Kaspersky Security for

Enterprise
Our expertise

1/3 of our employees are

R&D specialists 360,000 new malicious files are
detected by Kaspersky every
day
40+ world-leading
security researchers

Threat Research and Global Research and Analysis Teams are strategically located all around the globe,
providing unparalleled depth of analysis and understanding of all kinds of threats.
Our research
Zebrocy

Dugu 2.0 Metel

Darkhotel ProjectSauron DarkTequila

- part 2
StoneDrill
Darkhotel Naikon Adwind

MsnMM Saguaro Shamoon 2.0 MuddyWater

Campaigns
Hellsing Lazarus BlueNoroff
CosmicDuke
Satellite WannaCry
StrongPity Skygofree
Turla
ExPetr/NotPetya
Regin Sofacy Lurk

2014 2015 2016 2017 2018

OlympicDestroyer

Carbanak GCMan ATMitch

Careto / The
Mask Moonlight
Wild ZooPark
Ghoul Maze
Neutron
Desert ShadowPad
Epic Turla Poseidon
Falcons
Blue WhiteBear Hades
Fruity Armor
Termite
BlackOasis
Energetic Bear Equation Danti
/ Crouching
Spring Silence Octopus
Yeti ScarCruft
Dragon
Animal Dropping
Farm Elephant
AppleJeus
Industry trends and challenges
Digital transformation
Autonomous Robots

Big Data Simulation

Augmented Reality System Integration

Industry
4.0

Additive Manufacturing Internet of Things

Cloud Computing Cybersecurity

Trends and threats
All verticals are targets
National economies in general

Business process Undermining Blackmail and

Financial theft Identity theft
manipulation competitors extortion

Telecoms Healthcare Finance Govt Sector

Attacks on corporate clients Espionage

Theft of confidential
Financial theft
Manipulation of mail servers patient information
for social engineering Data manipulation
purposes
Attacks on
telemedicine Identity theft Restricting the availability of
Manipulation of web resources for
equipment online services
phishing purposes

Billing control Identity theft

Cost of a data breach

+1 5 % reats
f t h
xi ty o
ple
Co m

Attacks are Recognize this growth in the

becoming more
sophisticated
number, complexity and financial
and devastating impact of today’s threats – and the
levels of organizational IT security
2017

2018

2019
maturity, security personnel skills
and existing budgets.
Average cost

Start building an effective defense

strategy now!
$ 0,99m $ 1,23m $ 1,41m

Source: IT security economics in 2019, Kaspersky

Lack of skills and awareness

of organizations say they have Cybercrime will more than

triple the number of unfilled

54% security personnel who are

insufficiently trained**
cybersecurity jobs,
which is predicted to reach
3.5 million by 2021

of CISOs consider
35% staff training to be the top priority
for cyber defense*
*FS-ISAC's 2018 Cybersecurity Trends Report
**Surviving the IT Security Skills Shortage, Dark Reading
***Cybersecurity Ventures “Cybersecurity Jobs Report
2018-2021”
The role of Endpoint Security

!
Endpoints are the most

68% v
$8.94m common entry points into an
organization’s infrastructure,
the main target of
cybercriminals, and key sources
of the data needed for effective
investigation of complex
…of organizations have …is the average economic incidents.
been victims of endpoint loss from an endpoint
attacks attack

Source: The Third Annual Study on the State of Endpoint Security Risk by The Ponemon Institute LLC, 2020
A stage-by-stage, endpoint-centric
cybersecurity strategy
Threat types and the expertise required to
counteract them

Mature IT security capability

Targeted attacks
or SOC team

Sophistication Expertise
Evasive
of attacks required
threats IT security

IT
Commodity
threats
Stage-by-stage cybersecurity approach
TARGETED
SOLUTIONS
STAGE
Expert

3
Intelligence Internal Extended Detection External Privacy
Framework Expertise and Response Guidance

TARGETED Mature IT
ATTACKS Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky
security Threat Cybersecurity Anti Targeted Cybersecurity Private Security
Kaspersky capability or Intelligence Training Attack Platform Services Network

Fraud SOC team

Prevention

STAGE
Advanced Detection

2
Visibility and Kaspersky Managed
Optimum Protection response Enrichment Detection and
Response
Framework
Kaspersky
Industrial EVASIVE
Cybersecurity THREATS Kaspersky
Kaspersky Kaspersky
Endpoint Detection and Threat Intelligence
Sandbox
IT security Response Portal
Kaspersky Premium
Support and
Professional
Services

Kaspersky
STAGE
Endpoint Network Data People
for Security
Operations
Center 1 Security
Foundations
BROADER
Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky
THREAT Endpoint Security Hybrid Cloud Security for Security Security Automated Security
LANDSCAPE IT for Business Security Mail Server for Internet for Storage Awareness Platform
Gateway
1
Security
Foundations
• Multi-vector automated prevention of a
large number of possible incidents
caused by commodity threats

• The foundation stage for organizations

of any size and infrastructure
complexity in building an integrated
defense strategy against complex
threats

• Usually sufficient for small enterprises

with IT teams only
AUTOMATICALLY BLOCK THE MAXIMUM
POSSIBLE NUMBER OF THREATS
Single pane of glass security management
Kaspersky Security Center for multiple
workloads management and policy-based Kaspersky
control, delivered as:
• Scalable SaaS offering Security
• Flexible on-premises software Center

SIEM integration Role-based access control

Public cloud (IaaS) Virtual and physical Vulnerability and patch

Mobile device security
server security server infrastructure Containerization Endpoint and VDI management
security security security
 Kaspersky
Endpoint Security for Business The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark
of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner
Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews,
ratings, and data applied against a documented methodology; they neither represent the views of, nor
constitute an endorsement by, Gartner or its affiliates. *All reviews and ratings are current as of
February 12, 2019.

Meets requirements Protects Reduces the number of events

and prevents mistakes – and it scales mixed and complex environments by to free-up time to focus on critical issues

Mitigating the risk from

Alerts admins to potential errors Automated EDR
vulnerabilities & unencrypted PCs

Ensures software licensing compliance Server hardening New SaaS offering

Smooth upgrades between

Prevents risky behavior on endpoints Securing mobile users versions

Unlimited scalability Stopping known TTPs System management

AD instances
cloud/on-premises

On-premises servers
WAN/LAN
Mobile devices Specialist

Roaming and
on-premises hosts
 Kaspersky
Hybrid Cloud Security
Cloud workload Patented architecture Supports Ensures consistent Rich reporting engine Broad and timely
protection: system prevents any adverse compliance with a visibility and control enables ‘continuous guest,
hardening, exploit impact on service levels, wide range of over every part of the audit’ virtualization and
prevention, file integrity system performance or national and infrastructure cloud platform
monitoring and more user experience industry regulations support and native
API integration

Admin

VIRTUAL DATA CENTERS PUBLIC CLOUDS

VDI Virtual VDI

 Kaspersky
Security for Mail Server
Multi-layered ML-based Content filtering Automated anti-spam with All-in-one, ready-to- Dedicated business
anti-malware and anti- safeguards data and reputation and shadow use Secure Mail email compromise
phishing reduces the risk of quarantine Gateway appliance protection
infection

Malicious script Supports Support for Linux and Deeper threat analysis with
detection cloud deployment MS Exchange mail Kaspersky Anti Targeted
servers Attack

Kaspersky
Kaspersky Security for Microsoft
Security Network Exchange Server

Unwanted
malicious email

User

Restricted content
Kaspersky ®

Email Gateway/MTA Mailbox Server transmission Kaspersky

Security for Linux
Endpoint Security
Mail Servers
for Business

Kaspersky
Secure Mail
Gateway
Kaspersky Kaspersky
Anti Targeted Security for
Attack Platform Mail Server
 Kaspersky
Security for Internet Gateway
Multi-layered ML-based Content filtering Malicious SIEM All-in-one, ready-to-use Supports
anti-malware and anti- safeguards data and script integration Secure Web Gateway cloud
phishing reduces the risk of detection appliance deployment
infection

Multitenancy for MSPs Web control reduces Deeper threat analysis

and multi-branch the risks of infection with Kaspersky Anti
businesses and fraud Targeted Attack

Kaspersky
Web Traffic Security Application

Kaspersky Kaspersky
Alert!
Anti Targeted Web Traffic Security Appliance
Attack Platform
Alert!

Alert!

Proxy Server
 Kaspersky
Security for Storage
Multi-layered ML-based On-access and on-demand Remote anti-cryptor for Blocks untrusted NAS, DAS and SAN
anti-malware and anti- scanning selected storage hosts support
phishing

Managed locally or via Integrates using RPC,

Robust protection for Per server or per
Kaspersky Security Center ICAP(S) and CAVA
Windows Server used to connected user licensing
access DAS/SAN

NAS File Request

CIFS

User Clean File

Directly-Attached
Network-Attached Storage(DAS) or
Storage(NAS) Storage Area Network(SAN)

DAS/SAN File Request Scan Request

CIFS ICAP or RPC Scan Verdict
MS Windows Server FC, FCoE or ISCSI
With Kaspersky
Clean File Security for Storage File Request

File Transfer for Security Scan

Kaspersky
Security Awareness
Kaspersky Cybersecurity Awareness training products are comprised of 3 elements
which intermesh, but which are also completely effective when used separately.

Skills instead of ‘just’ knowledge

Reduces
Computer-based – easy delivery, human error by up to
management & measurement

Real-life examples & practical

exercises – students are engaged
and motivated
80%
Clear training structure and latest
L&D technologies - easy for
administrators; efficient for students
 Kaspersky
Premium Support

• Minimized risk of failure with our proactive approach

• Faster recovery with an immediate technical response
• Direct access to our most experienced experts with MSA Enterprise

Kaspersky Kaspersky Kaspersky

Maintenance Service Maintenance Service Agreement | Maintenance Service
Agreement | Plus/Start Business Agreement | Enterprise

• 4-hour response time • 2-hour response time • 30-minute response time

• Access to a priority line • 24/7/365 support • Assigned technical account manager
• 6/12 premium incidents included • All the benefits • All the benefits of MSA BUSINESS
of MSA START and PLUS
 Kaspersky
Professional Services
Access to globally renowned Risk protection Maximize ROI Ultimate product
security experts assurance experience

Assess Optimize
Cybersecurity check Security hardening
Security Fundamentals Assessment Product tune-up (fault tolerance, disaster
Health check recovery, high availability)
Compliance assessment Product customization

Implement
Security Architecture Design Maintain
Implementation/upgrade Critical situation handling (onsite engineer)
Complex implementation (turnkey)
configuration
2
Optimum
Framework
• Security Foundations successfully
implemented

• IT environment is growing in size and

complexity, creating an increased
attack surface

• A small security team is in place, with

some expertise

• Incident response capability is

important to you

ADVANCED DETECTION AND

A CENTRALIZED RESPONSE
Organizations’ journey to improve security
before 2020
Step 1 Step 2 Step 3

Implement EPP1 Implement Sandbox Implement EDR2

Result: protection against a
wide range of threats with a
reduced attack surface and
automated remediation
mechanisms
Result: detection of threats Result: visibility, root-cause
designed to bypass EPP by analysis and response
automatically analyzing them capabilities to combat
over time in sandbox suspicious activities and
behavior

In 2020, organizations everywhere have been forced to

evolve their IT infrastructures almost overnight, blurring the boundaries of office walls.
Today it’s time to combine all these 3 steps into one, to protect business continuity.

1
– Endpoint Protection Platform; 2 – Endpoint Detection and Response
Kaspersky
Integrated Endpoint Security
Endpoint defense against
evasive threats

Baseline • In-built Strong EPP capabilities with embedded patch

Automated management and vulnerability assessment
EDR Sandbox
Single • Baseline EDR capabilities laid over strong EPP
Console (Kaspersky Endpoint Security for Business)
• Root-cause analysis of critical incidents
• IoC-based discovery
• Custom IoC generation capabilities, and ‘cross-endpoint’
response based on these IoCs
• Supports a range of threat containment and response
Strong actions
EPP • Sandbox detects with automatic ‘cross-endpoint’ response
(add-on option)
• Cloud & on-premises console
 Kaspersky
Sandbox
Complementing Kaspersky Endpoint Improved protection and automated No additional Integration with third-party
Security for Business with advanced response to advanced threats across all investments in solutions via RESTful API
detection scenarios for new and targeted protected endpoints, including staff and in-house facilitates deriving the
threats without affecting endpoint distributed networks with remote expertise maximum benefit from the
performance offices solution in complex
environments
Load
balancing
Object reputation request (synchronous
mode) Internet
KESB
Network interface to control malware interactions with the internet
Response
Shared cache
of verdicts

KESB
Centralized management/ updates,
response policy set-up and health
check
Kaspersky
Suspicious object analysis request Sandbox Detection data exported in CEF format
KESB
(asynchronous mode)

Analysis result
High-availability
Kaspersky SIEM
cluster
Endpoints Security Center
 Kaspersky Endpoint Detection and
Response Optimum Automatically stops Additional semi-automated
millions of common threats threat discovery

‘One-click’
Commodity threats response

Zero-day exploits

Unknown malware

Fileless threats

New ransomware
Other evasive and Incident
advanced threats Automated root closed
cause analysis

Automatically detects and responds to a

range of complex threats

Maximum Unified console Multi-purpose

Simple to operate
automation (cloud & on-premises) agent
 Kaspersky
Endpoint Detection and Response
DATA COLLECTION DATA STORAGE

Laptop PC Server Telemetry Objects Verdicts

DATA ANALYSIS AND INCIDENT INVESTIGATION

Automated Advanced Retrospective

Detection Analysis

IoC- and IoA- Global Threat

based Detection Intelligence

Proactive Threat MITRE ATT&CK

Monitoring and Threat Discovery Hunting Incident Enrichment
Visualization Investigation

Incident
Response
Kaspersky
Managed Detection and Response
Expert
• 24x7 proactive monitoring
Optimum • Automated threat hunting and
incident investigation
• 24x7 proactive monitoring
• Response playbooks and automatic IR
• Automated threat hunting and
• Security health check and asset visibility
incident investigation
• MDR web portal with dashboards and reporting
• Response playbooks and automatic IR
• 1-year incident history storage
• Security health check and asset visibility
• Managed threat hunting
• MDR web portal with dashboards and reporting
• 3-month raw data storage
• 1-year incident history storage
• Access to Kaspersky SOC analysts
• 1-month raw data storage
• Access to the Threat Intelligence Portal
• API for data download

Fast, scalable turnkey deployment Completely managed or guided incident response

Superior protection against even the most innovative Real-time situational awareness through various
non-malware threats communication channels
 Kaspersky
Threat Intelligence Portal
Objects Kaspersky Threat Automated
Sources
to analyze Intelligence Portal correlation

Contextual Kaspersky Security

URLs Lookup Intelligence Intelligence Network

Domains Security partners

Web Service Spam traps

IP addresses
Incident
Response Networks of sensors
Hashes

Threat – Is it malicious? Web crawlers

names – What does it do?
Botnet monitoring
Files
Cloud Sandbox
3
Expert
Framework
• IT environments are becoming complex and
distributed

• IT security team is mature or a Security

Operations Center is established

• Risk appetite is low due to higher costs of

security incidents and data breaches

• Regulatory compliance is a concern

READINESS FOR TARGETED AND

APT-LIKE ATTACKS
 Kaspersky
Anti Targeted Attack Platform
NETWORK SENSORS

Data IDS Network traffic

Data Collection Data
Normalization analysis
Network storage
Metadata & URL reputation
Objects
Anti-malware engine

YARA rules detection

Kaspersky (Private) Endpoint activity

Security Network monitoring
Threat Discovery

IoA analysis

MITRE ATT&CK
Incident Single Web mapping
Prioritization
Console Centralized data
Sandbox
and verdicts
ENDPOINT AGENTS

IoC-based discovery repository

Certcheck
Endpoint
Telemetry & Cloud ML for mobile
Incident Incident Response
Objects
Investigation

Global Threat
Intelligence
 Kaspersky
Incident Response
Service options
The Kaspersky Response retainer
Global Emergency Response
Team:
180 cases
•North America
in 2019 Emergency response

•Latin America
•EU
•Middle East
•Russia

We speak English,
Spanish, German,
Italian, Russian
 Kaspersky 35

Threat Intelligence
INFORMATION SECURITY STRATEGY
Understand the risk
Develop proactive mitigation
Justify budget and staffing requirements

Digital Footprint Intelligence

THREAT PRIORITIZATION INCIDENT THREAT

DETECTION AND INITIAL INVESTIGATIO HUNTING
RESPONSE N

Enhance existing Alert triage, validation Boost incident response Find threats missed by
security controls and enrichment Reduce possible damage existing security controls
APT Intelligence
Threat Lookup Reporting
Threat Data Feeds CyberTrace Cloud Sandbox ICS Reporting
Research Sandbox Threat Attribution
Engine
 Kaspersky
Cybersecurity Training
Improve internal SOC
expertise & efficient use of
tools and services Number
Training
of days

Digital Forensics 5

Ease Advanced Digital Forensics 5

professional
burnout
Malware Analysis 5

Advanced Malware Analysis 5

Promote career growth & Efficient Threat Detection

with YARA 2
steps towards moving
from one SOC tier to the
next
 Kaspersky
Security Assessment
Payment
Systems
Penetration
Testing

Transportation
Systems
Enterprise-wide Industry-specific
Red Security Assessment
Teaming Security Assessment
Industrial Control
Systems
Application
Security Smart Technologies
Assessment and IoT Systems

IDENTIFY ANALYZE MITIGATE MANAGE

 Kaspersky
Private Security Network
Kaspersky Private Security Network
delivers information about new threats to
security solutions – without any data
leaving your local network
Enables organizations with stringent data privacy
obligations – such as financial services and
government agencies – to benefit from cloud-
assisted security without compromising on
privacy
In addition to creating your own URL and file
reputations, you can benefit from reputations
provided by external third-party systems with
no intermediate steps, via an API.

Your Isolated Security Perimeter

Kaspersky Security
Kaspersky Private
Network (KSN)
Security Network
Reputation data
updates

Kaspersky Kaspersky Kaspersky Embedded Kaspersky

Security for Anti-Targeted Systems Security Endpoint
Storage Attack Security
Global Reputation
• File reputations statistics request/response
• URL reputations
• Anomalous behavior
Kaspersky customers
patterns
Kaspersky Kaspersky Kaspersky Kaspersky
Secure Mail Web Filter Hybrid Cloud Fraud • Additional services
Gateway Security Prevention
 Kaspersky
for Security Operations Centers
INTELLIGENCE-DRIVEN SOC

Advanced security Threat Intelligence Threat hunting

KASPERSKY FOR SECURITY

training

OPERATIONS CENTERS
services services

Malware analysis and Security assessment services Pentest and red

Digital Forensics teaming

KASPERSKY KASPERSKY KASPERSKY KASPERSKY

ENDPOINT DETECTION ANTI TARGETED RESEARCH THREAT ATTRIBUTION
AND RESPONSE ATTACK SANDBOX ENGINE

CLASSIC SOC

CORE
Log collection Monitoring and Case Incident
and correlation alerting management reporting
 Kaspersky
Research Sandbox
Patented threat emulation Custom images allowing to analyze Separate analysis of each process to On-premises deployment
technology with advanced anti threats across OS and applications detect suspicious activities with makes sure no data is exposed
evasion and human-simulating that apply to real environments associated network connections outside the organization
techniques

SECURED PERIMETER Kaspersky Kaspersky

Private Security Security
Web UI Network Network
File/URL
Malware samples reputation
X

Malware analysis
reports X
AV AV updates Kaspersky
RESTful updates mirror AV update
API servers
Kaspersky
Analysis of inbound and outbound Research Analysis of inbound and outbound
Malware communications Sandbox Malware communications

ISP1 ISP2
 Kaspersky
Threat Attribution Engine
New APT and clean files genotypes (updates)

Attribution Engine ExPetr/NotPetya

DNA Extractor DNA Matcher

Lazarus
SAMPLE

WannaCry

Equation
 Kaspersky Kaspersky products and
services

for Security Operations Centers Third-party products

TI
Vulnerability response

feeds, intel reports

management Kaspersky EDR Kaspersky Endpoint Security
logs detects
assets info

Kaspersky logs
IOCs SIEM Data sources, target assets
CyberTrace logs detects

IoC

various TI
Kaspersky lookup
Kaspersky Threat Intelligence
automation VM
reports Anti Targeted Portal
IOCs relationships
Attack
Case management
automation

SOAR response suspicious file

Kaspersky
Research Sandbox
report
response

Incident Response
Reporting & attribution
aggregated info
Kaspersky Attribution Engine
visualization malware

response
Why choose Kaspersky

The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc.,
and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice
constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented
methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

Kaspersky has once again been named a Gartner

Peer Insights Customers’ Choice for Endpoint
Protection Platforms.
Kaspersky is a Customers’ Choice in the April
2020 ‘Gartner Peer Insights ‘Voice of the
Customer’: EDR Solutions’ report.

Most Tested. Most Awarded

Kaspersky has achieved more first places in independent tests than any
other security vendor. And we do this year after year.
www.kaspersky.com/top3

Most transparent
With our first Transparency Center now active, and
statistical processing based in Switzerland, the
Kaspersky quality confirmed by MITRE ATT&CK sovereignty of your data is guaranteed in ways no
other vendor can match.
evaluation
Things to remember when building
a long-term cybersecurity strategy

A siloed approach to cybersecurity puts Cybersecurity is not a destination – it’s

businesses at risk an ongoing journey

Awareness, communication A proactive ‘detection and response’

and cooperation are key to success in a world of mindset is the best way to counter today’s
rapidly changing cyberthreats ever-evolving threats
Thank you!

kaspersky.com