Simple protection against complex attacks

103

It is quite logical to approach a company that only makes sense when the potential profit outweighs the costs of its organization. Until recently, cybercriminals guarded their know-how against competition just as trade secrets are protected. Advanced attack tools were not widely available, but were sometimes sold on the black market – but their price was often exorbitant. Truly sophisticated attacks were aimed only at large companies or government agencies. For this reason, small and medium-sized companies have concluded that they are satisfied with protection against mass threats.

However, trends have changed; complex attack tools now appear periodically – sometimes in the public domain, sometimes in the open market. Malware authors increasingly borrow their malicious programs on a service basis , and cybercriminal groups have united in some kind of cartels. As a result, the cost of organizing an attack decreases, as does the break-even point, thanks to which cybercriminals can afford to attack even the SME sector using quite complex tools.

As long as the threats to the employee are limited to his carelessness or the inability to recognize spam messages with malware attached, traditional endpoint protection solutions may indeed prove sufficient. But now that you know that literally any company can target a more serious attack, a new approach is needed. Attackers can attack the supply chain, remain hidden in the victim’s infrastructure for many years, spy on them and exploit zero-day vulnerabilities and malicious tools operating in the form of supposedly legitimate software.

Corporations use completely different tools to protect against such threats – most often Endpoint Detection and Response (EDR) solutions. However, generally, such platforms require either their own full-fledged security operations center or an appropriate team of information security professionals. Not every company can afford to hire so many members of the IT security department.

However, this does not mean that the company’s infrastructure is doomed to lack protection. We came up with a different approach to endpoint protection, which includes an integrated EPP and EDR platform and additional tools. The result is an automated solution that can protect against both massive and advanced attacks.

New here is the Kaspersky Endpoint Detection and Response Optimum component. In our product line, it bridges the gap between the fully automated Kaspersky Endpoint Security for Business solution and the comprehensive solution for corporations, protecting against targeted attacks and APT – Kaspersky EDR. Kaspersky EDR Optimum enables basic EDR scenarios that many companies use, as well as infrastructure visibility, incident analysis and response capabilities.

As a result, the solution quickly identifies the root source of the problem, assesses the true scale and source of an attack, and ensures that automatic response actions are taken on all workstations. This in turn minimizes any damage and ensures the continuity of business processes.

It’s also worth noting that our new product is easy to use. It does not require much experience from the user, and due to the high degree of automation, it requires much less attention and routine activities than classic EDR protection solutions. These key elements enable small businesses to build protection against complex threats without spending a lot of resources or changing processes.

Depending on the functionality your business needs, our integrated solution may include additional tools for protecting mail servers and Internet gateways, as well as Kaspersky Sandbox, an advanced tool for checking suspicious objects in an isolated environment. This allows you to automatically block advanced, unknown and complex threats without involving additional resources, reducing the burden on your IT department.