customers will benefit from Kaspersky Lab’s vast experience in threat intelligence, advanced protection technologies and a long history of discovering some of the world’s most high-profile APTs, all embedded into the solution’s threat hunting functionality.
These four pillars comprise Kaspersky Lab’s offering to the market and shape its strategic approach to EDR security:
* Monitoring – Kaspersky EDR solution allows businesses to get full-scale incident visibility without the need to collect the data manually;
* Detection – Kaspersky EDR’s advanced detection technologies, including machine learning-based Targeted Attack Analyzer, help enterprises to assess data from endpoint sensors and rapidly generate threat detection verdicts;
* Aggregation – to properly define an attack kill chain, Kaspersky EDR aggregates and visualises key digital forensics data from endpoints, including information about unknown files and endpoint metadata about processes, programmes, services, modules, files, autoruns, network connections and timelines;
* Response – effective EDR is impossible without a response that enables organisations to clean infected systems remotely as an alternative to the costly and disruptive manual reimaging of computers.
Prevention of the advanced threat repetitive assault is one of the key advantages of Kaspersky EDR. Teams will be able to prohibit the launch of suspicious PE files, office documents and scripts, and set up rules to proactively delete files on the endpoints making sure that a threat will not affect the corporate environment again.
“Today, information security has become an executive board priority, being one of the top business risks for every enterprise. Companies are getting trapped by adopting a reactive security approach which makes malefactors’ job easier. For this to be changed, EDR solutions should become an imperative for any modern enterprise security strategy,” says Nikita Shvetsov, chief technology officer at Kaspersky Lab. “Kaspersky Lab takes a comprehensive approach to EDR that increases visibility across a business’s IT infrastructure and helps SOC teams make informed decisions on the best strategy to mitigate both low priority malware and the most advanced threats.”