Contents
About Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Expert (also referred to as Kaspersky EDR Expert) is a cloud solution designed to protect an organization's IT infrastructure from complex cyberthreats.
An on-premises Kaspersky Endpoint Detection and Response solution is available as part of Kaspersky Anti-Targeted Attack Platform.
The solution combines automatic threat detection with the ability to respond to these threats to resist complex attacks, including new exploits, ransomware, fileless attacks, and methods that use legitimate system tools.
Kaspersky Endpoint Detection and Response Expert monitors and analyzes threat progressing, and provides security officers or administrators with information about possible attacks to facilitate a timely manual response, or performs the predefined automated response measures. It provides functionality for developing custom rules and threat hunting.
Kaspersky Endpoint Detection and Response Expert solution is not available in the United States or to U.S. persons. When non-U.S. persons are temporarily in the United States, it is required to suspend the use of Kaspersky EDR Expert on their assets.
Supported Kaspersky applications
Kaspersky Endpoint Detection and Response Expert supports the following versions of Kaspersky applications:
- Kaspersky Security Center Cloud Console
- Kaspersky Security Center Network Agent 13.2.2
- Kaspersky Endpoint Security for Windows 11.8 or later
For details about hardware and software requirements, please refer to the Hardware and software requirements sections in the following Kaspersky Endpoint Security for Windows and Kaspersky Security Center Cloud Console documentation.
Please note that Kaspersky Managed Detection and Response (MDR) and Kaspersky Endpoint Detection and Response Expert can not be used simultaneously.
You can not use the Kaspersky Endpoint Detection and Response Expert functions in Kaspersky Security Center Cloud Console when you are working with a Virtual Administration Server. In this case, Kaspersky Endpoint Detection and Response Expert features are hidden in Kaspersky Security Center Cloud Console. Switch to the parent Administration Server (not virtual) to use Kaspersky EDR Expert functions.
Page topArchitecture of Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Expert includes the following components:
- that support Kaspersky Endpoint Detection and Response Expert functionality and are installed on separate in the organization IT infrastructure. These applications continuously monitor the processes running on protected devices, open network connections and the files being modified.
- Solution for centralized network security management (Kaspersky Security Center Cloud Console).
- Kaspersky Security Center Network Agent which enables interaction between the administration server and Kaspersky applications that are installed on a specific network node (workstation or server).
- Threat Intelligence:
- Kaspersky Security Network (KSN) infrastructure of cloud services that provides access to the online Kaspersky Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms. For Kaspersky Endpoint Detection and Response Expert functioning, Kaspersky Private Security Network (KPSN) is used that sends data to regional servers without submitting data to KSN from their assets.
- Integration with Kaspersky Threat Intelligence Portal platform, which contains and displays information about the reputation of files and URLs.
- Kaspersky Threats database.