Kaspersky Endpoint Detection and Response Optimum Integration

Kaspersky Endpoint Detection and Response Optimum is a solution for protecting an organization's IT infrastructure from threats such as exploits, ransomware, fileless attacks, and legitimate system tools used by attackers to compromise devices or data.

Kaspersky Endpoint Detection and Response Optimum monitors and analyzes the evolution of threats, and provides information about a potential attack to a security officer or administrator, helping them perform response actions in a timely manner.

Kaspersky Endpoint Detection and Response Optimum uses the following Threat Intelligence tools:

Kaspersky Endpoint Security 12.3 for Linux is compatible with Kaspersky Endpoint Detection and Response Optimum version 3.1.

When interacting with Kaspersky Endpoint Detection and Response Optimum, Kaspersky Endpoint Security can:

Integration of Kaspersky Endpoint Security with the Kaspersky Endpoint Detection and Response Optimum solution is facilitated by a Kaspersky Endpoint Security component: Endpoint Detection and Response Optimum (EDR Optimum).

To use Kaspersky Endpoint Detection and Response Optimum functionality, you need to activate the EDR Optimum component. If the main license under which you are using Kaspersky Endpoint Security does not include the Kaspersky Endpoint Detection and Response Optimum functionality, you need to purchase a separate license for this functionality and add the EDR Optimum license key to the application.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent) by adding license keys to SVMs.

Integration with Kaspersky Endpoint Detection and Response Optimum involves the following steps:

  1. Enabling required components of Kaspersky Endpoint Security

    Make sure that the following components of Kaspersky Endpoint Security are enabled and working:

    You can also enable execution prevention for objects.

  2. Enabling threat analysis tools

    Make sure that Kaspersky Security Network is enabled in standard or extended mode.

    For the most effective operation of Kaspersky Endpoint Detection and Response Optimum, we recommend the extended Kaspersky Security Network mode.

  3. Activating the EDR Optimum component

    Make sure one of the following conditions is satisfied:

    • You are using Kaspersky Endpoint Security under a license that includes the Kaspersky Endpoint Detection and Response Optimum functionality.
    • You have purchased a separate license for using the Kaspersky Endpoint Detection and Response Optimum functionality and added the EDR Optimum license key to the application.

      If you are using Kaspersky Endpoint Security in Light Agent mode to protect virtual environments, you need to add the license key for activating the additional functionality to SVMs.

  4. Installing the Kaspersky Endpoint Detection and Response Optimum administration plug-in

    The Kaspersky Endpoint Detection and Response Optimum administration plug-in is a unified plug-in for managing agents on Windows, Mac, and Linux operating systems; the plug-in is necessary to display and view alert details.

  5. Enabling the EDR Optimum component

    By default, EDR Optimum is disabled. You can enable or disable the component and manage integration settings:

    You can check the status of the EDR Optimum component:

  6. Enabling data transfer to the Administration Server

    To use all functionality of Kaspersky Endpoint Detection and Response Optimum, you must configure the following:

    • Enable sending information about files in Backup and Quarantine to the Kaspersky Security Center storage. To do this, you need to select the following check boxes in the policy properties:
      • About files in Backup
      • About files in Quarantine
    • Allow display of alert list To do this, you can enable the Show EDR alerts toggle switch in the main window of Kaspersky Security Center Web Console under SettingsInterface settings.

      The Show EDR alerts setting not available in a Web Console version earlier than 15.1.

In this section

Enabling or disabling Kaspersky Endpoint Detection and Response Optimum integration

Viewing the Kaspersky Endpoint Detection and Response Optimum integration status

Viewing information about a detected threat and response actions

Page top