Kaspersky Endpoint Detection and Response (EDR) Expert provides endpoint protection, advanced detection, threat hunting and investigation capabilities and multiple response options in a single package. It is an EDR solution for IT security teams with more mature incident response processes, enabling them to hunt, prioritize, investigate and neutralize complex threats and APT-like attacks.
Key features
- Advanced detection, including methods based on machine learning
- Indicator of Compromise (IoC), Indicator of Attack (IoA) and Sandbox detection
- Monitoring and visualization with drill-down capability
- Guided investigation
- Centralized telemetry storage
- Threat hunting capabilities
- MITRE ATT&CK mapping
- Multiple response options
- Access to Kaspersky Threat Intelligence Portal
- Single cloud or on-prem console
Kaspersky also describes what they believe are the product's key benefits, and differentiators:
Benefits
- Single agent with next-gen endpoint security (EPP)
- Provides tools for defending against complex and advanced threats
- Allows for proactive threat hunting, not only reacting to incidents
- Deep investigation helps prevent similar incidents in the future
- Several response options, automation and customization to best fit the cybersecurity team
- Reduces required cybersecurity resources through guidance and automation
- Simple way to upgrade to Native XDR
DIfferentiators
- Includes next-gen endpoint security (EPP)
- Guided investigation helps analyze threats quickly and learn on the job
- Proprietary Indicators of Attack
- Sandbox with capability to use customer-defined images (on a select range of OS)
- Threat Intelligence
- API to send gathered telemetry to third-party systems
- Supports both cloud and on-premise deployments