About Kaspersky Endpoint Detection and Response Optimum

Kaspersky Endpoint Detection and Response Optimum is a solution designed to protect an organization IT infrastructure from complex cyberthreats. The solution functionality combines automatic threat detection with the ability to respond to these threats to resist complex attacks, including new exploits, ransomware, fileless attacks, and methods that use legitimate system tools. The solution is intended for corporate users.

Solution architecture

The solution consists of the following components:

Threat detection

Kaspersky Endpoint Detection and Response Optimum performs review and analysis of the threat development and provides the Security Officer or Administrator with information about a potential attack in order to respond to the threat in a timely manner.

Incident card is a tool for viewing all collected information about a detected threat and for managing response actions. An incident card is displayed in Kaspersky Security Center and may contain, for example, the following information about a detected threat:

Threat development chain graph is a tool for analyzing the reasons of the threat. The graph provides visual information about the objects involved in the incident, for example, about key processes on the device, network connections, libraries, registry hives.

The solution uses the following Threat Intelligence tools for analyzing threats:

Threat response

The threat response functionality provides the following automatic response actions that the application performs when threats are detected:

Additionally, the following actions are available to a Security Officer or an Administrator:

Kaspersky Endpoint Agent functions

As part of Kaspersky Endpoint Detection and Response Optimum solution, Kaspersky Endpoint Agent performs the following actions:

Page top