18 March 2021 (MY) – Kaspersky faces greater competition in China market, it needs to continuously develop innovative market cooperation models and establish a healthy security ecosystem, striving to provide security products and services that meet the demands of the China market.
At the same time, today’s rapidly changing information technology and cybersecurity environment requires enterprises and organizations to respond to more cybersecurity challenges with limited resources. Many customers in China lack security technology capabilities to fully utilize the capabilities and benefits of Endpoint Detection and Response (EDR) products, so security vendors need to help enterprises overcome the challenges of time and human resources, and help them effectively respond to evolving cybersecurity challenges through automated detection and response.
Kaspersky’s team consists of more than 4,000 highly-qualified specialists. An elite group of more than 40 security experts from our Global Research and Analysis Team (GReAT) operate all around the world and provide leading threat intelligence and research.
In terms of cybersecurity products and services, Kaspersky is building a security ecosystem based on infrastructure-level security products, including industrial networks, enterprise networks, endpoints, mobile and cloud infrastructures. It integrates Kaspersky’s products into a robust cybersecurity platform that automates investigation and response, and significantly reduces the average detection time (MTTR) and average response time (MTTD) of the enterprise. The security ecosystem is constantly evolving and improving, and will eventually enable the SOC to automate incident response workflows using multiple scenario response scripts, where each step can be fully automated, or one-click execution can be set directly within the platform.
Kaspersky Endpoint Detection and Response is an incident investigation and response tool designed to provide full privacy protection for enterprise networks and critical data/files – all data collection, analysis, and storage are performed on-site, manual incident response is provided and automated work modes are implemented to better provide endpoint and forensic capabilities and full visibility for security teams and SOCs.
Kaspersky Endpoint Detection and Response shares the same agent as Kaspersky’s enterprise endpoint security products – Kaspersky Endpoint Security for Business, which eliminates additional management and maintenance costs for customer endpoints and ensures that customers’ workstations and servers are fully protected from advanced threats and targeted attacks. Kaspersky endpoint security solutions provide automatic prevention of most common threats, as well as endpoint control, support for advanced detection and prioritization of complex attacks, and support for detailed investigation and effective response to incidents. Kaspersky Endpoint Detection and Response provides a unified overview platform for security personnel. All functions can be monitored and controlled from a single console without switching between different tools and consoles and effectively enhancing the work efficiency of enterprise security teams.
Kaspersky Endpoint Detection and Response can be integrated with Kaspersky endpoint Security product Kaspersky Endpoint Security for Business, Kaspersky Anti-Targeted Attack Platform, Kaspersky Sandbox and other solutions to enhance traditional endpoint security services and enable advanced threat detection and prevention, bring great benefits to enterprise including lowering cost, increasing return on investment and reducing the risk of being attacked.
To avoid risks of getting attacked, Alvin Cheng, General Manager of Greater China, Kaspersky Asia Pacific Region shares the following advice:
- To provide “blind spot” free visibility and centralized response, Endpoint Detection and Response (EDR) needs to be integrated with the Endpoint Protection Platform (EPP). Enhancing cybersecurity capabilities should be a step-by-step process. Once an enterprise can detect a malicious object using an endpoint protection solution, it can extend existing technology to enable it to understand its source and search for such threats on other workstations.
- If the EDR solution can be integrated smoothly with existing endorsement security solutions in a centralized manner, it can reduce the time required for deployment. So, before purchasing a product, ask if the product supports turnkey integration with EPP
- If your company has a limited number of employees responsible for security, make sure the EDR solution you choose provides good visibility and automation without overwhelming professionals with irrelevant information. All events should be easily accessible from a single console, and attack spread paths should be visualized to simplify threat analysis. Automated indicators of compromise (IOC) searching and incident response can speed up work and increase employee productivity.
“Endpoint security has always been an important link in the overall cybersecurity protection system of an enterprise. As the pace of enterprise digital transformation continues to accelerate, the boundaries of enterprise networks are becoming increasingly blurred and the difficulty of network security protection continues to increase. As an important supplement to traditional endpoint security protection products, EDR effectively compensates for the lack of function of traditional antivirus software with its continuous monitoring and analysis of endpoint security. It has attracted wide attention from technology providers and tech buyers worldwide, and has become an important driving force for the continuous growth of the endpoint security market. ——IDC China Network Security Market Research Manager Zhao Weijing said.