Kaspersky Endpoint Detection and Response (KEDR)

Main article: Security Information and Event Management (SIEM)

Kaspersky Endpoint Detection and Response (KEDR) is an enterprise solution for detecting threats and responding to cyber incidents on end devices.

2024

As part of PAC "Nerpa + KATA + KEDR"

The manufacturer of IT equipment Nerpa and the developer of information security solutions Kaspersky Lab, with the participation of OCS Distribution, have released two hardware and software complexes (PAC) - to protect companies from various cyber threats and unified information security management. OCS Distribution announced this on June 6, 2024.

Within the framework of cooperation, vendors have implemented comprehensive solutions cyber security that allow them to withstand complex ones. to the attacks The first implemented PAC is "Nerpa + KATA + KEDR." The system also includes ON Kaspersky Anti Targeted Attack Kaspersky EDR Expert, as well as the performance of two. processor server Nerpa Nord More here.

Inclusion in MTS RED SOC

MTS RED, a member of MTS PJSC, has supplemented the services of the center for monitoring and responding to cyber attacks MTS RED SOC with technology for protecting workstations and servers based on the Kaspersky EDR (Endpoint Detection and Response) solution. MTS RED announced this on April 5, 2024.

The MTS RED service allows you to detect attempts to penetrate or the presence of intruders in the IT infrastructure of companies on network endpoints - employee workstations and servers. Most targeted attacks begin with intruders penetrating employees' devices, so identifying suspicious activity on network endpoints allows you to detect and localize the incident before the attackers reach the final goal and the company is damaged. This is especially important for responding to complex threats and targeted attacks, during which attackers use techniques and tactics that are poorly detected by basic antiviruses.

The Kaspersky Endpoint Detection and Response solution accumulates a long-term expertise of the vendor to identify the compromise of network endpoints and provides deep and detailed analytics for each incident. The use of this technology in the form of the MTS RED SOC service eliminates the need for customers to independently implement, configure and support the product, and also enables MTS RED specialists to carry out incident response measures directly in the customer's infrastructure. This helps to reduce the time interval between the issuance of recommendations for countering cyber attacks and their implementation, which in some cases is critical.

Employee workstations are the most common point of penetration and anchoring of an attacker in the infrastructure, so we must be confident in the technological maturity of the solution that forms the basis of the service for identifying targeted attacks on network endpoints. The Kaspersky EDR solution helps to more quickly identify cyber threats and localize them, even if we are talking about difficult-to-detect attacks. Thanks to the service model, the supply of Kaspersky Lab technologies is complemented by the experience and expertise of the MTS RED team, which is able to block the development of attacks in the infrastructure of service customers on its own, "said Evgeny Lyapushkin, head of the MTS RED SOC product portfolio.

Our Kaspersky EDR solution allows you to respond to even the most complex cyber threats at the end node level in a timely manner and begin to eliminate the consequences as soon as possible, thus significantly speeding up the entire process of repelling an attack. The product has been repeatedly recognized as a technological leader in the global EDR solutions market, and we are glad that now customers of the MTS RED SOC Center will be able to take advantage of its advantages, "said Evgeny Budarin, Head of Pre-Sales Support at Kaspersky Lab.

The event analysis service at the endpoints of the network is provided according to the cloud model. The connection speed is from 14 days, depending on the number of workstations and servers that need to be protected.

2023

Using Axiom JDK Certified as a Platform

Kaspersky Lab will use Axiom JDK Certified, a Russian certified Java platform, as part of its solutions. Kaspersky Lab announced this on November 27, 2023.

The certified platform Java is planned to be used in the comprehensive protection of the native XDR class against complex threats and targeted attacks consisting of solutions Kaspersky Anti Targeted Attack and EDR Kaspersky Expert. This will increase their security and significantly speed up the certification process, where, FSTEC together with the solution, verification of the code of the environment of its operation is required. More. here

Delta Tioga Pass and Delta Argut compatibility

and Delta Computers Kaspersky Lab"" confirmed compatibility and correctness of work, software Kaspersky Anti Targeted Attack Platform (KATA) Kaspersky Endpoint Detection and Response (KEDR) Kaspersky Unified Monitoring and Analysis Platform (KUMA) server and with products. This was Delta Tioga Pass и Delta Argut announced on September 6, 2023 by Delta Computers. More. here

2022: As part of PAC based on Depo Storm Kaspersky Endpoint Detection and Response (KEDR)

Axoft, Kaspersky Lab and DEPO Computers presented Russian hardware and software complexes based on the DEPO Storm server platforms and Kaspersky Lab software products. The complexes were tested by engineers of the DEPO Computers technology center and are ready for use in government agencies and enterprises of the corporate sector. Read more here.

2020

At the heart of the cyber insurance product

Insurance House VSK and Angara Professional Assistance have launched a cyber insurance product based on Kaspersky Lab technologies. This was announced on October 26, 2020 by Angara Technologies Group.

The intelligent basis of the information security service is Kaspersky Lab's software solution for protecting against complex and unknown threats - Kaspersky Endpoint Detection and Response (Kaspersky EDR), as well as the Angara Cyber ​ ​ Resilience Platform (ACRP), designed to monitor, investigate and analyze cyber threats. Read more here.

At the heart of the service for identifying complex multi-component attacks

On October 22, 2020, Rostelecom-Solar"" announced that, together with Kaspersky Lab"," it launched a service to identify complex multi-component attacks on workstations servers and corporate customers. It is based on the EDR Endpoint Detection and Response (EDR) system Kaspersky. The solution is connected to the services of the center for monitoring and responding to cyber attacks Solar JSOC and will help identify the activity (for example, the presence in the infrastructure) of highly qualified attackers, which is usually not detected by basic protection tools.

According to the statistics Rostelecom of "-Solar," every year the techniques and techniques that are used hackers to bypass classic means of protection become more difficult, and more and more attacks are associated with a long and secretive presence in the victim's infrastructure. Highly qualified attackers (cyber recruits and cyber warfare) use a combination of unique and expensive proprietary developments with legal utilities and social engineering methods to introduce harmful modules into the attacked system. Moreover, these complex tools are gradually spreading in the shadow segment of the Web, and they are already being adopted by cybercriminals with medium qualifications (cyber crime). At the same time, their main methods for penetrating the victim's infrastructure remain phishing mailings with complex malware, ON which usually does not recognize the standard one. antivirus Expanding the EDR-based monitoring service will help identify and localize even such difficult-to-detect attacks at the end nodes of an organization's infrastructure.

{{quote 'The EDR system is an important component of the Cyber Incident Response Center (SOC) - it speeds up the collection of primary evidence, provides detailed telemetry and automates EDR processes, reducing the total response time from several hours to a matter of minutes. A professional team of analysts is needed to process this data and correctly respond to incidents, and due to the fact that Solar JSOC has allocated resources to create it, it will be much easier for service customers to ensure reliable protection of their resources, "said Mikhail Pribochiy, Managing Director of Kaspersky Lab in Russia, CIS countries and the Baltic states. }}

To implement this service, a joint study of technical solutions and interaction models was carried out. In particular, a specialized team for analyzing complex attacks was allocated to Solar JSOC.

The development of tools and techniques for attackers requires other approaches to detecting attacks. The problem of protecting workstations, which most often become the point of consolidation and development of an attacker's attack, is one of the priority for critical information infrastructure (CII) objects. We are pleased to expand cooperation with our long-time technology partner, Kaspersky Lab, a joint service to identify attacks on end nodes of the network, "said Vladimir Dryukov, director of the Solar JSOC Cyber ​ ​ Attack Monitoring and Response Center.

The EDR service from Solar JSOC is provided both on a cloud model (entirely from the Solar JSOC core) and with the placement of key system components at the customer's site, and the connection to the service will take 4-5 weeks. The necessary components are installed in the customer's infrastructure, enriched with unified content from Solar JSOC experts, which will be additionally profiled and adapted to the peculiarities of the infrastructure and processes of a particular organization. The service is also available for customers who independently purchase Kaspersky EDR licenses, and not only within the framework of MSSP licenses.

As of October 22, 2020, Rostelecom-Solar and Kaspersky Lab are already preparing to launch the EDR service for several large government and commercial customers.

2019: As part of Kaspersky and Angara's joint services to protect against targeted attacks

On October 8, 2019, Kaspersky Lab announced that it was starting to work on the MSSP model in Russia. The first partner of the company was the Angara Professional Assistance service provider. Read more here.

2018: Issue

On February 20, 2018, Kaspersky Lab introduced the Kaspersky Endpoint Detection and Response (KEDR) solution, which continuously monitors any anomalies and suspicious processes at employees' workplaces, presents all collected data in a convenient visualized form, recognizes threats and responds to incidents. Thus, the solution largely automates the process of searching for malware and intrusions into the corporate network, keeping the response time to the threat to a minimum. The Kaspersky EDR component is tightly integrated with the platform for protection against targeted attacksKaspersky Anti Targeted Attack Platform.

LC: A modern EDR solution should include several threat detection subsystems integrated into a single complex with static, behavioral and dynamic analysis functions, as well as constant access to a global library of threat intelligence and machine learning technologies.

The company noted that the speed of response to threats is more important than ever. According to a Kaspersky Lab study, late recognition of a cyber incident and a lack of visual control over the end devices through which the vast majority of threats penetrate turn into significant financial damage for the company. And in Russia over the past year, almost a quarter of organizations faced them ― 23%.

At the same time, targeted attacks in the vast majority of cases proceed unnoticed by the company for at least six months, and two factors contribute to this. First, the search for hidden threats is still carried out manually by information security specialists looking for anomalies among huge amounts of data. And secondly, even if suspicious activity is detected in the system, IT specialists within the organization cannot always assess the degree of its danger, since this requires deep knowledge in the related area of ​ ​ information security and software analysis.

According to the developer, Kaspersky EDR will make it possible to fundamentally change the situation. This solution implements a flexible and intelligent approach to automatically recognizing any threats (including those still unknown), as well as responding to them in a timely and most adequate manner to prevent possible damage and negative consequences for the organization. In this case, all control is carried out using a single interface.

Kaspersky EDR combines five main areas of work:

• Continuous monitoring of workplace threats ― security professionals get instant, network-wide visual control, and graphical representation of data can identify complex and complex threats.
• Centralized data collection ― The solution aggregates, within a single repository, key real and potential threat data from workplaces, such as unknown files, processes, programs, services, modules, auto-starts, network connections, and timesheets.
• Advanced threat detection ― a multidimensional risk detection approach that includes static, dynamic, and behavioral analysis of the information received, as well as cyber threat analytics and machine learning technologies;
• high-precision response ― a wide range of tools allows information security specialists to remotely view, assess, contain and eliminate individual threats and their consequences without affecting the work of end users;
• IT specialists can respond to detected threats and set automatic rules for their prevention by preventing threats in the workplace ― using the functions of quick search and checking for indicators of compromise.

Kaspersky EDR is available as a standalone product, as well as as as part of the comprehensive Kaspersky Threat Management and Defense platform, which allows companies to gain full visual control over all events in the IT infrastructure. In addition to Kaspersky EDR, this platform also includes a specialized solution for combating targeted attacks ― Kaspersky Anti Targeted Attack Platform ― and analytical services that help you understand the features of various cyber threats. The product also works as a single agent along with the Kaspersky Security for Business solution.