Professional Documents
Culture Documents
Enterprise
Our expertise
Threat Research and Global Research and Analysis Teams are strategically located all around the globe,
providing unparalleled depth of analysis and understanding of all kinds of threats.
Our research
Zebrocy
Industry
4.0
+1 5 % reats
f t h
xi ty o
ple
Co m
2018
2019
maturity, security personnel skills
and existing budgets.
Average cost
of CISOs consider
35% staff training to be the top priority
for cyber defense*
*FS-ISAC's 2018 Cybersecurity Trends Report
**Surviving the IT Security Skills Shortage, Dark Reading
***Cybersecurity Ventures “Cybersecurity Jobs Report
2018-2021”
The role of Endpoint Security
!
Endpoints are the most
68% v
$8.94m common entry points into an
organization’s infrastructure,
the main target of
cybercriminals, and key sources
of the data needed for effective
investigation of complex
…of organizations have …is the average economic incidents.
been victims of endpoint loss from an endpoint
attacks attack
Source: The Third Annual Study on the State of Endpoint Security Risk by The Ponemon Institute LLC, 2020
A stage-by-stage, endpoint-centric
cybersecurity strategy
Threat types and the expertise required to
counteract them
Sophistication Expertise
Evasive
of attacks required
threats IT security
IT
Commodity
threats
Stage-by-stage cybersecurity approach
TARGETED
SOLUTIONS
STAGE
Expert
3
Intelligence Internal Extended Detection External Privacy
Framework Expertise and Response Guidance
TARGETED Mature IT
ATTACKS Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky
security Threat Cybersecurity Anti Targeted Cybersecurity Private Security
Kaspersky capability or Intelligence Training Attack Platform Services Network
STAGE
Advanced Detection
2
Visibility and Kaspersky Managed
Optimum Protection response Enrichment Detection and
Response
Framework
Kaspersky
Industrial EVASIVE
Cybersecurity THREATS Kaspersky
Kaspersky Kaspersky
Endpoint Detection and Threat Intelligence
Sandbox
IT security Response Portal
Kaspersky Premium
Support and
Professional
Services
Kaspersky
STAGE
Endpoint Network Data People
for Security
Operations
Center 1 Security
Foundations
BROADER
Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky Kaspersky
THREAT Endpoint Security Hybrid Cloud Security for Security Security Automated Security
LANDSCAPE IT for Business Security Mail Server for Internet for Storage Awareness Platform
Gateway
1
Security
Foundations
• Multi-vector automated prevention of a
large number of possible incidents
caused by commodity threats
AD instances
cloud/on-premises
On-premises servers
WAN/LAN
Mobile devices Specialist
Roaming and
on-premises hosts
Kaspersky
Hybrid Cloud Security
Cloud workload Patented architecture Supports Ensures consistent Rich reporting engine Broad and timely
protection: system prevents any adverse compliance with a visibility and control enables ‘continuous guest,
hardening, exploit impact on service levels, wide range of over every part of the audit’ virtualization and
prevention, file integrity system performance or national and infrastructure cloud platform
monitoring and more user experience industry regulations support and native
API integration
Admin
Malicious script Supports Support for Linux and Deeper threat analysis with
detection cloud deployment MS Exchange mail Kaspersky Anti Targeted
servers Attack
Kaspersky
Kaspersky Security for Microsoft
Security Network Exchange Server
Unwanted
malicious email
User
Restricted content
Kaspersky ®
Kaspersky
Secure Mail
Gateway
Kaspersky Kaspersky
Anti Targeted Security for
Attack Platform Mail Server
Kaspersky
Security for Internet Gateway
Multi-layered ML-based Content filtering Malicious SIEM All-in-one, ready-to-use Supports
anti-malware and anti- safeguards data and script integration Secure Web Gateway cloud
phishing reduces the risk of detection appliance deployment
infection
Kaspersky
Web Traffic Security Application
Kaspersky Kaspersky
Alert!
Anti Targeted Web Traffic Security Appliance
Attack Platform
Alert!
Alert!
Proxy Server
Kaspersky
Security for Storage
Multi-layered ML-based On-access and on-demand Remote anti-cryptor for Blocks untrusted NAS, DAS and SAN
anti-malware and anti- scanning selected storage hosts support
phishing
Assess Optimize
Cybersecurity check Security hardening
Security Fundamentals Assessment Product tune-up (fault tolerance, disaster
Health check recovery, high availability)
Compliance assessment Product customization
Implement
Security Architecture Design Maintain
Implementation/upgrade Critical situation handling (onsite engineer)
Complex implementation (turnkey)
configuration
2
Optimum
Framework
• Security Foundations successfully
implemented
1
– Endpoint Protection Platform; 2 – Endpoint Detection and Response
Kaspersky
Integrated Endpoint Security
Endpoint defense against
evasive threats
KESB
Centralized management/ updates,
response policy set-up and health
check
Kaspersky
Suspicious object analysis request Sandbox Detection data exported in CEF format
KESB
(asynchronous mode)
Analysis result
High-availability
Kaspersky SIEM
cluster
Endpoints Security Center
Kaspersky Endpoint Detection and
Response Optimum Automatically stops Additional semi-automated
millions of common threats threat discovery
‘One-click’
Commodity threats response
Zero-day exploits
Unknown malware
Fileless threats
New ransomware
Other evasive and Incident
advanced threats Automated root closed
cause analysis
Incident
Response
Kaspersky
Managed Detection and Response
Expert
• 24x7 proactive monitoring
Optimum • Automated threat hunting and
incident investigation
• 24x7 proactive monitoring
• Response playbooks and automatic IR
• Automated threat hunting and
• Security health check and asset visibility
incident investigation
• MDR web portal with dashboards and reporting
• Response playbooks and automatic IR
• 1-year incident history storage
• Security health check and asset visibility
• Managed threat hunting
• MDR web portal with dashboards and reporting
• 3-month raw data storage
• 1-year incident history storage
• Access to Kaspersky SOC analysts
• 1-month raw data storage
• Access to the Threat Intelligence Portal
• API for data download
Superior protection against even the most innovative Real-time situational awareness through various
non-malware threats communication channels
Kaspersky
Threat Intelligence Portal
Objects Kaspersky Threat Automated
Sources
to analyze Intelligence Portal correlation
IoA analysis
MITRE ATT&CK
Incident Single Web mapping
Prioritization
Console Centralized data
Sandbox
and verdicts
ENDPOINT AGENTS
Certcheck
Endpoint
Telemetry & Cloud ML for mobile
Incident Incident Response
Objects
Investigation
Global Threat
Intelligence
Kaspersky
Incident Response
Service options
The Kaspersky Response retainer
Global Emergency Response
Team:
180 cases
•North America
in 2019 Emergency response
•Latin America
•EU
•Middle East
•Russia
We speak English,
Spanish, German,
Italian, Russian
Kaspersky 35
Threat Intelligence
INFORMATION SECURITY STRATEGY
Understand the risk
Develop proactive mitigation
Justify budget and staffing requirements
Enhance existing Alert triage, validation Boost incident response Find threats missed by
security controls and enrichment Reduce possible damage existing security controls
APT Intelligence
Threat Lookup Reporting
Threat Data Feeds CyberTrace Cloud Sandbox ICS Reporting
Research Sandbox Threat Attribution
Engine
Kaspersky
Cybersecurity Training
Improve internal SOC
expertise & efficient use of
tools and services Number
Training
of days
Digital Forensics 5
Transportation
Systems
Enterprise-wide Industry-specific
Red Security Assessment
Teaming Security Assessment
Industrial Control
Systems
Application
Security Smart Technologies
Assessment and IoT Systems
Kaspersky Security
Kaspersky Private
Network (KSN)
Security Network
Reputation data
updates
OPERATIONS CENTERS
services services
CLASSIC SOC
CORE
Log collection Monitoring and Case Incident
and correlation alerting management reporting
Kaspersky
Research Sandbox
Patented threat emulation Custom images allowing to analyze Separate analysis of each process to On-premises deployment
technology with advanced anti threats across OS and applications detect suspicious activities with makes sure no data is exposed
evasion and human-simulating that apply to real environments associated network connections outside the organization
techniques
Malware analysis
reports X
AV AV updates Kaspersky
RESTful updates mirror AV update
API servers
Kaspersky
Analysis of inbound and outbound Research Analysis of inbound and outbound
Malware communications Sandbox Malware communications
ISP1 ISP2
Kaspersky
Threat Attribution Engine
New APT and clean files genotypes (updates)
Lazarus
SAMPLE
WannaCry
Equation
Kaspersky Kaspersky products and
services
TI
Vulnerability response
Kaspersky logs
IOCs SIEM Data sources, target assets
CyberTrace logs detects
IoC
various TI
Kaspersky lookup
Kaspersky Threat Intelligence
automation VM
reports Anti Targeted Portal
IOCs relationships
Attack
Case management
automation
Incident Response
Reporting & attribution
aggregated info
Kaspersky Attribution Engine
visualization malware
response
Why choose Kaspersky
The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc.,
and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice
constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented
methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.
Most transparent
With our first Transparency Center now active, and
statistical processing based in Switzerland, the
Kaspersky quality confirmed by MITRE ATT&CK sovereignty of your data is guaranteed in ways no
other vendor can match.
evaluation
Things to remember when building
a long-term cybersecurity strategy
kaspersky.com