Endpoint Detection and Response
| Starting with version 11.7.0, Kaspersky Endpoint Security for Windows includes a built-in agent for the Kaspersky Endpoint Detection and Response Optimum solution (hereinafter also "EDR Optimum"). Starting with version 11.8.0, Kaspersky Endpoint Security for Windows includes a built-in agent for the Kaspersky Endpoint Detection and Response Expert solution (hereinafter also "EDR Expert"). Kaspersky Endpoint Detection and Response is a range of solutions for protecting the corporate IT infrastructure from advanced cyber threats. The functionality of the solutions combines automatic detection of threats with the ability to react to these threats to counteract advanced attacks including new exploits, ransomware, fileless attacks, as well as methods using legitimate system tools. EDR Expert offers more threat monitoring and response functionality than EDR Optimum. For details about the solutions, see the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help. |
Threat Intelligence tools
Kaspersky Endpoint Detection and Response uses the following Threat Intelligence tools:
- The Kaspersky Security Network (hereinafter also referred to as "KSN") cloud service infrastructure, which provides access to real-time file, website, and software reputation information from the Kaspersky knowledge base. Using data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives. EDR Expert uses the Kaspersky Private Security Network (KPSN) solution, which sends data to regional servers without sending data from devices to the KSN.
- Integration with the Kaspersky Threat Intelligence Portal portal, which contains and displays information about the reputation of files and web addresses.
- Kaspersky Threats database.
- Cloud Sandbox technology that lets you run detected files in an isolated environment and check their reputation.
Principle of operation of the solution
Kaspersky Endpoint Detection and Response reviews and analyses threat development and provides security personnel or the Administrator with information about the potential attack that is necessary for a timely response. Kaspersky Endpoint Detection and Response displays alert details in a separate window. Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.
Support for previous versions of Kaspersky Endpoint Security
If you are using Kaspersky Endpoint Security 11.2.0–11.6.0 for interoperability with Kaspersky Endpoint Detection and Response Optimum, the application includes Kaspersky Endpoint Agent. You can install Kaspersky Endpoint Agent side-by-side with Kaspersky Endpoint Security. In Kaspersky Endpoint Security 11.9.0 the Kaspersky Endpoint Agent distribution package is no longer part of the Kaspersky Endpoint Security distribution kit.
The Kaspersky Endpoint Detection and Response Expert solution does not support interoperability with Kaspersky Endpoint Agent. The Kaspersky Endpoint Detection and Response Expert solution uses Kaspersky Endpoint Security with built-in agent (version 11.8.0 and later).
