Item: Kaspersky EDR Expert
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

We use it for all of the our workstation and now we are planning to deploy it to servers. We use EDR to get large amount of controls and logs from our hosts. Then we use collected data to determine cybersecurity incidents. Also this product decreases the load to our SIEM-system because the correlation between logs and security events.

Pros and Cons

Collecting data from windows hosts
Correlating collected data and composing incidents
Clearing the situation with impacted hosts during cybersecurity incidents

Linux-systems support on the same level like windows systems
Untying from Kaspesky ATA
AI add to ease the way of profiling the system (it requires 1 FTE to examine all the incidents on 10 000 hosts? too much)

Most Important Features

Comprehensive analysis
User-friendly interface
Russian product:(

Return on Investment

The only one value is the risk reduction
May be the feeling of additional protection is the second value but I am not sure

Deciding Factors

The key deciding factor was tests which were carried out using the huge amount of virus samples and hackers techniques. After the tests Kaspersky EDR got the best score and we decided to buy it and another product which representes the good result too. Then we decided to choose according to the best price.

Resources

We need 1 full time equivalent of analytics team to investigate incidents generated by Kaspersky EDR and 1 full time equivalent of maintance team to support our installation. Also we have different meetings to discuss the results of the product and its funcionality so I suppose that it takes near 0,3 FTE of management resources. Not so little.

Alternatives Considered

Palo Alto Networks Cortex XDR

We decided to use Kaspersky EDR because of anti-russian sanctions. And
now we have to give to Kaspersky Laboratory as much experience and
knowledge as we can. Because we used to purchase the best products and
Kaspersky team do they best to reach the highest quality of the product.
May be they need to correct their strategy and to concentrate on the
market demand.

Key Insights

Do you think Kaspersky EDR Expert delivers good value for the price?

Yes

Are you happy with Kaspersky EDR Expert's feature set?

Yes

Did Kaspersky EDR Expert live up to sales and marketing promises?

Yes

Did implementation of Kaspersky EDR Expert go as expected?

Yes

Would you buy Kaspersky EDR Expert again?

Yes

Other Software Used

Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Security, SearchInform DLP, SearchInform FileAuditor, Checkmarx, Tripwire File Integrity Monitoring, Kaspersky Hybrid Cloud Security, ModSecurity, Suricata IDS

Likelihood to Recommend

It is a very comprehensive product to learn everything about incidents on the windows hosts. Also EDR can create some incidents during its analyze. But it is pretty useless when we are talking about linux systems. Further it is not so good when algorithms are not described clearly (like it was when we used Traps). So there are some ways to improve the product

One of the largest Russian banks experience with Kaspersky EDR Expert

Overall Satisfaction with Kaspersky EDR Expert