Glossary

Alert

An event in the organization's IT infrastructure that was marked as unusual or suspicious and that may pose a threat to the security of the organization's IT infrastructure.

Asset

A device with an installed Kaspersky EPP application (for example, Kaspersky Endpoint Security for Windows).

Endpoint Protection Platform (EPP)

An integrated system of complex protection for endpoint devices (for example, mobile devices, computers, or laptops) that includes various security technologies. An example of an Endpoint Protection Platform is Kaspersky Endpoint Security for Business.

EPP application

An application included in a protection system for endpoint devices (

Event

Any significant occurrence in the system, an application or managed devices that requires a user to be notified.

Incident

An activity evaluated as critical by the detection technology and which requires immediate reaction from Kaspersky Endpoint Detection and Response.

IOA

An indicator of attack (or IOA) is the description of suspicious behavior of objects in an organization's IT infrastructure, which can be a sign of attack targeted at this organization.

IOA rule

A rule containing the description of a suspicious activity in the system that could be a sign of a targeted attack.

IOC

An indicator of compromise (or IOC) shows the evidence on a device that points to a security breach.

MITRE tactic

The objective that an attacker wanted to achieve during a cyber attack on the Client infrastructure.

MITRE technique

The method used by the attacker to perform malicious actions during a cyberattack on the Client infrastructure. Each MITRE tactic contains an array of MITRE techniques.

Response

Incident response is a structured methodology for handling security incidents, breaches, and cyberthreats.

Telemetry

Data that is sent from assets to Kaspersky Endpoint Detection and Response.

Tenant

A tenant is an organization to which you supply Kaspersky Endpoint Detection and Response.