Kaspersky Endpoint Detection and Response Optimum is a solution for protecting an organization's IT infrastructure from threats such as exploits, ransomware, fileless attacks, and legitimate system tools used by attackers to compromise devices or data.
Kaspersky Endpoint Detection and Response Optimum monitors and analyzes the evolution of threats, and provides information about a potential attack to a security officer or administrator, helping them perform response actions in a timely manner.
Kaspersky Endpoint Detection and Response Optimum uses the following Threat Intelligence tools:
Kaspersky Endpoint Security 12.3 for Linux is compatible with Kaspersky Endpoint Detection and Response Optimum version 3.1.
When interacting with Kaspersky Endpoint Detection and Response Optimum, Kaspersky Endpoint Security can:
Integration of Kaspersky Endpoint Security with the Kaspersky Endpoint Detection and Response Optimum solution is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response Optimum (EDR Optimum).
To use Kaspersky Endpoint Detection and Response Optimum functionality, you need to activate the EDR Optimum component. If the main license under which you are using Kaspersky Endpoint Security does not include the Kaspersky Endpoint Detection and Response Optimum functionality, you need to purchase a separate license for this functionality and add the EDR Optimum license key to the application.
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent) by adding license keys to SVMs.
Integration with Kaspersky Endpoint Detection and Response Optimum involves the following steps:
Make sure that the following components of Kaspersky Endpoint Security are enabled and working:
You can also enable execution prevention for objects.
Make sure that Kaspersky Security Network is enabled in standard or extended mode.
For the most effective operation of Kaspersky Endpoint Detection and Response Optimum, we recommend the extended Kaspersky Security Network mode.
Make sure one of the following conditions is satisfied:
If you are using Kaspersky Endpoint Security in Light Agent mode to protect virtual environments, you need to add the license key for activating the additional functionality to SVMs.
The Kaspersky Endpoint Detection and Response Optimum administration plug-in is a unified plug-in for managing agents on Windows, Mac, and Linux operating systems; the plug-in is necessary to display and view alert details.
By default, EDR Optimum is disabled. You can enable or disable the component and manage integration settings:
Managing the EDR Optimum component using Kaspersky Security Center Administration Console is not supported.
You can check the status of the EDR Optimum component:
The Endpoint Detection and Response Optimum component has been added to the list of Kaspersky Endpoint Security components. For detailed information about reports, please refer to the Kaspersky Security Center Help.
To use all functionality of Kaspersky Endpoint Detection and Response Optimum, you must configure the following:
The Show EDR alerts setting not available in a Web Console version earlier than 15.1.