Jump to content

Difference between KES block and add IoC by ourselves.


Go to solution Solved by THask,

Recommended Posts

Asiatic Fiber Corporation
Posted

Hi friends:

I have read the following online help about indicators of compromise: https://support.kaspersky.com/KESWin/11.7.0/en-US/213408.htm

Hi Kaspersky:
 
We have Kaspersky EDR optimum which let us add IoC from security center.
I have questions:
 
1. If KES can detect and block a certain malicious code or activity. Do we need to add it to IoC?
2. What's the difference between KES block and IoC block?
 
In my opinion, if a certain malicious code is found by our team but KES has not detect it, we should add IoC in our organization so it will be blocked ASAP. If we wait until KES block, it will casue some damage. Also, some activities is not KES responsibilities like "unsuccessful attempts to sign in". These suspicious activities should be blocked by people.
 
Is this true?
  • Solution
Posted

Hello Asiatic Fiber Corporation,

so far you're right. unsuccessful attempts to sign in could be also real users so this is not detected or blocked by default. Yes if KES with all Components does not detect something maliscious and you find it, it is faster to create an IoC Scan task to block it before anything else is affected. 

IoC is additional for preventing infections with doing actions like isolate Device from network.

 

  • Thanks 1
Asiatic Fiber Corporation
Posted

Hi THask:

Thank you for your reply tovaritch.😀

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...