Kaspersky introduces integrated EDR solution for broader market

Kaspersky Integrated Endpoint Security relies more on automation than their more upmarket Kaspersky Threat Management and Defense, which is for customers with SOCs.

Rob Cataldo, Managing Director for Kaspersky North America

Kaspersky has extended their Kaspersky Endpoint Security for Business  solution with a new bundled offering, Kaspersky Integrated Endpoint Security. It enhances  Endpoint Security for Business  with Cloud Management Console, with two new solutions, Kaspersky Endpoint Detection and Response Optimum [EDR Optimum]  solution, and Kaspersky Sandbox.

Kaspersky already serves the EDR market with their Kaspersky Threat Management and Defense solution, which they introduced in 2018. That is a very different kind of solution, however. Kaspersky Threat Management and Defense is aimed at the higher end of the market, which has sophisticated SOC management capabilities that can leverage the tool’s full capabilities, Kaspersky EDR Optimum is aimed at a different part of the market.

“Unlike Threat Management and Defense, which was a brand new best-in-class offering around the high end segment of the market, this is an enhancement of our traditional Endpoint Security for Business,” said Rob Cataldo, Managing Director for Kaspersky North America. “EDR Optimum is a brand new offering which is completely different in terms of the target market, and the degree of skill required to manage it. EDR Optimum is not less effective, but it has a lot of automation built into it. It doesn’t give as much information as Threat Management and Defense, but it does give root cause analysis to see if there are any configuration changes that can better mitigate or prevent bad things from happening. It’s aimed at administrators rather than at SOC analysts. It provides the visibility that shows them what happened and what they can do about it, and it provides an automated response around indicators of specific threats.”

Here’s how that process works. If Kaspersky Endpoint Security for Business finds a suspicious file it cannot definitively categorize as malicious, it sends it to Kaspersky Sandbox, which automatically runs the risky file in an isolated environment to make it reveal its malicious behavior or character. Its verdict can then be further enriched with analytics on the file performed by Kaspersky EDR Optimum. Response actions though EDR Optimum include isolating an endpoint with potential malware or quarantining a suspicious file.

The target market for the new solution covers everything from SMBs to the enterprise, but Cataldo said that it’s the security profile rather than the size of the company that matters.

“Think of profiles of organizations rather than the size,” he said. “It’s about their security priorities and risk management profile. The EDR market was originally around Advanced Persistent Threats [APTs] that used unknown tactics. This is what EDR Advanced in Kaspersky Threat Management and Defense was built for, and it requires a dedicated and specialized skill set. However, the EDR market has evolved to provide more prevention capability, as well as to appeal to customers who weren’t as honed in on APTs. This new solution is for that broader audience from SMB through the small enterprise.”

Cataldo said that in this part of the market, where Kaspersky has played for years, they have an advantage over the EDR players coming down from the high end, particularly because they are more familiar with the type and extent of automation this part of the market wants.

Kaspersky Integrated Endpoint Security will go to market through a broad selection of Kaspersky partners.

“It’s available to our traditional channel resellers, but we have also taken good strides to make it available to MSPs and MSSPs who want to deliver it through their business model,” Cataldo said.

“Loyal Kaspersky partners with an existing database of customers have reason to reach out and have a new Kaspersky conversation about extending their traditional endpoint production,” Cataldo added. “For newer partners, because there has been disruption in the anti-malware space – and some downsizing – relationships have been severed, which opens up new windows to have different conversations about different vendors with their customers.”

Leave a Reply

Your email address will not be published. Required fields are marked *