Kaspersky Next EDR Expert

Kaspersky Next EDR Expert is based on our most tested, most awarded EPP solution, providing a firm foundation and automatically handling the vast majority of alerts so analysts are freed-up to focus on tasks that really require their attention and expertise.

Our multi-layered approach to detection with advanced technologies protects against complex threats, extended attacks using unknown malicious code, compromised accounts, fileless methods, open source software and suspicious actions.

• IoC-based discovery
• IoA analysis empowered by MITRE ATT&CK mapping
• Automated threat intelligence — Kaspersky (Private) Security Network
• YARA rules (fully customizable)
• Sandbox analysis of suspicious objects
• Cloud ML for APK file analysis
• Verification of digital certificates
• External threat intelligence
cooperation

Kaspersky Next EDR Expert continuously collects telemetry and sends it to centralized cloud or on-prem storage, so that retrospective data can be quickly accessed during incident investigations. This is critical when compromised endpoints are inaccessible or their data has been encrypted by cybercriminals. The solution supports your IT security team as they carry out detailed incident investigations with access to the Kaspersky Threat Intelligence Portal and automatically enriched detections matched to the MITRE ATT&CK knowledge base. Your team can create complex queries to search for atypical and suspicious behavior, for specific techniques in MITRE ATT&CK, and for other signs of malicious activity based on the specifics of your infrastructure.

Fast, powerful and effective threat containment and incident resolution across distributed infrastructures is supported through centralized and automated actions, helping to streamline your IT security team’s work. No need for additional resources, no more expensive downtime and no lost productivity. Depending on the situation, there is always a choice between automatic and guided responses.