Architecture of Kaspersky Endpoint Detection and Response Expert
Architecture of Kaspersky Endpoint Detection and Response Expert
March 20, 2024
ID 220121
Kaspersky Endpoint Detection and Response Expert includes the following components:
- EPP applications that support Kaspersky Endpoint Detection and Response Expert functionality and are installed on separate assets in the organization IT infrastructure. These applications continuously monitor the processes running on protected devices, open network connections and the files being modified.
- Solution for centralized network security management (Kaspersky Security Center Cloud Console).
- Kaspersky Security Center Network Agent which enables interaction between the administration server and Kaspersky applications that are installed on a specific network node (workstation or server).
- Threat Intelligence:
- Kaspersky Security Network (KSN) infrastructure of cloud services that provides access to the online Kaspersky Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms. For Kaspersky Endpoint Detection and Response Expert functioning, Kaspersky Private Security Network (KPSN) is used that sends data to regional servers without submitting data to KSN from their assets.
- Integration with Kaspersky Threat Intelligence Portal platform, which contains and displays information about the reputation of files and URLs.
- Kaspersky Threats database.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.
