Item: Kaspersky EDR Expert
Rating: 8
Author: Verified User

Overall Satisfaction with Kaspersky EDR Expert

Use Cases and Deployment Scope

We use it for all of the our workstation and now we are planning to deploy it to servers. We use EDR to get large amount of controls and logs from our hosts. Then we use collected data to determine cybersecurity incidents. Also this product decreases the load to our SIEM-system because the correlation between logs and security events.

Pros and Cons

Pros

Collecting data from windows hosts
Correlating collected data and composing incidents
Clearing the situation with impacted hosts during cybersecurity incidents

Cons

Linux-systems support on the same level like windows systems
Untying from Kaspesky ATA
AI add to ease the way of profiling the system (it requires 1 FTE to examine all the incidents on 10 000 hosts? too much)

Most Important Features

Comprehensive analysis
User-friendly interface
Russian product:(

Return on Investment

The only one value is the risk reduction
May be the feeling of additional protection is the second value but I am not sure

Alternatives Considered

Palo Alto Networks Cortex XDR

We decided to use Kaspersky EDR because of anti-russian sanctions. And
now we have to give to Kaspersky Laboratory as much experience and
knowledge as we can. Because we used to purchase the best products and
Kaspersky team do they best to reach the highest quality of the product.
May be they need to correct their strategy and to concentrate on the
market demand.

Key Insights

Do you think Kaspersky EDR Expert delivers good value for the price?

Yes

Are you happy with Kaspersky EDR Expert's feature set?

Yes

Did Kaspersky EDR Expert live up to sales and marketing promises?

Yes

Did implementation of Kaspersky EDR Expert go as expected?

Yes

Would you buy Kaspersky EDR Expert again?

Yes

Other Software Used

Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Security, SearchInform DLP, SearchInform FileAuditor, Checkmarx, Tripwire File Integrity Monitoring, Kaspersky Hybrid Cloud Security, ModSecurity, Suricata IDS

Likelihood to Recommend

It is a very comprehensive product to learn everything about incidents on the windows hosts. Also EDR can create some incidents during its analyze. But it is pretty useless when we are talking about linux systems. Further it is not so good when algorithms are not described clearly (like it was when we used Traps). So there are some ways to improve the product

Comments

Please log in to join the conversation

One of the largest Russian banks experience with Kaspersky EDR Expert