Kaspersky Endpoint Detection and Response Optimum Integration
Kaspersky Endpoint Detection and Response Optimum is a solution for protecting an organization's IT infrastructure from threats such as exploits, ransomware, fileless attacks, and legitimate system tools used by attackers to compromise devices or data.
Kaspersky Endpoint Detection and Response Optimum monitors and analyzes the evolution of threats, and provides information about a potential attack to a security officer or administrator, helping them perform response actions in a timely manner.
Integration of Kaspersky Endpoint Security with the Kaspersky Endpoint Detection and Response Optimum solution is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response Optimum (EDR Optimum).
Kaspersky Endpoint Security 12.1 for Linux is compatible with Kaspersky Endpoint Detection and Response Optimum version 3.0.
Versions of Kaspersky Endpoint Security for Linux earlier than 12.1 do not include the EDR Optimum component.
Kaspersky Endpoint Detection and Response Optimum uses the following Threat Intelligence tools:
- The Kaspersky Security Network (hereinafter also referred to as KSN) cloud service infrastructure that provides access to Kaspersky file, website, and software reputation online knowledge base.
- Integration with the Kaspersky Threat Intelligence Portal, which contains and displays information about the reputation of files and websites.
- The Kaspersky Threats database.
When interacting with Kaspersky Endpoint Detection and Response Optimum, Kaspersky Endpoint Security can:
- Send data about events on devices to Kaspersky Security Center. Kaspersky Endpoint Security sends monitoring data on processes, open network connections, and modified files to Kaspersky Security Center, as well as data on threats detected by the application and data on the processing results for these threats.
- Perform response actions to ensure security when receiving commands from Kaspersky Security Center.
Integration with Kaspersky Endpoint Detection and Response Optimum involves the following steps:
- Enabling required components of Kaspersky Endpoint Security
Make sure that the following components of Kaspersky Endpoint Security are enabled and running:
- Enabling threat analysis tools
Make sure that Kaspersky Security Network is enabled in standard or extended mode.
For the most effective operation of Kaspersky Endpoint Detection and Response Optimum, we recommend the extended Kaspersky Security Network mode.
- Activating the EDR Optimum component
Make sure one of the following conditions is satisfied:
- You are using Kaspersky Endpoint Security under a license that includes the Kaspersky Endpoint Detection and Response Optimum functionality.
- You have purchased a separate license for using the Kaspersky Endpoint Detection and Response Optimum functionality and also added the EDR Optimum license key to the application.
- Enabling the Kaspersky Endpoint Detection and Response Optimum Integration
By default, the integration of Kaspersky Endpoint Security with Kaspersky Endpoint Detection and Response Optimum is disabled. You can enable, disable, or configure the integration:
- Using the Web Console.
- Using the command line.
Managing the EDR Optimum component using Kaspersky Security Center Administration Console is not supported.
You can check the status of the EDR Optimum component:
- Using the Application component status report in the Web Console.
The Endpoint Detection and Response Optimum component has been added to the list of Kaspersky Endpoint Security components. For detailed information about reports, please refer to the Kaspersky Security Center Help.
- In the device properties in the Web Console.
- Using the command line.
- Enabling data transfer to the Administration Server
To use all functionality of Kaspersky Endpoint Detection and Response Optimum, you must enable the following settings:
- Notification about files in Backup is enabled/disabled.
You can enable this setting in the policy properties under Application settings → General settings → Storage settings.
By enabling this setting, you allow information about files that Kaspersky Endpoint Security has moved to Backup on the device to be sent to Kaspersky Security Center.
- Show EDR alerts.
You can enable this setting in the main window of Kaspersky Security Center Web Console under Settings → Interface settings.
By enabling this setting, you allow the list of alerts to be displayed.
The Show EDR alerts setting not available in a Web Console version earlier than 15.1.
- Notification about files in Backup is enabled/disabled.