Kaspersky Next XDR Expert Reviews

Currently, I use Kaspersky Endpoint Detection and Response for security on my computer. I am an end user.

I am using Kaspersky Endpoint Detection and Response as a firewall. I have Kaspersky Endpoint Detection and Response firewall on my computer, which sits at the gate, so I manage maximum things through that.

I do customize the policies to determine what to do and what not to do. All things have been customized.

It is automated only.

Kaspersky Endpoint Detection and Response is sitting on the machine to monitor. The main network is being monitored through the firewall at that level. For individual machines, Kaspersky Endpoint Detection and Response sits to check the endpoint.

Kaspersky Endpoint Detection and Response is not up to the mark compared to what I have seen from earlier products. I was using CrowdStrike, and Kaspersky Endpoint Detection and Response is not up to the mark compared to CrowdStrike and other products. Kaspersky Endpoint Detection and Response sometimes seems to allow certain files which should not be allowed on its own. I trust Kaspersky Endpoint Detection and Response to check the files, but I cannot sit and check all the files that are coming in. Kaspersky Endpoint Detection and Response has its own weaknesses.

Kaspersky Endpoint Detection and Response slows the system slightly. It uses more resources than what CrowdStrike does.

When any attack happens or something is happening with other products I am using, Kaspersky Endpoint Detection and Response stops certain things. However, it does not take me to the file, and it is not user-friendly.

I have been using this solution for about three or four months.

Stability is present with no problems.

There are no scalability issues.

My vendor takes care of any issues, so I have not contacted Kaspersky Endpoint Detection and Response directly for these matters.

Neutral

I was using CrowdStrike. CrowdStrike was very good and really was monitoring things without any interference from me or any user. I give the machines to the users, and CrowdStrike stops wrong sites, fraudulent sites, fraudulent apps, and fraudulent files. Everything CrowdStrike used to stop. Kaspersky Endpoint Detection and Response is not doing that. There are certain things CrowdStrike stops that may not be proper, and I can check and then bypass them. Kaspersky Endpoint Detection and Response is not checking all fraudulent files and unwanted things, sites, or websites.

CrowdStrike cost was so high that I did not try it again.

The installation is the same as other products and not a big deal.

My vendor takes care of any issues.

Kaspersky Endpoint Detection and Response is cheap.

If CrowdStrike can give me a good rate like Kaspersky Endpoint Detection and Response, I can use it.

It seems okay. CrowdStrike was not heavy on my network or usage. I would rate this product an 8.

The main use case for Kaspersky Endpoint Detection and Response is to protect the endpoints. I use it in the financial industry.

We are security people, and we use it for threat hunting. We are not system administrators and we are not the owners of the product, so I can't tell you about these things. I can tell you about the features regarding threat hunting and threat intelligence.

This is not our use case, as we use it just for the Kaspersky Endpoint Detection and Response.

We use Kaspersky Endpoint Detection and Response customizable detection rules and policies.

In terms of security requirements, it meets expectations.

Regarding the machine learning capability in Kaspersky Endpoint Detection and Response, it performs adequately when considering its improvement in detection accuracy and reduction of false positives.

I have observed just an extra security layer on the endpoints during these two years of usage.

I'm facing challenges because the local support is not up to mark, and its features are not comparable to industry-leading solutions such as CrowdStrike and Trend Micro.

Kaspersky needs to improve its local support to become a better product for future releases. The local support is inadequate, and compared to Trend Micro and CrowdStrike, many features are missing in this tool regarding investigation, threat hunting, and threat intelligence. These features are not up to mark in this tool compared to other EDR solutions, and the interface is very unfriendly.

I have been working for two years with this solution.

We have not integrated Kaspersky Endpoint Detection and Response with our existing security frameworks.

I have faced stability issues. As I mentioned, I'm not a system administrator. We use it in our security department for threat hunting and threat intelligence.

It is not a scalable solution at all. I rate scalability for Kaspersky Endpoint Detection and Response a four out of ten.

I rate the support for Kaspersky Endpoint Detection and Response a three out of ten.

The problem with support is that they don't have much expertise to resolve the root cause of issues and to resolve solutions timely regarding deployments and other matters.

Neutral

I previously used Trend Micro before working with Kaspersky Endpoint Detection and Response.

I started using Kaspersky Endpoint Detection and Response because my current organization uses Kaspersky. In my previous organization, I was working with Trend Micro.

The setup for Kaspersky Endpoint Detection and Response is not complex. I rate the initial setup of Kaspersky Endpoint Detection and Response a seven out of ten.

For deployment, I used a local partner.

Kaspersky Endpoint Detection and Response is a very low-cost solution.

I think it's just a normal tool; compared to other market EDRs, this is a very poor product. In the near future, we are going to replace it with an industry's best solution.

I would recommend Kaspersky AV as a good product, but for Kaspersky Endpoint Detection and Response, I don't recommend using it. I always recommend the world's top products such as CrowdStrike, Trend Micro, and Palo Alto Networks. I never recommend anyone to use Kaspersky Endpoint Detection and Response, though their AV is a good product.

Overall, I rate Kaspersky Endpoint Detection and Response six out of ten.

Our use cases include ISC's indicator for compromise, blocking, caching, and automation. For example, the detection of any USB or removable device on any system triggers a response. 

Additionally, if any malware is detected in the system, the EDR solution removes it. These are the primary use cases we focus on. 

Another scenario involves the detection of a large data transfer, such as 3GB via a USB device, to another system, which must be identified. These are the main use cases we prioritize.

One of the good features is the provider's Faulting capability. If any of our systems detect malware, we can check the behavior of the malware by sending it to Kaspersky's sandbox environment. 

This helps us assess how destructive the malware is. After analyzing it, we can create use cases and protection measures based on that behavior. So, this is the best feature of Kaspersky.

Kaspersky's support team is not that much supportive. If we need any help from them, they do not provide a good solution, and it takes too long to resolve the issue. This is the main thing because some cases are easy and need urgent resolution. 

However, when we create a support ticket, it takes three days to get it planned, and we have urgent requirements. So, the ticketing process needs improvement.

I have been using this solution for two years. 

It is a stable solution. I would rate the stability an eight out of ten. 

I would rate the scalability an eight out of ten. Around six end users are using this solution. We have plans to increase the further usage in future. 

There is room for improvement in the support.

Neutral

We used CrowdStrike. We switched to Kaspersky because of two reasons. Firstly, because I work in the financial sector. CrowdStrike is a cloud-based EDR solution, and for our financial sector, they don't allow us to put our financial data in the cloud. 

And the second thing is the pricing issue because CrowdStrike is more expensive than Kaspersky. So these are the two reasons we moved to Kaspersky and removed CrowdStrike.

For the deployment of the server it will mostly take around two or three days for the deployment of the main server, and then it will be able to connect to different endpoints. 

It is a continuous process, but for the main server that we deployed, it took two to three days for us including all configurations.

For deployment from the vendor side, only one person is needed for the deployment.

I would rate the pricing a five out of ten; it is neither too cheap nor too expensive. 

For using Kaspersky, the first thing is the features it offers, like locking USB, the use cases, and the scalability. It is easily scalable in any type of environment, from small-sized organizations to larger ones with 5,000 or up to 10,000 users. 

It is cost-effective in terms of services and features compared to other more expensive EDR solutions like CrowdStrike and Trend Micro. 

So, these are the two things I would recommend if any organization wants to deploy it in their environment.

Overall, I would rate the solution a seven out of ten. 

Kaspersky EDR is far superior to other products. It gives detailed information about malware, geolocation, and more. Also, the agent itself is very lightweight compared to other products. The packages and updates were quite small in size, just a few KBs. 

And the best part is that when you apply a policy or make any changes, it immediately works. Regardless of the device's location, as long as it's reachable to the server, the policy applies within fractions of seconds. I had hands-on experience with an on-premises server on my premises. Once I applied any policy or made changes, it was assessed immediately, even if the PC was in a different country. As long as my PC was reachable, everything worked fine.

Moreover, the reports Kaspersky EDR generates, like the weekly and monthly reports, were amazing. We fully customized the on-premises server according to our needs, including how to push Windows patches, application updates, and whitelisting. One of the things I really like about Kaspersky is that even as an administrator, it won't allow you to bypass the applied policies.

The main issue was compatibility with the cloud itself. The CPU usage immediately spiked, causing the machines to hang and sometimes even forcing server or computer restarts. Within seconds of installing the agent, the CPU usage would become extremely high, rendering the machine practically unusable until we either manually restarted it or initiated a forced restart. We were left with no option but to uninstall the client.

It was the primary issue. When the agent was installed from the cloud portal, the machine became completely unresponsive and disconnected from the network.

I was quite satisfied with Kaspersky products when they were on-premises. The server was downloading the updates and signatures smoothly, and it was fully stable in our network. However, we decided to move to the cloud as we were offered better options, and there was no significant pricing difference. But unfortunately, once we moved to the cloud and deployed the agents on our clients, our clients started facing disconnection issues. We had no choice but to forcefully restart the machines. We tried seeking help from Kaspersky, but we didn't receive any assistance, which led us to switch to another product.

We used this solution around 2018. Before that, we were not using EDR; it was just Kaspersky EDR. 

I was disappointed with the cloud support. It didn't meet my expectations, which led me to consider another product. However, I don't have anything negative to say about Kaspersky in general. In fact, on my personal computer and laptop, I still use Kaspersky Endpoint Security. Additionally, for my other clients and places, I still prefer to purchase Kaspersky products.

For the recent support experience, I would rate it less than three, honestly speaking. The recent incident we had with them was not satisfactory. However, when we were on premises and had their support directly, it was fantastic. I would rate it 11 out of 10 back then. The support we received in the past was super nice and excellent.

Negative

The implementation was straightforward. We had everything set up. However, on a few Windows 10 clients, it worked fine, but there was one unusual thing that happened on a Windows 11 client. I did an agent installation for a client, but it was uninstalled by itself. I submitted these logs to my vendor and Kaspersky's technical team, so they need to look into that issue.

We successfully deployed and worked on our own console and control panel, everything on the cloud. This issue only happened with the cloud version, not with on-premises. On-premises, it never happened.

I was satisfied with the pricing of Kaspersky. Even now, if Kaspersky had solved our problem, I would have never jumped to SentinelOne. Honestly, I'm not the kind of person who keeps changing products frequently. Once a product stabilizes in our environment and works well, I feel everything is excellent.

And Kaspersky performed really well when it was on-premises. On my premises, I had a Kaspersky server that efficiently downloaded updates and signatures. Despite new products with signature-less approaches like SentinelOne, I was content with Kaspersky, and it provided a stable environment within our network.

However, there came a time when everyone wanted to upgrade, including our local vendor. They suggested moving to the cloud to remove it from on-premises. We considered this, especially since there was no significant pricing difference, and we could access better options in the cloud. So, we decided to migrate to the cloud.

But, unfortunately, after moving to the cloud and deploying agents on our clients, we encountered unexpected disconnection issues. The clients were suddenly getting disconnected, and we had no option but to forcefully restart the machines. We stopped further deployment and everything related to it. We thought to wait for Kaspersky's help in resolving the issue, but regrettably, we didn't receive any assistance from Kaspersky. Consequently, we had to switch to another product, which was SentinelOne.

We were working with SentinelOne. We initially had three options: Core, Control, and Complete. We opted for the Control option, which is the middle one. Core is the basic version, Control is in the middle, and Complete is the top-end version. But besides XDR, we have everything else.

Currently, we are exclusively working with SentinelOne.

Until 2021, Kaspersky was the best product in my environment. But since we moved to the cloud, we had so many troubles. We raised a case with Kaspersky, but they couldn't help. They didn't even reply, and that's why we changed the product. We were forced to switch to SentinelOne. We had been using Kaspersky for about nine or ten years, but that was when it was on-premises. However, when we moved to the cloud, it didn't work as expected, so we switched to SentinelOne. 

We even considered products like Falcon CrowdStrike, but it turned out to be more expensive than our budget allowed. Eventually, we opted for another solution that fit well within our budget constraints.

If Kaspersky EDR is working fine in another environment and for other people, I would say they should stick with it. Kaspersky is a good product, and I honestly believe it is a very good product overall. 

Unfortunately, it didn't work well in my environment, but that might just be my bad luck. If you look at the reviews, especially in the Middle East, you'll see that Kaspersky has received very positive feedback.

Overall, I would rate the solution an eight out of ten. It's a nice product and genuinely a very good one. Kaspersky EDR was super and fulfilled my needs, especially on-premises. It has everything, like application control, device control, web filtering control, and much more. Any Kaspersky product you take, it comes with certain default features that are not available in SentinelOne. To get additional features, you need to switch from Core to Control and then to Complete versions. In my experience, it was fantastic and worked very well in my environment. I didn't face any issues, and I would still love to use this product if they had supported me in my case. Unfortunately, that didn't happen, and I was disappointed as I never expected to receive no support from Kaspersky.

We use Kaspersky on around one to two thousand servers and around four hundred workstations. Today, I work with Kaspersky EDR, and we also use Microsoft 365 Business Premium licenses.

Before we implemented Kaspersky here, we had McAfee, so we had a big security improvement with the Kaspersky deployment. We have patch management with Kaspersky under the Windows Update Services.

It is a secure solution with a lot of IT management features. It assists with remote access, remote desktop access, script detection, cryptography, and device control. It offers features that some other solutions in the market do not have, such as Cortex XDR.

Cortex is better in the security features, yet Cortex doesn't have IT management features like Kaspersky. Kaspersky is not an XDR solution. With an XDR solution, we could gain some more time.

I have used Kaspersky for three to four years.

I would rate the stability of Kaspersky as seven out of ten.

Kaspersky Cloud is scalable. The on-premises solution we have is not so scalable since it is limited by server resources. I would rate scalability as six or five out of ten.

It is simple to contact technical support for Kaspersky. We can set up a meeting when we need it. I rate the customer service nine out of ten.

Positive

Before implementing Kaspersky, we used McAfee. We had a big security improvement after switching to Kaspersky.

The initial setup was easy. It is not simple to find the events and correlate them, yet setting it up is easier. For the on-premises one, it is easy to set up.

We used another enterprise called FastHelp. They have specialized teams that helped with the deployment of the solution. Today, I am a security analyst, so I don’t know exactly the other job roles involved in the deployment, but they might be security technicians or network administrators.

Before we implemented Kaspersky here, we had McAfee, so we had a big security improvement with Kaspersky deployment.

Kaspersky has a better price than other marketplace solutions. Due to this, they are growing significantly. I like the price. I'd rate it nine out of ten.

Today, I work with Kaspersky EDR. We had McAfee before implementing Kaspersky.

I fully recommend Kaspersky EDR to others.

I'd rate the solution nine out of ten.

My company uses the EDR functionalities of Kaspersky, which are not related to application security. Kaspersky Endpoint Detection and Response is useful for environment scanning and can be deployed on a server to scan for viruses, malware, and hardware. We also use the product for EDR integration with the SIEM solution and get logs from each device.

The most valuable feature of the solution is its centralization capability allowing everything to be done from one device, including deployment, and integrating with the domain controller to do further deployments.

There are certain shortcomings with the UI of the solution. The UI is not at all user-friendly. The product should have an easier UI.

I have experience with Kaspersky Endpoint Detection and Response for two years. I use Kaspersky Endpoint Detection and Response Version 13.

It is a stable solution.

It is a very scalable solution.

The product is used by 2,500 employees in my company.

The product is extensively used in my companies since it is very good.

We can plan to increase the number of users in our company since it is a very scalable product.

The solution's technical support is very helpful and responsive. The documentation of the product also helps a lot.

Five years ago, I used Malwarebytes.

Considering the use cases of Malwarebytes, it was used to protect two servers from ransomware. During the time when we were using Malwarebytes in my previous company, the best solution on Gartner was GravityZone. At my previous company, we chose GravityZone to protect our two servers in a small environment with around 50 employees. Due to the aforementioned reasons, there was a requirement for a small business solution. Kaspersky Endpoint Detection and Response is the best for large environments.

The initial setup of the product is complicated and requires more work and effort from the system administrator. The product should provide domain controller admin access to allow for the maintenance of the network. Every issue we face in Kaspersky Endpoint Detection and Response relates to network and system administrators.

The solution is deployed on-premises.

Steps for the deployment should be followed to configure the network and ensure that all devices are accessible on the network or the same subnet while ensuring that there are no DMZs.

Though the product is not user-friendly, I was involved in the implementation process since I am an integrator.

Yearly payments are to be made toward the licensing costs of the solution.

To those planning to use the solution, I can say that it provides various specific customization and offers many shields for protection, because of which there is a need to be specific about the resources you want to save.

If you have a SIEM solution, then you should be specific when integrating Kaspersky with that SIEM solution and the best logs.

The product is not friendly, and it's not for end users. The product is meant for engineers and security engineers owing to its complex nature.

I rate the overall tool a ten out of ten.

The solution is an antivirus.

The tool is easy to use. It provides good protection. The product doesn't affect the performance of the computers.

The solution must provide better security. The performance can be improved.

I have been using the solution for two and a half years.

The product is stable and reliable. I rate the stability an eight out of ten.

We have 120 users in our organization.

The support is very good.

The initial setup is fairly easy. It took us a few hours to deploy the solution. To deploy the product, we install it on the main server, deploy it to the workstation, and make the updates. After that, the product is fairly independent.

The first deployment was done with an integrator. Then, we did it in-house.

We generally get a license for 36 months. The solution is not cheap, but it is not expensive.

We are not a very large organization, so scalability is not relevant to us. After the first installation, we do not need people to maintain the tool. I will recommend the solution to others. Overall, I rate the product an eight out of ten.

I use the tool for endpoints. 

From my point of view, one of the best aspects of Kaspersky Endpoint Detection and Response is its high detection rate, which surpasses many other solutions. Its valuable features include behavior detection, threat prevention, device control, adaptive anomaly control, and centralized protection detection.

One of the main areas where the tool could improve is its integration capabilities. For example, I find it challenging to integrate it with other solutions. It would be helpful if the tool could make it more open to integration with other tools.

I have been working with the product for five years. 

The product is scalable. 

We transitioned from Symantec to Kaspersky Endpoint Detection and Response for our company. We managed the migration process in parallel with our ongoing operations, and it didn't pose any challenges.

The product's deployment is easy. It can be completed in two to three days. No engineers are required for the deployment. However, I have kept one for the new station. 

We have saved about 70 percent in terms of money. 

The tool's pricing was high during the last renewal. 

I rate the tool an eight out of ten. People should choose a solution that aligns well with their specific environment. For instance, opting for a lightweight agent suitable for virtual setups is crucial if they operate in virtual environments. Conversely, in non-traditional physical environments, a standard agent may suffice. It's essential to keep these considerations in mind when selecting a solution.

I use Kaspersky Endpoint Detection and Response for mobile devices and laptops. I also run it on some of my servers in the data center.

The product's biggest features are reporting and signature-based malware detection. It runs on how the machines are used in a particular environment.

The solution currently works fine for me. The only issue I face with the product is related to the area of patch management, as it is not very effective. If the patch management area can be improved in Kaspersky Endpoint Detection and Response, I need not go for another solution to take care of patch management, like a vulnerability management tool from Sophos or some similar product.

From an improvement perspective, I want to be able to use the product as a patch management tool for my endpoints since it is an area that is not working effectively for me. I am pushed to get a vulnerability management solution to manage the area of patches.

Technical support for the solution could be better because it takes a bit of time to reach out to them through our local channel partner to attend to some of the issues where we need support. It takes the support team an entire week to resolve an issue.

I have been using Kaspersky Endpoint Detection and Response for four years. I use the solution in my company as an end user.

Stability-wise, I rate the solution a nine out of ten.

I mostly operate in a Windows-based environment. The product has been able to meet my requirements, especially the ones related to the endpoints used in our organization, which have increased lately. I run ATS in different parts. I run Windows-based machines for endpoints, and I also run Exchange for emails. Scalability-wise, I rate the solution an eight or nine out of ten.

I rate the technical support a six or seven out of ten.

Neutral

The product's initial setup phase was easy. I rate the initial setup phase of the product a ten out of ten, as it was a very easy process. My company always receives help to improve certain areas from Kaspersky's partner we have in our country.

My company did seek support from a local platinum partner of Kaspersky to help our company with the initial setup phase.

I rate the product price a five on a scale of one to ten, where one is low price and ten is high price.

Previously, I had done some assessments with the EDR solutions provided by Sophos, which, in terms of price, fall under the higher side of the spectrum. I chose Kaspersky Endpoint Detection and Response since it falls under the price range that I wanted.

I rate the overall product an eight out of ten.

We use the solution to enhance malware detection and response capabilities.

The most valuable aspect of the product is its consolidated features. We can easily configure Kaspersky's anti-target attack, streamlining our security measures. The unified agent, which combines antivirus, optimal threat response, and EDR functionalities, is a significant improvement. This integration simplifies management, providing a comprehensive solution with both cloud and on-premise functionality. It ensures effective protection and swift threat response across our network.

There is room for improvement in its user interface. The web GUI needs development to make it more user-friendly and aligned with industry standards.

I have been working with Kaspersky EDR for two years.

I would rate the stability as an eight out of ten.

I would rate the scalability of the product as a seven out of ten. I would recommend Kaspersky EDR for enterprise-level businesses. Its robust functionality, including EDR use cases and versatile prevention rules, makes it particularly well-suited for larger organizations.

Kaspersky's tech support is good. We have local teams in our country, and they are proactive in hiring and sharing knowledge. They provide effective assistance for any EDR solution issues we encounter. I would rate the support as a nine out of ten.

Positive

When comparing Kaspersky EDR to other products like Fidelis Cybersecurity, Fidelis has a good user interface but tends to have issues with high CPU and RAM usage. I have heard feedback from users facing problems with Fidelis's Incident TimeLine feature. While both products have similarities, Kaspersky EDR stands out for its comprehensive functionality and effective threat response.

Setting up Kaspersky EDR can vary in complexity based on hardware. Customers might experience issues like storage or high CPU usage during installation or updates. While the initial installation is generally smooth, upgrading poses challenges, especially when transitioning between different operating systems. Careful testing is essential to prevent errors and compatibility issues caused by overwriting operating system codes.

The price for Kaspersky EDR is on the higher side, likely because of their extensive marketing efforts. However, the cost seems justified as they prioritize customer support, investing in a capable team to handle complex customer situations.

Overall, I would rate Kaspersky EDR as a seven out of ten.