sb-au logo
Story image

Kaspersky unifies endpoint detection and response offering

08 Jul 2020

Kaspersky has combined three of its security solutions into one single offering, designed for medium businesses. Kaspersky Endpoint Security for business with cloud management console, Kaspersky Endpoint Detection and Response Optimum, and Kaspersky Sandbox are all under one solution.

According to Kaspersky, the new endpoint detection and response (EDR) solution enables IT security specialists to get insight and visibility into incidents, as well as immediate investigation and options for automated response.

“The technology and cybersecurity landscape is changing rapidly, meaning organisations have to deal with more challenges using the same resources,” comments Kaspersky VP product marketing, Dmitry Aleshin. 

According to Kaspersky’s IT Security Risks Survey, approximately 40% of mid-size companies and enterprises lack sufficient insight and intelligence on the threats faced by their organization.

Furthermore, resources are often limited, meaning that complex threats can be almost impossible to deal with without more employees, including high-class security analysts, threat hunters and incident responders.

Kaspersky Endpoint Security for Business detects a file that may not be fully categorised as malicious. Because it cannot be sure, it sends the file to Kaspersky Sandbox, a tool that automatically runs the risky file in an isolated environment to make it reveal its malicious behaviour or character. 

The verdict from Kaspersky Sandbox can then be further enriched with analytics on the file performed by Kaspersky EDR Optimum.

Kaspersky EDR Optimum can then take a number of different actions, such as isolating an endpoint with potential malware or quarantining a suspicious file. To ensure the threat does not spread to other machines, security specialists can create indicators of compromise and then schedule an automatic scan of endpoints for the malicious object. 

EDR Optimum can also upload third-party IoCs and running a scan to identify affected endpoints. All these functions enable centralised management of security incidents, reacting to critical threats and preventing them.

The management console Kaspersky Security Center is now available from the cloud, in addition to the existing on-premise option. 

Recent statistics from Kaspersky’s Threat Intelligence Portal suggests almost three quarters (72%) of the analysed malicious files were either trojans, backdoors, or droppers.  

“We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses or pieces of code that insert themselves in over other programs, is extremely low – less than one percent, but it is traditionally among the most widespread threats detected by endpoint solutions,” comments Kaspersky acting head of threats monitoring and heuristic detection, Denis Parinov.

“This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”

Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More
Story image
Research reveals increase in critical, low complexity vulnerabilities
2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.More
Story image
Millions of email attacks missed by organisations’ cyber security protection
"While organisations have invested in protection against email threats, many of these attacks slip through gateways, landing in users inboxes."More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
CyberCX and AustCyber launch platform to boost Aus cybersecurity industry
"Australia has some of the best cyber talent in the world, but we need to expand the supply of talent coming through the pipeline if we are to have a vibrant and globally competitive economy."More