Connect with us

TechNews

Kaspersky launches ML-driven MDR for SMBs

. Splits B2B offering into frameworks based on customers’ IT security maturity

Published

on

ML-driven MDR

The new Kaspersky Managed Detection and Response (MDR) service ensures continuous machine learning-driven 24/7 protection while saving IT security teams’ resources for threat analysis, investigation and response.

Thanks to two product tiers, Kaspersky ML-driven MDR is now available not only for large enterprises, but for medium-sized businesses with different levels of IT security maturity and needs.

Along with the ML-driven MDR launch Kaspersky also updates its approach to product portfolios with cybersecurity frameworks. Different frameworks combine various sets of security solutions and services to enable protection from diverse types of threats.

Detecting and responding to sophisticated attacks requires specific expertise, while internal training or hiring additional experts may not always fit into the cybersecurity budget.

A lack of resources can lead to untimely responses to incidents and, as a result, increase the losses of the organisation. According to a Kaspersky report, for enterprises, the average cost of a data breach rises by more than $400k depending on whether a breach is discovered almost instantly or beyond seven days.

Targeted towards such organisations, Kaspersky Managed Detection and Response provides major benefits of an outsourced security operations center (SOC) and does not require specialised threat hunting and incident analysis skills from internal teams, which can be especially relevant for mid-size businesses. The service is complemented by detection technologies as well as extensive expertise in threat hunting and incident response from professional units including the Global Research & Analysis Team (GReAT).

It is also empowered with AI Analyst that enables automatic alert resolution and allows Kaspersky SOC analysts to concentrate on the most important alerts.

ALSO READ  Communiqué: Nigeria Computer Society calls for reform of regulatory frameworks inhibitive to digital economy

The combination of technologies and expertise gives customers protection from threats that evade detection, for example, by mimicking legitimate programs. IT security experts can see the protection status of all assets and threat detections in real time, receive ready-made response recommendations or authorise managed response scenarios

The service integrates several components. Kaspersky products such as, for example, endpoint protection or EDR, send their telemetry to the Kaspersky Security Network (Kaspersky Security Network (KSN) is a distributed infrastructure that works with various anti-malware protection components. The statistics consist of depersonalised metadata which is voluntarily provided by KSN participants among Kaspersky’s customers).

This telemetry is then analysed in the internal Kaspersky Security Operations Center (SOC) using more than 700 constantly updated proprietary TTP-based ‘hunts’2 tailored to the customer’s environment along with various detection engines.

Since alerts are collected from all endpoints, this allows the system to detect links of one attack chain on various machines.

All detections are further validated and prioritised by Kaspersky’s threat hunting team to ensure a timely response.

After investigation, customers receive incident alerts and a comprehensive guide to incident response in the dedicated MDR portal. Response options can then be initiated through an endpoint detection and response (EDR) agent.

Customers can also combine ML-driven MDR with Kaspersky’s Incident Response retainer to completely outsource incident investigation, forensics and elimination.

The Kaspersky MDR Optimum tier enables turnkey protection while Kaspersky MDR Expert allows access to the vendor’s SOC analysts certified and trained with OSCP, GCTI, SANS SEC560, SANS SEC660 for consultation, access to the Kaspersky Threat Intelligence Portal and an API for integration with existing security workflows.

ALSO READ  37% of Nigerian parents are not sure which information their children share publicly

With this launch, Kaspersky also introduces new frameworks to address companies’ needs in terms of threat defense and IT security maturity level.

Kaspersky ML-driven MDR powers each framework enabling an instantly matured IT security function while allowing mature IT security teams to focus on responding to the critical outcomes delivered.

Kaspersky Security Foundations provides adaptive protection against broader threat landscapes targeting customers’ endpoints, mobile devices, cloud infrastructure and servers.

This strong foundation will help organisations get value from security investments by preventing threats automatically.

Professional help is available whenever customers need it and is delivered as Premium Support and the redesigned portfolio of Professional Services.

Kaspersky Optimum Security framework enhances security against new, unknown and evasive threats by helping medium-sized businesses and smaller enterprises with limited cybersecurity resources to build incident response.

The framework provides advanced detection mechanisms with machine learning-based algorithms and a sandbox, as well as enhanced threat visibility, root cause analysis capabilities and a wide array of response actions. The framework also suggests security awareness training programs to help organisations build a cybersafe employee culture.

Kaspersky Expert Security framework represents a holistic strategy to help equip, inform and guide in-house experts to face the full spectrum of today’s complex threats, APT-like and targeted attacks.

Kaspersky Anti Targeted Attack Platform with Kaspersky EDR at its core acts as an Extended Detection and Response (XDR) solution, delivering all-in-one APT protection with network threat discovery and EDR capabilities.

IT security specialists are armed with all the technologies they need to handle superior multi-dimensional threat discovery at both endpoint and network levels, undertaking effective investigations, proactive threat hunting, and delivering a rapid, centralised response — all through a single solution.

ALSO READ  In 45 Days, we achieved what could not be done in the past 7 years – Dr Pantami

In addition, the framework offers Kaspersky Threat Intelligence and training to upskill IT security staff, as well as the ability to receive assistance, immediate support and third-party opinion from Kaspersky experts through the portfolio of cybersecurity services.

“Effective threat protection is always a set of measures that must be well coordinated with each other, easy to manage and meet the needs of customers. Frameworks work just like that. Another advantage is that, unlike one specific solution, they offer a cybersecurity roadmap for the company, assuring the transition from one IT security maturity level to another when the time comes.

Thus, in the case of MDR, at a more basic level of information security development, a company can receive a fully automated service. And when the expertise of its specialists grows, switch to the expert level and get involved in the threat hunting and investigation,” explains the VP, Product Marketing at Kaspersky, Dmitry Aleshin.

Advertisement
2 Comments

2 Comments

  1. Pingback: Kaspersky launches ML-driven MDR for SMBs - 9jaheadies

  2. Pingback: Kaspersky Launches ML-driven MDR For SMBs | Techvalley

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

Facebook