Kaspersky unifies endpoint detection and response offering
FYI, this story is more than a year old
Kaspersky has combined three of its security solutions into one single offering, designed for medium businesses. Kaspersky Endpoint Security for business with cloud management console, Kaspersky Endpoint Detection and Response Optimum, and Kaspersky Sandbox are all under one solution.
According to Kaspersky, the new endpoint detection and response (EDR) solution enables IT security specialists to get insight and visibility into incidents, as well as immediate investigation and options for automated response.
“The technology and cybersecurity landscape is changing rapidly, meaning organisations have to deal with more challenges using the same resources,” comments Kaspersky VP product marketing, Dmitry Aleshin.
According to Kaspersky’s IT Security Risks Survey, approximately 40% of mid-size companies and enterprises lack sufficient insight and intelligence on the threats faced by their organization.
Furthermore, resources are often limited, meaning that complex threats can be almost impossible to deal with without more employees, including high-class security analysts, threat hunters and incident responders.
Kaspersky Endpoint Security for Business detects a file that may not be fully categorised as malicious. Because it cannot be sure, it sends the file to Kaspersky Sandbox, a tool that automatically runs the risky file in an isolated environment to make it reveal its malicious behaviour or character.
The verdict from Kaspersky Sandbox can then be further enriched with analytics on the file performed by Kaspersky EDR Optimum.
Kaspersky EDR Optimum can then take a number of different actions, such as isolating an endpoint with potential malware or quarantining a suspicious file. To ensure the threat does not spread to other machines, security specialists can create indicators of compromise and then schedule an automatic scan of endpoints for the malicious object.
EDR Optimum can also upload third-party IoCs and running a scan to identify affected endpoints. All these functions enable centralised management of security incidents, reacting to critical threats and preventing them.
The management console Kaspersky Security Center is now available from the cloud, in addition to the existing on-premise option.
Recent statistics from Kaspersky’s Threat Intelligence Portal suggests almost three quarters (72%) of the analysed malicious files were either trojans, backdoors, or droppers.
“We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses or pieces of code that insert themselves in over other programs, is extremely low – less than one percent, but it is traditionally among the most widespread threats detected by endpoint solutions,” comments Kaspersky acting head of threats monitoring and heuristic detection, Denis Parinov.
“This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”