KSC vs EDR

[xpreme]

Hi,

 

    I have KSC 15 in my workplace. I have been using KES4B Advanced license so far. Now our SOC team needs EDR (or XDR) capabilities. In case I purchase a new NEXT EDR or XDR license, is there another dedicated management console or it will be part of KSC?

 

Thanks

[Tahmeed702]

11 hours ago, xpreme said:

Hi,

 

    I have KSC 15 in my workplace. I have been using KES4B Advanced license so far. Now our SOC team needs EDR (or XDR) capabilities. In case I purchase a new NEXT EDR or XDR license, is there another dedicated management console or it will be part of KSC?

 

Thanks

When you purchase Next EDR Foundation or EDR Optimum, the Management Console will be the same as before: KSC for Windows. If you purchase Next XDR Optimum, the KSC deployment will be in Linux, or you can use the KSC Cloud Console (Expert View). If you purchase XDR Expert, you must also deploy OSMP (Open Single Management Platform) for XDR and KUMA for SIEM, which must be integrated with KSC.

Regards

Ahnaf Tahmeed

[xpreme]

Hi. 

Thanks @Tahmeed702

[xpreme]

Hi @Tahmeed702

 

    What about Next EDR Expert? 

Thanks

[Tahmeed702]

3 hours ago, xpreme said:

Hi @Tahmeed702

 

    What about Next EDR Expert? 

Thanks

Kaspersky Next EDR Expert requires 3 Bare-Metal for deploying KSC Server , KATA Server and Sandbox Server .

A KATA (Kaspersky Anti-Targeted Attack Platform) deployment schema typically follows a tiered architecture designed to capture, analyze, and manage security data. Integrating it with Kaspersky Security Center (KSC) centralizes the management of the endpoint-side components.

1. KATA Deployment Schema (Components)

The core architecture consists of three functional layers:

• Sensor Layer: Captures raw data.

  • Network Sensors: Receive mirrored traffic (SPAN/TAP) or web/email traffic (via ICAP/SMTP).

  • Endpoint Sensors: Lightweight agents (or built-in components of Kaspersky Endpoint Security) that send telemetry (process starts, file changes, etc.) to the Central Node.

• Processing Layer (Central Node & Sandbox):

  • Central Node: The "brain" that aggregates data from all sensors and performs behavioral analysis.

  • Sandbox: An isolated VM where suspicious files are executed to observe their behavior safely.

• Management Layer: The Web Interface used by security analysts for threat hunting and incident response.

---

2. Integration with KSC (Kaspersky Security Center)

Integration with KSC is used to manage the Endpoint Sensors across your 3000+ workstations efficiently.

• Policy Management: You don't configure each workstation individually. Instead, you create a KATA Integration Policy in KSC. This policy tells the endpoints:

  • Which Central Node IP/Port to send data to.

  • Which Certificate to use for the encrypted connection.

• Deployment: KSC acts as the distribution point. You use KSC to push the "Kaspersky Endpoint Agent" or enable the "EDR Sensor" component within the existing Kaspersky Endpoint Security (KES) installation.

• Task Control: You can run remote "IOC Scans" (Indicators of Compromise) from the KSC console across all 4000 workstations simultaneously based on alerts found in KATA.

• License Management: KSC distributes the KATA/EDR licenses to the workstations.

Summary of Traffic Flow

1. Workstations → (Telemetry) → KATA Central Node.

2. KSC → (Policies/Settings) → Workstations.

3. KATA Central Node ↔ (Event/Alert sharing) ↔ KSC (Optional, for centralized dashboarding).

Kaspersky Next EDR Expert and NDR License can be implemented using KATA Platfrom

Regards

Ahnaf Tahmeed