Jump to content

KES user wants to find one platform to monitor every endpoint: KATA or Kaspersky XDR?


Asiatic Fiber Corporation
Go to solution Solved by ElvinE5,

Recommended Posts

Asiatic Fiber Corporation

Hi Kaspersky:

We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution.
Next year we want one platform to monitor every endpoint security status.

1. Kaspersky XDR
I have read the datasheet of XDR. It seems like an unified platform to monitor everything.
In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR.

My questions are:

1. Is XDR a basic KATA or just KUMA system?
2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"?

2. KATA
Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR.
But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response.

My question is:

1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly.

Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version.
They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us.

Thank you.

Edited by Asiatic Fiber Corporation
misspelling correction
Link to comment
Share on other sites

  • Solution

Let me try to explain ...
all of the following is my personal opinion and may not coincide with the opinion of the company :))))

 

To begin with, we should keep in mind that the concept of XDR is not a specific product .... it is an approach to the organization of information security of a company, using a variety of tools and techniques, and training of personnel.

In the concept of XDR laboratory puts a set of its products that are able to integrate with each other helping to comprehensively protect the customer from the maximum number of threats, and give him the best tools to detect and eliminate threats.

However, it is also necessary to realize that all these tools and technologies will be useless without people capable of managing them (and this applies to any vendor).

 

As far as I understand ... you've been researching this information - https://support.kaspersky.com/xdr-expert/247185

 

In the future, this platform will have to combine the ability to manage all products deployed within your corporate network from a single center. As the core of the entire system, the company highlights the KUMA solution (it's SIEM), which is able to collect events from any objects within your network, correlate them, and represent events that occurred in different parts of the network as a single event (an attack, for example), it will be an indistinguishable part of the full XDR.

However, as we said earlier XDR is a set of components ...
for example a KATA+KEDR bundle - this could also be called XDR.
you can analyze different types of raw traffic, mail, internet gateways, as well as events received from EPPs, while having its own sandbox to analyze new and unknown threats, response and investigation tools .... a large, complex and incredibly interesting complex.

 

As for the comparison ... I looked at the concept on the home page.

Спойлер

.thumb.png.db5064ab0e68d0e872c57986ab0ebe4a.png

you can compare this to the concept of a three-tiered approach to implementing lab protection.

https://www.kaspersky.com/enterprise-security#overview

Спойлер

.thumb.png.7cdc955daa6cb818eab35bfd49e34a0c.png

I think many companies will have solutions that allow them to manage all aspects of defense from a single console.

 

regarding the choice of future solutions for you and your company
I would like to show the following slide for better understanding ... I apologize for the quality of the picture

Спойлер

.thumb.png.c6079b2e52716ace73b36c96e72da3b6.png

vertically indicates the total cost of the system, horizontally the maturity of the IT infrastructure and the availability of specialists - on the left are basic IT specialists, in the middle is a dedicated Information Security department, on the right is SOC, CERT, etc.

Since you now have two engineers, purchasing large, complex solutions will probably be problematic for you. We now have an optimal set that allows you to protect your company and conduct basic investigations and respond to incidents.

As a recommendation - to enhance protection, you can purchase the Sandbox component using your existing tools (this is not the same as what is used in KATA) - https://support.kaspersky.com/KSB/2.0/en-US/223822.htm

this is a separate solution that will allow you to counter new and unknown threats, and it will not take much of an engineer’s time since it works practically in automatic mode

for example, this solution is included in the package - Kaspersky Total Security for Bussines - Plus

You'll get ...

Protection for EPP

EDR (Optimum) functionality

Sandbox 2.0

+ Mail protection

+ Protection of Internet gateways

+ Extended technical support

 

You will also have to purchase a license for MDR separately. In any case, contact your local partner... for detailed product information.

 

  • Thanks 2
Link to comment
Share on other sites

Asiatic Fiber Corporation

Thank you so much for the reply ElvinE5.

The explanation is very clear and clarify my concept.

These advises help me discuss with our local partner.😀

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...