Asiatic Fiber Corporation

Hi THask: Thank you for your reply tovaritch.😀

Hi friends: I have read the following online help about indicators of compromise: https://support.kaspersky.com/KESWin/11.7.0/en-US/213408.htm Hi Kaspersky: We have Kaspersky EDR optimum which let us add IoC from security center. I have questions: 1. If KES can detect and block a certain malicious code or activity. Do we need to add it to IoC? 2. What's the difference between KES block and IoC block? In my opinion, if a certain malicious code is found by our team but KES has not detect it, we should add IoC in our organization so it will be blocked ASAP. If we wait until KES block, it will casue some damage. Also, some activities is not KES responsibilities like "unsuccessful attempts to sign in". These suspicious activities should be blocked by people. Is this true?

Thank you so much for the reply ElvinE5. The explanation is very clear and clarify my concept. These advises help me discuss with our local partner.😀

Hi Kaspersky: We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution. Next year we want one platform to monitor every endpoint security status. 1. Kaspersky XDR I have read the datasheet of XDR. It seems like an unified platform to monitor everything. In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR. My questions are: 1. Is XDR a basic KATA or just KUMA system? 2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"? 2. KATA Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR. But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response. My question is: 1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly. Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version. They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us. Thank you.