Kaspersky

EDR Optimum

Reducing the risk of your organization falling victim to targeted and advanced threats has become a
necessity rather than a luxury. We’re out to make this process simple and cost-effective, while keeping
everybody safe.

Kaspersky Endpoint Detection and Response (EDR) Optimum is a centralized automated tool that addresses
advanced and targeted attacks in ways that make it easy on both your staff and your IT resources.

Issues that organizations are now facing

Highlights
• Reduces your risk of falling victim to Advanced threats have become commonplace
an advanced or targeted attack Targeted and advanced attacks have become much cheaper and easier to undertake, which
• Provides deep visibility into your
endpoints
means it’s no longer just nation states and huge enterprises who are in danger. Organizations
• Detects complex threats who believed they were under the radar in terms of these attacks, now have to cover their
• Gives your IT security team tools backs and search out adequate protection - 91%1 of organizations have been affected by
and information for root cause cyberattacks over the course of a single year, with 1 in 101 facing a targeted attack.
analysis
• Allows the creation and import of
IoCs and scanning hosts for them
• Provides varied automated and The average cost of an attack is rising year on year
‘single click’ response options Targeted and advanced attacks cost real money. Currently, the average cost of a data
• Undemanding and time efficient
breach stands at approximately $1.41M2, and that of an endpoint malware infection
• Highly automated, but allows for
human input and expertise in an enterprise organization is around $2.73M2. These costs include investigation,
remediation, compensation payments, PR campaigns and all the other things needed to
mitigate the consequences of an attack.

Employing appropriate tools and expertise in order to prevent these threats costs a
fraction of this.

Organizations have limited resources

The number of trained information security professionals you can hire and the amount
of time they can devote to a specific task is not limitless. This isn’t a new problem, but
it’s not going away on its own. Automating security tasks is one of the most effective
ways to address this issue. Currently, 2 out of 33 organizations are suffering from a
lack of information security personnel; and it’s projected that by 2021 3.5 million4
cybersecurity jobs will be left unfilled.

Then there are the IT resources required to run security solutions. Corporate IT
budgets are often spread thin enough as it is. The answer has to lie in lightweight
solutions, or those with minimal IT overheads.

How we help
Kaspersky EDR Optimum was developed to address the need for high-quality
security against complex modern-day threats, in the face of limited resources. It’s
designed to be robust in detecting threats, proactive in responding to them, and
practical in terms of day-to-day operations.

1 – The Kaspersky Lab Global IT Risk Report,

Kaspersky, 2019
2 – IT security economics in 2019, Kaspersky, 2019
3 – Cybersecurity workforce study, (ISC) 2 , 2019
4 – Official Annual Cybersecurity Jobs Report,
Cybersecurity Venture, 2019
 Robust
The first step in protecting yourself against an attack is being aware of the threat, so robust • Malwareless attacks
detection and investigation are the cornerstone of any EDR solution.” • Lateral movement
• Suspicious behavior
Kaspersky EDR Optimum employs a varied set of techniques, capable of detecting any trace of an • and others
attack, including but not limited to:
Proactive
Detecting a threat is not enough - you have to be able to deal with it in a timely manner, both on • Isolate host
the infected host and on other hosts in the network. Kaspersky EDR Optimum provides various • Launch scan of the host
ways you can respond to arising threats: • Remove (quarantine) file
• Kill process
• Prevent process from executing
Practical
How much time and effort your security team spends on analyzing and responding to threats is just as important as detection rates and response
techniques. With Kaspersky EDR Optimum you don’t need exceptional expertise, a large team or the whole day to stay protected. It provides detailed
data, it’s highly automated and it’s easy on your IT resources. All this gives you strong:
Visibility Automation Performance
• Full information on incidents • Single-click response options • No additional overheads
• Kill-chain visualization • Automated creation of IoCs from an • Integrated with Kaspersky Endpoint Security
• Incident history and root cause analysis incident (or import) • Controlled from the Kaspersky Security
• Search hosts for IoCs and automatically Center console
respond to threats

Use cases
Here are just a few simple cases where Kaspersky EDR Optimum can be used to detect,
investigate and respond to various threats.
Detect Investigate Respond
Malicious file detected and Kill chain visualization shows this file was dropped by an Prevent process from executing with a single
shown in the events list unsigned process click, quarantine the dropped file
Process injection detected Full information on the incident shows host info, file creation Isolate this host and search for similar incidents
and modification date, author and signature, etc. Based on this on other hosts in the network
information and the kill chain, the file is considered suspicious
Suspicious connection Incident data reveals the address the connection was established Isolate this host. Create IoC for periodic search
detected with. Kill chain visualization associates this connection to a registry on other hosts and set up automated response:
key change, both of which were initiated by the same process quarantine file and launch scan on host

How it works
Log in Kaspersky EDR Optimum adds enhanced visibility, root cause analysis capacity
and automated response to existing strong EPP (Kaspersky Endpoint Security for
See all Business), while utilizing the same agent.
incidents
IT Security

Data is gathered and analyzed from these hosts, and reporting, detailed incident information
Investigate and response options on the incidents are provided via the Kaspersky Security Center console.
incident
Incident list KESB*
Response to incidents can be either automated or ‘single click’. Automated response
is set up in order to respond to similar incidents on many hosts without human
involvement, and is triggered after a self-created or imported IoC has been detected
No Incident
response info on those hosts.
Respond
to the
incident We’ve made Kaspersky EDR Optimum as simple to operate as possible. After
deployment, your IT security staff only need to check the console once in a while, to
One-click Create
response IoC process the incidents arising, perform root cause analysis and respond to incidents.

This high level of automation and visibility eliminates the need for the security officer
Set up
automated
to go through massive amounts of data each day. Instead, it helps them focus their
Automated Find
response
response similar
attention on suspicious activities, giving them all the information they need.

To find out more about how Kaspersky EDR Optimum addresses cyberthreats while
Next going easy on your security team and resources, visit:
incident
Incident resolved http://www.kaspersky.com/enterprise-security/edr-security-software-solution
*Kaspersky Endpoint Security for Business

Cyber Threats News: www.securelist.com

IT Security News: business.kaspersky.com
IT Security for SMB: kaspersky.com/business We are proven. We are independent. We are
IT Security for Enterprise: kaspersky.com/enterprise transparent. We are committed to building a safer
world, where technology improves our lives. Which
is why we secure it, so everyone everywhere has the
endless opportunities it brings. Bring on cybersecurity
www.kaspersky.com for a safer tomorrow.

2020 AO Kaspersky Lab. All rights reserved. Know more at kaspersky.com/transparency

Registered trademarks and service marks are the property
of their respective owners.