Kaspersky EDR

Boost endpoint security while cutting costs

Digitally transforming enterprises are valuable targets for cybercriminals. Today, just uncovering and blocking individual threats as they arise isn’t enough -  defending yourself successfully against complex threats at the earliest possible stage requires root cause analysis. Implementing the full endpoint protection cycle, from automatic threat blocking to complex incident response, means supplementing preventive technologies with advanced defense capabilities. Kaspersky Endpoint Detection and Response (EDR) provides comprehensive visibility across all endpoints on the corporate network, enabling the automation of routine tasks in order to discover, prioritize, investigate and neutralize advanced threats.  The result is a significant increase in the speed and effectiveness of incident processing, at no extra cost.

  • Single agent for advanced defense

    A single agent for prevention, investigation, hunting and response reduces your total cost of ownership, simplifies incident handling and minimizes maintenance costs. As a module which can be activated within our world-leading Kaspersky Endpoint Security for Business, Kaspersky EDR for advanced threat discovery, investigation and response to complex incidents is quick and easy to implement.

  • Drives operational efficiency

    Kaspersky EDR reduces the time needed for initial evidence collection, improves endpoint-level telemetry analysis and automates EDR processes, cutting overall response times from hours to minutes. A single web interface enables real-time investigation and provides a historical database overview of activities, even for endpoints which are not already on the network or when data has been encrypted during an attack.

  • Improves security and safeguards privacy

    As an investigation and response tool for complex incidents, Kaspersky EDR is designed to ensure the complete privacy of raw telemetry and critical data/files - all data collection, analysis and storage is performed on-site. This means the security team retains complete control of data - particularly important for organizations who, for regulatory or other reasons, need to ensure that no item of data travels beyond the corporate IT perimeter.

Suitable For

For companies struggling with incident response due to a lack of resources, manual handling and/or insufficient existing technologies, Kaspersky EDR’s integrated solution and single web console provide a full picture of the security scenario to help manage complex threats easily and efficiently.

Kaspersky Anti-Targeted Attack Platform
ICSA Labs: Advanced Threat Defense test (Q1, Q2, Q3, Q4)
Kaspersky Threat Management and Defense
Radicati APT Protection Market Quadrant 2019
Kaspersky Threat Intelligence Services
The Forrester New Wave™: External Threat Intelligence Services, Q3 2018

In Use

  • Integrated Endpoint Protection

    Kaspersky EDR and Kaspersky Endpoint Security for Business share a single endpoint agent - where Kaspersky Lab endpoint protection is already installed, Kaspersky EDR can simply be activated within the existing software agent. No added burden on endpoints, no added management and maintenance costs – just the knowledge that your workstations and servers are fully protected against the most advanced threats and targeted attacks. Our integrated approach to endpoint protection automatically prevents common threats while providing endpoint controls, supporting the advanced detection and prioritization of complex attacks, enabling a detailed investigation and an effective response to incidents.

  • Enhanced investigation process cycle

    Kaspersky EDR enables the ongoing monitoring and visualization of every investigative stage, with fast access to data, even where compromised workstations are inaccessible or data has been encrypted by hackers. The investigation process is enhanced with threat hunting, IoC scanning and correlating events to unique Indicators of Attack (IoAs) provided by Kaspersky Lab, while mapping to MITRE ATT&CK helps identify the tactics and techniques used by cybercriminals. Enabling your security specialists to understand the entire sequence of intruder actions as part of a mature investigation process  increases the volume and quality of incident processing, helping them to respond appropriately - and fast!

  • Centralization for a faster, more accurate response

    Quality and speed of incident response are KPIs commonly applied to today’s Information Security Departments.  By centralizing incident management across all the endpoints on your corporate network, Kaspersky EDR provides a seamless workflow. A single interface for monitoring, investigation and response means security tasks can be performed more effectively and efficiently – with no flipping between multiple tools and consoles. Incident response across distributed infrastructures is supported through centralized and automated actions, all helping to streamline the work of your security team.  No costly additional resources needed, no more expensive downtime and no lost productivity.


Premium Support

Professional help is available whenever you need it. Operating in more than 200 countries, from 34 offices worldwide, we have you covered 24/7/365. Take advantage of our Premium support packages, or call on our Professional Services to ensure that you derive maximum benefit from your Kaspersky Lab security installation.

The Threats

Kaspersky Endpoint Detection and Response is a specialized, unified protection solution for cybersecurity experts and enterprise SOC teams that helps enterprises deal with security challenges:

  • Scan

    Slow detection, investigation and response times lead to business disruption

  • Scan

    Attacks on the supply chain as well as from trusted sources can easily penetrate the corporate perimeter

  • Scan

    A lack of centralized, correlated context hinders visibility and can allow incidents to go undetected by corporate security

  • Scan

    Non-malware attacks, like social engineering and credential theft, are hidden from traditional security solutions based on malicious patterns detection

  • Scan

    Manual or non-specialized IT-related responses to issues like reimaging, blacklisting, broken connections, etc. as a result of an incident are ineffective without the rich functionality of EDR

  • Scan

    Highly motivated cybercriminal gangs use unique and previously unknown methods against enterprises protected by traditional, widely used prevention technologies

Let’s start the conversation! To talk to one of our experts about how True Cybersecurity can inform your corporate security strategy. Get in touch!

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close