Kaspersky released the latest versions of Kaspersky EDR and Kaspersky Anti Targeted Attack, which offer new features that simplify the investigation process and enhance threat hunting.
A recently added database of Indicators of Attack (IoAs), maintained by Kaspersky’s threat hunters, helps deliver additional context during investigation of cybercriminal activities. In addition, IoAs are now mapped to the MITRE ATT&CK knowledge base for further analysis of adversaries’ tactics, techniques and procedures. These key improvements help enterprises investigate complex incidents faster.
Cyber incidents relating to complex threats can have a significant impact on business. The cost of response and process recovery, the need to invest in new systems or processes, the effect on availability and the damage to reputation all adds up. Today, organizations need to consider not only the growing number of widespread malicious programs, but also the increase in complex advanced threats targeting them. Kaspersky helps to solve this issue with the next generation of Kaspersky EDR and Kaspersky Anti Targeted Attack platform.
Kaspersky EDR and Kaspersky Anti Targeted Attack include functionality to check for Indicators of Compromise (IoCs), such as hash, file name, path, IP address, URL, etc., which show an attacker has struck.
In addition to search for IoCs, new capabilities with IoAs provide an opportunity to identify the intruders’ tactics and techniques, regardless of the malware or legitimate software used in the attack. To simplify the investigation process when examining telemetry from multiple endpoints, events are correlated with a unique set of IoAs from Kaspersky. Matched IoAs show up in the user interface with detailed descriptions and recommendations on the best way to respond to the attack.