Three-level protection of the corporate network of “Kaspersky Lab”

The tools created by Kaspersky Lab have been protecting home and office PCs from harmful and lost programs and digital attacks for more than two decades. Unfortunately, with the development of the Internet, not only the extent of its benefits for companies grows, but also the scope of the dangers lurking in it. The System Administrator’s Blog will show you how to protect your data.

Best protected computers in 2000

Kaspersky Anti-Virus was on my computer at the beginning of the 2000s. Fought viruses perfectly. It was considered the most important program, as uncontested as MS Office. And today I use Kaspersky Lab products myself and install them on my clients’ computers. The history of Kaspersky Anti-Virus began in 89 of the last century, when PCs were outlandish devices.

Security of corporate networks in 2020. Level 3

For large and medium-sized companies, data is the most valuable thing. Business understands the importance of information and uses software to protect it.
Some statistics: according to a survey by Kaspersky Lab, over the past 12 months, Russian small and medium-sized businesses have spent an average of 4.7 million rubles on securing their corporate perimeter each one. Moreover, every fifth respondent (20%) noted that the decision to invest in strengthening information security was made after a cyber incident within the organization, including after cases of data leakage. In 2020, the average cost of data loss for a small company was RUB 1.9 million.

Traditional EPP protection is indispensable

Unfortunately, companies often limit themselves to classic solutions of the EPP (Endpoint Protection Platform) class, forgetting that the Internet in 2020 is not the same as it was decades ago. EPP protection will cope with 99 threats out of a hundred. But this is not enough. You need to be sure that sneaky attacks will also be repelled, including fileless threats.

Kaspersky Lab offers a solution: a three-component approach to protecting information on digital devices used for work. There are three security levels:

1. Classic Kaspersky Endpoint Security for Business.
2. Endpoint Detection and Response (EDR) Toolkit.
3. Kaspersky Sandbox (sandbox).

Optimal conditions are the work of all three components in conjunction. Let me tell you in more detail. It’s clear with the Endpoint Protection Platform. The second layer of protection is designed to investigate attacks.

EDR – only the most important thing

Allows you to understand the source of the threat, its development and where it manifested itself in the company’s network. Provides an information security specialist with additional tools, including the following capabilities:

• delete the malicious file;
• apply actions to all hosts;
• checks nodes for indicators of compromise.

EDR data source – traditional EPP software. The refusal to use the second level of protection is often due to its complexity. Specialists of the highest qualifications are required. They have to pay a lot, which the average business cannot afford. In practice, a company often has two, maximum three, information security specialists. It is often the case that there is no department and data protection is the responsibility of IT people, which leads to the abandonment of the purchase and use of powerful data protection tools.

Therefore, Kaspersky Lab has developed and presented an integrated solution, Kaspersky EDR Optimal. The simplified EDR solution is automated to the maximum. Expert intervention is not often necessary – the software is capable of automatically repelling most of the attacks.

Response Toolkit deletes or quarantines files. A simple analysis is provided to determine the root cause of the infection and get an idea of ​​what is happening.

For a company, this means that you don’t have to hire an expert. An IT professional can handle a basic understanding of information security.

For large businesses, Kaspersky Lab offers Kaspersky Endpoint Detection and Response Expert, a full-featured EDR solution that is also suitable for integration into SOC (Security Operation Center). This software is already more complex and requires qualified personnel to work with it.

Malicious files will not leave the virtual sandbox

Kaspersky Sandbox is an environment in which a malicious file will “feel” as if it were on the company’s network. He will behave accordingly and form an idea of ​​the harm that he is capable of inflicting. In the meantime, there is no way for the malicious software to do real harm.

Modern viruses are quite cleverly written and can be deactivated if they feel that they have become the object of research. Simulation of user actions is implemented in the sandbox.

The intervention of an information security professional is even less necessary than with an EDR. After configuring Sandbox, suspicious files are blocked there. They have no chance of penetrating the company’s network, the malicious software will remain within the virtual space.

Dynamic in-depth analysis of cyber threats is provided:

• unknown;
• target;
• escaping detection.

Maximum number of devices supported: 1000 (basic configuration). The solution is scalable, which allows it to be used to protect large infrastructures.

Building a powerful information security department requires a significant investment of resources. If the company is not ready for this at the moment, the sandbox will be the best solution. Helps counter new and complex cyber threats.

Nothing has to be installed additionally

Management is carried out through the Kaspersky Security Center console, which is deployed during the implementation of Kaspersky Security for Business. After moving to the EDR level, the corresponding toolkit appears in the console.

When using Kaspersky Sandbox as well, the system administrator will have access to the optimal level of business protection.

Who is this solution for?

The software package is useful not only for relatively small corporations with no more than 5 thousand nodes. It can also be used in structural divisions of large companies that do not have large information security departments:

• branches;
• regional offices.

The penetration of malicious code into the branch network can damage the corporation as a whole: lead to financial losses and damage the reputation of the business.

Main advantages of EDR Optimal:

• easy to install, configure and manage;
• does not require high qualifications in information security to work with it;
• low system requirements.

Differences between complexes

The three-tier set of tools for Kaspersky Total Security Plus for Business is more expensive because it includes the Sandbox. Preferred for large companies.

Medium-sized businesses are recommended to use Kaspersky EDR for Business Optimal. EDR is provided, but no sandbox is available, but can be purchased additionally if needed.

There are three levels of solution: Standard, Advanced, and Optimal.

Each contains:

• securing Windows, macOS and Linux;
• securing mobile devices;
• guidelines on how to configure security policies;
• EDR functionality management;
• software control for computers;
• device control;
• web control.

In “Advanced” additional options are implemented:

• encryption management;
• adaptive anomaly control;
• installing fixes;
• search for vulnerabilities;
• operating system installations;
• install the software.

Feature of the “Optimal” complex: EDR tools.

Offers are business oriented:

• middle (top segment);
• large (lower segment).

Useful for companies with 500-5 thousand jobs.

Prices and detailed information about the complexes offered to business are posted on the official website of Kaspersky Lab.

What data protection guidelines would you give companies in 2020? Share your opinion in the comments.