Asiatic Fiber Corporation Posted November 30, 2023 Share Posted November 30, 2023 (edited) Hi Kaspersky: We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution. Next year we want one platform to monitor every endpoint security status. 1. Kaspersky XDR I have read the datasheet of XDR. It seems like an unified platform to monitor everything. In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR. My questions are: 1. Is XDR a basic KATA or just KUMA system? 2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"? 2. KATA Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR. But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response. My question is: 1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly. Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version. They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us. Thank you. Edited November 30, 2023 by Asiatic Fiber Corporation misspelling correction Link to comment Share on other sites More sharing options...
Solution ElvinE5 Posted December 1, 2023 Solution Share Posted December 1, 2023 Let me try to explain ... all of the following is my personal opinion and may not coincide with the opinion of the company :)))) To begin with, we should keep in mind that the concept of XDR is not a specific product .... it is an approach to the organization of information security of a company, using a variety of tools and techniques, and training of personnel. In the concept of XDR laboratory puts a set of its products that are able to integrate with each other helping to comprehensively protect the customer from the maximum number of threats, and give him the best tools to detect and eliminate threats. However, it is also necessary to realize that all these tools and technologies will be useless without people capable of managing them (and this applies to any vendor). As far as I understand ... you've been researching this information - https://support.kaspersky.com/xdr-expert/247185 In the future, this platform will have to combine the ability to manage all products deployed within your corporate network from a single center. As the core of the entire system, the company highlights the KUMA solution (it's SIEM), which is able to collect events from any objects within your network, correlate them, and represent events that occurred in different parts of the network as a single event (an attack, for example), it will be an indistinguishable part of the full XDR. However, as we said earlier XDR is a set of components ... for example a KATA+KEDR bundle - this could also be called XDR. you can analyze different types of raw traffic, mail, internet gateways, as well as events received from EPPs, while having its own sandbox to analyze new and unknown threats, response and investigation tools .... a large, complex and incredibly interesting complex. As for the comparison ... I looked at the concept on the home page. Спойлер you can compare this to the concept of a three-tiered approach to implementing lab protection. https://www.kaspersky.com/enterprise-security#overview Спойлер I think many companies will have solutions that allow them to manage all aspects of defense from a single console. regarding the choice of future solutions for you and your company I would like to show the following slide for better understanding ... I apologize for the quality of the picture Спойлер vertically indicates the total cost of the system, horizontally the maturity of the IT infrastructure and the availability of specialists - on the left are basic IT specialists, in the middle is a dedicated Information Security department, on the right is SOC, CERT, etc. Since you now have two engineers, purchasing large, complex solutions will probably be problematic for you. We now have an optimal set that allows you to protect your company and conduct basic investigations and respond to incidents. As a recommendation - to enhance protection, you can purchase the Sandbox component using your existing tools (this is not the same as what is used in KATA) - https://support.kaspersky.com/KSB/2.0/en-US/223822.htm this is a separate solution that will allow you to counter new and unknown threats, and it will not take much of an engineer’s time since it works practically in automatic mode for example, this solution is included in the package - Kaspersky Total Security for Bussines - Plus You'll get ... Protection for EPP EDR (Optimum) functionality Sandbox 2.0 + Mail protection + Protection of Internet gateways + Extended technical support You will also have to purchase a license for MDR separately. In any case, contact your local partner... for detailed product information. 2 Link to comment Share on other sites More sharing options...
Asiatic Fiber Corporation Posted December 2, 2023 Author Share Posted December 2, 2023 Thank you so much for the reply ElvinE5. The explanation is very clear and clarify my concept. These advises help me discuss with our local partner.😀 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now