Press release

Kaspersky EDR and Kaspersky Anti Targeted Attack Enhanced Features to Empower and Simplify Threat Investigation Process

Sponsored by Businesswire

today announces the latest versions of Kaspersky EDR and Kaspersky Anti
Targeted Attack, which offer new features that simplify the
investigation process and enhance threat hunting. A recently added
database of Indicators of Attack (IoAs), maintained by Kaspersky’s
expert threat hunters, helps to deliver additional context during
investigation of cybercriminal activities. In addition, IoAs are now
mapped to the MITRE ATT&CK knowledge base for further analysis of
adversaries’ tactics, techniques and procedures. These key improvements
help enterprises investigate complex incidents faster.

Cyber incidents relating to complex threats can have a significant
impact on business. The cost of response and process recovery, the need
to invest in new systems or processes, the effect on availability and
the damage to reputation all adds up. Today, organizations need to
consider not only the growing number of widespread malicious programs,
but also the increase in complex advanced threats that are targeting
them. Kaspersky helps to solve this issue with the next generation of
Kaspersky EDR and Kaspersky Anti Targeted Attack platform.

Using Indicators of Attack to boost the investigation process

Kaspersky EDR and Kaspersky Anti Targeted Attack include functionality
to check for Indicators of Compromise (IoCs), such as hash, file name,
path, IP address, URL, etc., which show that an attacker has struck. In
addition to search for IoCs, new capabilities with IoAs provide an
opportunity to identify the intruders’ tactics and techniques,
regardless of the malware or legitimate software used in the attack. To
simplify the investigation process when examining telemetry from
multiple endpoints, events are correlated with a unique set of IoAs from
Kaspersky. Matched IoAs show up in the user interface with detailed
descriptions and recommendations on the best way to respond to the

Customers can produce their own set of IoAs based on their internal
experience, knowledge of the most significant threats and their specific
IT environment. All new events are automatically mapped in real time
with the internal database of custom IoAs, enabling the immediate
creation of informed response actions and long-term detection scenarios,
according the specifics of the protected infrastructure.

Mapping to the MITRE ATT&CK knowledge base

Together, Kaspersky EDR, Kaspersky Anti Targeted Attack and MITRE ATT&CK
– a globally-accessible knowledge base of adversary tactics and
techniques based on real-world observations – enable companies to
validate and investigate incoming incidents more efficiently. Discovered
threats are automatically mapped to the knowledge base, immediately
contextualizing the new events with external intelligence and attack
technique data. Having a deeper understanding into an attack reduces
future risks and helps security teams cut the time taken to analyze and
respond to threats.

The enhanced functionality is also available for organizations that
offer cybersecurity monitoring and management. The new multi-tenancy
architecture allows Managed Security Services Providers (MSSPs) to
protect the infrastructure of multiple clients at the same time.

“Professional cybercriminals can reside without detection on trusted
objects, exploit zero-day vulnerabilities, use legitimate software,
compromised accounts, unique software, or social engineering techniques
or exploit insiders. That’s why it is essential not to rely exclusively
on the evidence left by malefactors, but to search for potential traces
of their activity. To help organizations solve this issue, we translated
Kaspersky’s expertise into a set of IoAs and mapped them with MITRE
ATT&CK. With more information and understanding of a malefactor’s
intentions, companies will be able to react to complex threats faster,”
comments Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky.

Find out more about the new releases of Kaspersky
Endpoint Detection and Response
and Kaspersky
Anti Targeted Attack
on the official Kaspersky website.

About Kaspersky
Kaspersky is a global cybersecurity company
founded in 1997. Kaspersky’s deep threat intelligence and security
expertise is constantly transforming into innovative security solutions
and services to protect businesses, critical infrastructure, governments
and consumers around the globe. The company’s comprehensive security
portfolio includes leading endpoint protection and a number of
specialized security solutions and services to fight sophisticated and
evolving digital threats. Over 400 million users are protected by
Kaspersky technologies and we help 270,000 corporate clients protect
what matters most to them. Learn more at