I have found the most valuable features of Kaspersky Endpoint Detection and Response Expert to be its ability to tackle the biggest challenges customers face when they have to mitigate any kind of a malware, ransomware attack, or online theft scenarios. The solution utilizes its HIPS, which is the host intrusion prevention system, behavior analytics system, and device control mechanism, making the antivirus capabilities of EDR quite strong. It is able to detect zero-day threats as well as historical or legacy malware, providing protection against current threats in the market and legacy malware. My opinion on the advanced threat detection algorithms in Kaspersky Endpoint Detection and Response Expert is that the ATP functionality is quite strong because it utilizes the behavioral analytics engine in the backend, which employs machine learning mechanisms to identify any kind of vulnerability or exploit running on the operating system level and the network level. If an attack is about to happen on the endpoint, it is able to protect over the network as well and checks for any illegitimate encryption activities. The machine learning capability within Kaspersky Endpoint Detection and Response Expert has contributed to improving detection accuracy and reducing false positives in my environment by helping me identify malicious activity and differentiate between any malicious activity on the operating system level and on the network level. I have seen customers with in-house developed applications that have no public signatures available. Once I whitelist a particular application, it intelligently whitelists not only the executable but also all the dependent services required to run that application. Furthermore, Kaspersky Endpoint Detection and Response Expert has successfully blocked network-level attacks on the endpoint. For example, during a recent DoS attack aimed at choking the entire network, Kaspersky detected the attack, isolated the device in a sandbox network, and alerted my SOC team via email for corrective action, thereby proactively helping me detect and protect devices from malicious attacks.
