With cyberattacks becoming more sophisticated and endpoints still the main target for cybercriminals, the importance of reliable endpoint protection cannot be overestimated. However, judging the effectiveness of these solutions is not an easy task, and many factors, such as the ability to detect, relevancy, and accuracy are at play when assessing how well the product will help during a real attack.
To evaluate Kaspersky EDR capabilities, SE Labs’ engineers tested the product under a range of complex attacks similar or identical to those used by Dragonfly and Dragonfly 2.0, FIN7 and Carbanak, Oilrig, and APT29 threat groups. The solution’s performance was tracked at all major attack stages, from delivery to escalation and lateral action. Testers behaved as real adversaries, probing targets using a variety of tools, techniques, and vectors before attempting to gain access to the infrastructure. After that, they tried to complete the attack goal, including stealing information, damaging systems and connecting to other systems on the network. The test also considered the EDR’s ability to correctly identify legitimate applications and behavior, and measured any false positive detections or other sub-optimum interactions.
According to the independent laboratory, Kaspersky EDR detected every targeted attack and tracked each of the hostile activities that occurred during the test. Even better, it also detected in-depth insights, capturing details as each threat proceeded down the attack chain from the initial introduction to the system through its execution and subsequent behavior by the attacker. With 100% of attacks detected, the solution also showed outstanding results in classifying legitimate applications and URLs with a 100% legitimate accuracy rating.
Based on the total sum of the evaluated criteria, Kaspersky Endpoint Detection and Response finished with 98% in the total accuracy rating and was awarded the highest level of estimation – the AAA Award.
“Detecting breaches is an extremely challenging task. Detecting each stage of an attack, without making mistakes is far tougher. Kaspersky has done a great job in providing clear and deep insight into a range of advanced attacks,” said Simon Edwards, Chief Executive Officer at SE Lab.
“We are proud that our EDR solution managed to repeat the success of the Kaspersky Anti-Targeted Attack platform rewarded with an AAA rating by SE Labs in 2019 and that it showed amazing results during one of the most challenging cybersecurity tests. Our team endorses SE Labs’ holistic testing approach that involves the usage of real-world scenarios, validation of the performance at each stage of the attack, and transparent evaluation benchmarks. We are looking forward to participating in further SE Labs’ tests to reaffirm that our products provide high-grade protection even against the most advanced threats,” comments Alexander Liskin, Head of Threat Research at Kaspersky.
Kaspersky Endpoint Detection and Response (EDR) provides visibility across all endpoints on a company’s corporate network and delivers superior defenses, enabling automation of routine tasks to discover, prioritize, investigate and neutralize complex threats and APT-grade attacks.
The full report, detailing the performance of Kaspersky EDR during the SE Labs’ test, is available via this link.