Kaspersky EDR has achieved the highest AAA award in SE Labs’ Enterprise Advanced Security test (previously known as Breach Response Test). The solution was noted for its ability to detect complex targeted attacks, track malicious behavior from the beginning to the end of an attack and generate no false-positive results.
During the evaluation, the product was exposed to the tools, techniques, and procedures used by advanced threat groups.
With cyberattacks becoming more sophisticated and endpoints still the main target for cybercriminals, the importance of reliable endpoint protection cannot be overestimated. However, judging the effectiveness of these solutions is not an easy task, and many factors, such as the ability to detect, relevancy, and accuracy are at play when assessing how well the product will help during a real attack.
“We are proud that our EDR solution managed to repeat the success of the Kaspersky Anti-Targeted Attack platform rewarded with an AAA rating by SE Labs in 2019 and that it showed amazing results during one of the most challenging cybersecurity tests,” said Alexander Liskin, head of Threat Research at Kaspersky. “Our team endorses SE Labs’ holistic testing approach that involves the usage of real-world scenarios, validation of the performance at each stage of the attack, and transparent evaluation benchmarks.”
To evaluate Kaspersky EDR capabilities, SE Labs’ engineers tested the product under a range of complex attacks similar or identical to those used by Dragonfly and Dragonfly 2.0, FIN7 and Carbanak, Oilrig, and APT29 threat groups.
The solution’s performance was tracked at all major attack stages, from delivery to escalation and lateral action. Testers behaved as real adversaries, probing targets using a variety of tools, techniques, and vectors before attempting to gain access to the infrastructure. After that, they tried to complete the attack goal, including stealing information, damaging systems, and connecting to other systems on the network.
The test also considered the EDR’s ability to correctly identify legitimate applications and behavior, and measured any false positive detections or other sub-optimum interactions.
According to the independent laboratory, Kaspersky EDR detected every targeted attack and tracked each of the hostile activities that occurred during the test. Even better, it also detected in-depth insights, capturing details as each threat proceeded down the attack chain from the initial introduction to the system through its execution and subsequent behavior by the attacker. With 100% of attacks detected, the solution also showed outstanding results in classifying legitimate applications and URLs with a 100% legitimate accuracy rating.
Based on the total sum of the evaluated criteria, Kaspersky Endpoint Detection and Response finished with 98% in the total accuracy rating and was awarded the highest level of estimation — the AAA Award.
“Detecting breaches is an extremely challenging task. Detecting each stage of an attack, without making mistakes is far tougher. Kaspersky has done a great job in providing clear and deep insight into a range of advanced attacks,” said Simon Edwards, CEO at SE Lab.
Kaspersky Endpoint Detection and Response (EDR) provides visibility across all endpoints on a company’s corporate network and delivers superior defenses, enabling automation of routine tasks to discover, prioritize, investigate and neutralize complex threats and APT-grade attacks.
For more information about Kaspersky Endpoint Detection and Response, visit the website.