Kaspersky Endpoint Detection and Response (EDR) Optimum helps identify, analyze and neutralize evasive threats by providing easy-to-use advanced detection, simplified investigation and automated response. It is a basic EDR tool for mid-market organizations who are just starting to build their incident response processes.
$14.50
per year on a 3 year license (Pricing is for a 3-year commitment, calculated per year). 1 endpoint
Microsoft System Center Endpoint Protection
Score 8.0 out of 10
N/A
Microsoft System Center Endpoint Protection is a malware, spyware, antivirus and endpoint protection application available formerly with System Center Configuration Manager (SCCM), which later became Microsoft Endpoint Manager. It is a legacy product, with older versions reaching end of support, and is not available as a standalone product.
N/A
Pricing
Kaspersky EDR Optimum
Microsoft System Center Endpoint Protection
Editions & Modules
Kaspersky EDR Optimum
$14.50
per year on a 3 year license (Pricing is for a 3-year commitment, calculated per year). 1 and 2 year licenses also available. per endpoint
We have been using Kaspersky EDR Optimum for over 10 years, with the evolution of products reaching EDR now, we can verify the integrated responsiveness and visibility of our environment. Great protection tool on all OS. Very good value for money, with the new licensing, all business plans will now have native EDR.
It is well suited in environments that want a simple AV product/solution that, for the most part, can be easily deployed to client endpoints. It is also good for environments that want something that is easy to use by end-users, and also doesn't use a whole lot of system resources. It is less suited for environments that want an AV solution that is more robust feature-wise, or has more configurable options for the end-users. It is also less suited for those organizations that want an AV product to have the highest detection rate in the industry.
KEDR Optimum is helping to see threat kill chain formation, which helps to get clear picture of the what exactly attacker was trying to do during attack.
We are crating prevent execution rules to block the threat in our complete infra.
Ioc scan to validate and remove the any active threat entry from our endpoints
Microsoft System Center Endpoint Protection offers exceptional threat protections for signature-based "known" threats.
The signatures are constantly updated and management of this application is super easy with the use of Microsoft SCCM.
The application is very much a "set it and let it" type of deployment. Once you install it, there are very little configuration or changes that need to be made.
The product could improve in the area of having better mechanisms in place with how the SCEP client is deployed/installed from the server on the management side. We have run into this firsthand with the client not installing on an endpoint, and then having to take the time to investigate why it was not installing.
A second improvement that can be made is to keep trying to improve the products detection rate for finding malware/viruses. The case can be made that there are some products out there that do a better job at this and have a higher detection rate.
At the moment and unfortunately we'll not renew our licenses, due to the Russian conflict and the company policy that has forced us to get rid of any Russian related product. Before that incident, we were very happy with the product and we did not even think once about changing it... Maybe on the future...
This item can always be improved, perhaps by pre-elaborating very long reports, such that they are built progressively so that when the user wants to consult them, the delay is minimal. It would also be interesting to have a warehouse of reports, which serves as a repository where they can be consulted whenever needed, adding AI capabilities that allow data to be linked together and improve the analysis and possible correlations of events.
There was a time and a place in which Microsoft System Center Endpoint Protection was an excellent choice to provide threat protections. However, now that threats have been evolving, so too does the need for more advanced protections. In its current offering, it just no longer meets the needs of our organization in terms of providing protections against threats.
After several evaluations we concluded that the kasprsky provider has a solution for each processing environment we have.This impacts an excellent cost-benefit for achieving economies of scale on the company's infrastructure. On the other hand, we verified that during its operation, its level of effectiveness in terms of malware detection is excellent. Finally, it provides a desktop patch management solution that we found efficient and effective. Allowing you to automate the distribution of patches with a minimum staffing of technical personnel.
How SCEP stacks up against some of the other AV solutions/products is that it does a pretty good job overall (not the best in the industry) at detecting/removing malware, which is the main focus for a product like this. It is also easy to use on the end-user side, which can't be said for some other AV products on the market. I was not involved with the selection/purchase of the product in the organization, but I'm almost certain the organization selected this based on the tight integration with Microsoft System Center Manager, which is used in the organization. Also, given the fact that SCEP is tightly integrated and works well in organizations that utilize Microsoft products, it was probably another factor in selecting this. Lastly, the cost of licenses was probably lower (because of System Center already being in place) than other AV products.
There was little/no cost associated with this software since we are utilizing SCCM and are paying license costs for that anyways.
The level or protection is excellent for the cost of the software.
There was at least one instance in which Microsoft System Center Endpoint Protection identified a crypto-malware, but not before it had already started to encrypt many of our files. So it did detect the threat, but since it was a little delayed we still were infected.
