Kaspersky Endpoint Detection and Response Expert
Helps enterprises detect, investigate and respond to advanced security incidents more effectively using existing resources

Overview

Boost your endpoint defenses first

Corporate endpoints are where data, users and corporate systems come together to generate and implement business processes. These endpoints continue to be the primary target for cybercriminals.

Cyberattacks are becoming more sophisticated and capable of bypassing existing security measures. Kaspersky Endpoint Detection and Response (EDR) Expert provides comprehensive visibility across all endpoints on your corporate network and delivers superior defenses, automating routine EDR tasks and enabling the Analyst to speedily hunt out, prioritize, investigate and neutralize complex threats and APT-like attacks. Kaspersky EDR Expert uses a single agent that can be managed both from a cloud-based single management platform and from an offline console in air-gapped environments, leveraging threat intelligence and incorporating customizable detections.

Stronger with XDR

Upgrade to a complete suite of Extended Detection and Response functionality - effortlessly

Kaspersky EDR Expert gives you the power to:

• Detect threats using the best, most advanced methods. Profiling potential threat actors’ activity is an efficient way of detecting malicious activity within an infrastructure.
  • Kaspersky EDR Expert allows centralized Indicators of Compromise (IoC) to be loaded from threat data sources and supports automatically scheduled IoC scanning, streamlining analysts’ work
  • With our Indicators of Attack (IoA) engine, Kaspersky EDR Expert can discover suspicious actions using the unique set of IoAs generated by Kaspersky’s threat hunters, provisioning real-time automated threat hunting capabilities
  • To give you a more accurate picture of what’s happening, a file or process can be sent to the Sandbox for behavioral analysis, either manually or automatically
  • IoAs and Sandbox detections are mapped to MITRE ATT&CK for the further analysis of the adversary’s Tactics, Techniques and Procedures. Individual events in the incident's tree are enriched with MITRE knowledgebase context, including the identification of MITRE-defined tactics used and visualization of the event on the incident graph
• Investigate the causes of the incident and prevent any recurrence. Kaspersky EDR Expert provides high-level endpoint protection and increases the efficiency of your SOC, providing access to retrospective data, even in situations where compromised endpoints are inaccessible or when data has been encrypted during an attack. Boosted investigation capabilities through our unique IoAs, MITRE ATT&CK enrichment and a flexible query builder, plus access to our Threat Intelligence Portal knowledge base - all facilitate threat hunting and fast incident response, leading to effective damage limitation and prevention.
• Choose a convenient telemetry storage option for forensics. A centralized database stores endpoint telemetry for 30 days by default and objects and verdicts with no time limit, meaning that forensic analysis can be performed without relying on endpoint availability. If you find you need more telemetry retention time, this can be increased to 60 or 90 days. In on-prem installations, it’s up to you to determine the period of data storage, depending on the capacity and characteristics of your hardware.
• Respond in the way that suits you best. Your IT security experts are equipped with tools that enable a ‘one click’ response via the central management console, reducing the number of manual tasks and cutting response times from hours to minutes.
• Work smoothly and efficiently. The endpoint activity tree and click-down event tree visualization tools enable your investigators to easily pivot on interesting data elements during threat path evaluation or drill down for more information. Linking events and consolidating alerts helps reveal the full impact of an attack.

Kaspersky EDR Expert is ideal if your organization wants to:

• Upgrade your security with an easy-to-use, enterprise solution for incident response.
• Automate threat identification & response without business disruption during investigations.
• Understand the specific Tactics, Techniques, and Procedures (TTPs) used by threat actors to achieve their goals, enabling more powerful defenses and the effective allocation of security resources.
• Enhance your endpoint visibility & threat detection with advanced technologies.
• Establish unified and effective threat hunting, incident management and response processes.
• Increase the efficiency of your inhouse SOC so they don’t waste their time analyzing irrelevant endpoint logs and alerts.
• Support compliance by enforcing endpoint logs, alert reviews and the documenting of investigation results.

Top Features

Extended Prevention

Kaspersky EDR Expert is based on Kaspersky Endpoint Security for Business. Our most tested, most awarded EPP solution provides a firm foundation, automatically handling the vast majority of alerts, freeing up analysts to focus on tasks that really require their attention and expertise.

• Multi-platform Adaptive Security. Our unique technology identifies abnormal behavior, automatically detecting and remediating a broad number of threats, including fileless threats and exploits.
• Say goodbye to ransomware. Any ransomware heading your way will join the 7 billion+ attacks whose malicious actions our engine has blocked and reversed automatically over the past decade.
• Outstanding performance - confirmed. Our customer reviews confirm just s how our ‘customer choice’ protection against fileless threats and exploits performs in practice – check it out!

---

Advanced Detection

Complex threats and extended attacks using unknown malicious code, compromised accounts, fileless methods, legitimate applications and unsuspected actions all require a multi-level approach to detection with advanced technologies.

• IoC-based discovery
• IoA analysis empowered by MITRE ATT&CK mapping
• Automated threat intelligence — Kaspersky (Private) Security Network
• YARA rules (customizable by your IT security team)
• Sandbox analysis of suspicious objects
• Cloud ML for APK file analysis
• Digital certificate verification
• External threat intelligence cooperation

---

Efficient Threat Hunting and Forensic Investigations

Kaspersky EDR Expert continuously collects telemetry and sends it to centralized cloud or on-prem storage, so that during incident investigation, retrospective data can be quickly accessed – particularly important when the compromised endpoints are inaccessible or their data has been encrypted by cybercriminals. The solution enables your IT security team to conduct detailed incident investigations, with access to the Kaspersky Threat Intelligence Portal, and enriched detections automatically matched to the MITRE ATT&CK knowledge base. They can also create complex queries to search for atypical and suspicious behavior, for specific techniques in MITRE ATT&CK, and for other signs of malicious activity, based on the specifics of your individual infrastructure. Hunt for threats before they can cause a problem!

---

Advanced Detection

Fast, accurate threat containment and incident resolution across distributed infrastructures is supported through centralized and automated actions, helping to streamline the work of your IT security team. No more costly additional resources needed, no more expensive downtime and no lost productivity. Depending on the situation, there is always a choice between automatic and guided responses.

IT security experts are equipped with tools that enable them to ‘one click’ responses via the central management console, reducing the number of routine manual tasks they have to deal with, and cutting response times from hours to minutes.

Challenges & Solutions

How It Works

Endpoint Detection and Response: Reduce Costs without Scrimping on Protection

What does endpoint detection and response mean for enterprises? It means a greater ability to distinguish a mundane cyberincident from a serious threat targeted specifically at your company. By automating the tasks of gathering, analyzing, and validating incidents with machine-learning algorithms, EDR significantly reduces the time and effort required to detect the threat early on. Thus, early detection and quick response further decrease the risk and severity of cyberincidents.

Documentation

Download the Kaspersky Endpoint Detection and Response Expert Datasheet (PDF).