sb-au logo
Story image

Kaspersky unifies endpoint detection and response offering

08 Jul 2020

Kaspersky has combined three of its security solutions into one single offering, designed for medium businesses. Kaspersky Endpoint Security for business with cloud management console, Kaspersky Endpoint Detection and Response Optimum, and Kaspersky Sandbox are all under one solution.

According to Kaspersky, the new endpoint detection and response (EDR) solution enables IT security specialists to get insight and visibility into incidents, as well as immediate investigation and options for automated response.

“The technology and cybersecurity landscape is changing rapidly, meaning organisations have to deal with more challenges using the same resources,” comments Kaspersky VP product marketing, Dmitry Aleshin. 

According to Kaspersky’s IT Security Risks Survey, approximately 40% of mid-size companies and enterprises lack sufficient insight and intelligence on the threats faced by their organization.

Furthermore, resources are often limited, meaning that complex threats can be almost impossible to deal with without more employees, including high-class security analysts, threat hunters and incident responders.

Kaspersky Endpoint Security for Business detects a file that may not be fully categorised as malicious. Because it cannot be sure, it sends the file to Kaspersky Sandbox, a tool that automatically runs the risky file in an isolated environment to make it reveal its malicious behaviour or character. 

The verdict from Kaspersky Sandbox can then be further enriched with analytics on the file performed by Kaspersky EDR Optimum.

Kaspersky EDR Optimum can then take a number of different actions, such as isolating an endpoint with potential malware or quarantining a suspicious file. To ensure the threat does not spread to other machines, security specialists can create indicators of compromise and then schedule an automatic scan of endpoints for the malicious object. 

EDR Optimum can also upload third-party IoCs and running a scan to identify affected endpoints. All these functions enable centralised management of security incidents, reacting to critical threats and preventing them.

The management console Kaspersky Security Center is now available from the cloud, in addition to the existing on-premise option. 

Recent statistics from Kaspersky’s Threat Intelligence Portal suggests almost three quarters (72%) of the analysed malicious files were either trojans, backdoors, or droppers.  

“We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses or pieces of code that insert themselves in over other programs, is extremely low – less than one percent, but it is traditionally among the most widespread threats detected by endpoint solutions,” comments Kaspersky acting head of threats monitoring and heuristic detection, Denis Parinov.

“This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”

Link image
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
Story image
Chillisoft nabs LogRhythm Distie of the Year for A/NZ
The specialist cybersecurity distributor has made great strides in LogRhythm sales and support since signing with them a year and a half ago.More
Story image
A third of millennials think they're 'too boring' to be victim of cyber attack
While many millennials are concerned at how their data is being used and whether they are being targeted by cyber-attackers, according to Kaspersky any potential action taken to tighten their online security is at ‘the bottom of their to-do list’.More
Story image
Fortinet: Security as agile as your network
Jon McGettigan, Fortinet A/NZ Regional Director, explains why your network requires agile security services to fully protect your expanding ‘core and edge’ topology.More
Download image
451 Research: The new shape of the enterprise network
In this new world, distance has become the silent digital business killer. Latency looms large, especially for high-performance edge applications, IoT and 5G use cases. More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More