Kaspersky Endpoint Detection and Response Reviews

Kaspersky EDR is far superior to other products. It gives detailed information about malware, geolocation, and more. Also, the agent itself is very lightweight compared to other products. The packages and updates were quite small in size, just a few KBs. 

And the best part is that when you apply a policy or make any changes, it immediately works. Regardless of the device's location, as long as it's reachable to the server, the policy applies within fractions of seconds. I had hands-on experience with an on-premises server on my premises. Once I applied any policy or made changes, it was assessed immediately, even if the PC was in a different country. As long as my PC was reachable, everything worked fine.

Moreover, the reports Kaspersky EDR generates, like the weekly and monthly reports, were amazing. We fully customized the on-premises server according to our needs, including how to push Windows patches, application updates, and whitelisting. One of the things I really like about Kaspersky is that even as an administrator, it won't allow you to bypass the applied policies.

The main issue was compatibility with the cloud itself. The CPU usage immediately spiked, causing the machines to hang and sometimes even forcing server or computer restarts. Within seconds of installing the agent, the CPU usage would become extremely high, rendering the machine practically unusable until we either manually restarted it or initiated a forced restart. We were left with no option but to uninstall the client.

It was the primary issue. When the agent was installed from the cloud portal, the machine became completely unresponsive and disconnected from the network.

I was quite satisfied with Kaspersky products when they were on-premises. The server was downloading the updates and signatures smoothly, and it was fully stable in our network. However, we decided to move to the cloud as we were offered better options, and there was no significant pricing difference. But unfortunately, once we moved to the cloud and deployed the agents on our clients, our clients started facing disconnection issues. We had no choice but to forcefully restart the machines. We tried seeking help from Kaspersky, but we didn't receive any assistance, which led us to switch to another product.

We used this solution around 2018. Before that, we were not using EDR; it was just Kaspersky EDR. 

I was disappointed with the cloud support. It didn't meet my expectations, which led me to consider another product. However, I don't have anything negative to say about Kaspersky in general. In fact, on my personal computer and laptop, I still use Kaspersky Endpoint Security. Additionally, for my other clients and places, I still prefer to purchase Kaspersky products.

For the recent support experience, I would rate it less than three, honestly speaking. The recent incident we had with them was not satisfactory. However, when we were on premises and had their support directly, it was fantastic. I would rate it 11 out of 10 back then. The support we received in the past was super nice and excellent.

Negative

The implementation was straightforward. We had everything set up. However, on a few Windows 10 clients, it worked fine, but there was one unusual thing that happened on a Windows 11 client. I did an agent installation for a client, but it was uninstalled by itself. I submitted these logs to my vendor and Kaspersky's technical team, so they need to look into that issue.

We successfully deployed and worked on our own console and control panel, everything on the cloud. This issue only happened with the cloud version, not with on-premises. On-premises, it never happened.

I was satisfied with the pricing of Kaspersky. Even now, if Kaspersky had solved our problem, I would have never jumped to SentinelOne. Honestly, I'm not the kind of person who keeps changing products frequently. Once a product stabilizes in our environment and works well, I feel everything is excellent.

And Kaspersky performed really well when it was on-premises. On my premises, I had a Kaspersky server that efficiently downloaded updates and signatures. Despite new products with signature-less approaches like SentinelOne, I was content with Kaspersky, and it provided a stable environment within our network.

However, there came a time when everyone wanted to upgrade, including our local vendor. They suggested moving to the cloud to remove it from on-premises. We considered this, especially since there was no significant pricing difference, and we could access better options in the cloud. So, we decided to migrate to the cloud.

But, unfortunately, after moving to the cloud and deploying agents on our clients, we encountered unexpected disconnection issues. The clients were suddenly getting disconnected, and we had no option but to forcefully restart the machines. We stopped further deployment and everything related to it. We thought to wait for Kaspersky's help in resolving the issue, but regrettably, we didn't receive any assistance from Kaspersky. Consequently, we had to switch to another product, which was SentinelOne.

We were working with SentinelOne. We initially had three options: Core, Control, and Complete. We opted for the Control option, which is the middle one. Core is the basic version, Control is in the middle, and Complete is the top-end version. But besides XDR, we have everything else.

Currently, we are exclusively working with SentinelOne.

Until 2021, Kaspersky was the best product in my environment. But since we moved to the cloud, we had so many troubles. We raised a case with Kaspersky, but they couldn't help. They didn't even reply, and that's why we changed the product. We were forced to switch to SentinelOne. We had been using Kaspersky for about nine or ten years, but that was when it was on-premises. However, when we moved to the cloud, it didn't work as expected, so we switched to SentinelOne. 

We even considered products like Falcon CrowdStrike, but it turned out to be more expensive than our budget allowed. Eventually, we opted for another solution that fit well within our budget constraints.

If Kaspersky EDR is working fine in another environment and for other people, I would say they should stick with it. Kaspersky is a good product, and I honestly believe it is a very good product overall. 

Unfortunately, it didn't work well in my environment, but that might just be my bad luck. If you look at the reviews, especially in the Middle East, you'll see that Kaspersky has received very positive feedback.

Overall, I would rate the solution an eight out of ten. It's a nice product and genuinely a very good one. Kaspersky EDR was super and fulfilled my needs, especially on-premises. It has everything, like application control, device control, web filtering control, and much more. Any Kaspersky product you take, it comes with certain default features that are not available in SentinelOne. To get additional features, you need to switch from Core to Control and then to Complete versions. In my experience, it was fantastic and worked very well in my environment. I didn't face any issues, and I would still love to use this product if they had supported me in my case. Unfortunately, that didn't happen, and I was disappointed as I never expected to receive no support from Kaspersky.

I am affiliated with Kaspersky as a partner and reseller.

One of the most valuable aspects of Endpoint Detection and Response (EDR) solutions is their ability to detect and respond to spam and viruses in their early stages.

There are a few areas where I believe they could make some improvements. First, it would be beneficial if they could optimize the solution to be less resource-intensive, as it currently tends to put a heavy load on our machines and requires specialized servers for deployment. It is worth noting that they have made progress in this area, and the solution is now more manageable on standard server configurations. Enhancing user-friendliness should be a priority. Ideally, the interface should be intuitive enough that administrators and technical support teams don't require extensive training and can quickly adapt to using the solution independently. I must acknowledge that Kaspersky EDR already offers a robust set of features, especially in terms of threat detection and endpoint protection. 

I have been working with it for fourteen years.

Kaspersky offers two types of support. The standard support, which is included with the product purchase, tends to have longer response times for issue resolution. If you opt for their premium support, they provide prompt and effective assistance, ensuring quicker problem resolution.

I would say that their pricing is generally competitive and attractive. While the initial purchase cost for EDR may be relatively higher, particularly due to its advanced capabilities, it remains a cost-effective choice when compared to other established products in the same category.

I would rate it eight out of ten because there's always room for improvement in any product or service.

Kaspersky Endpoint provides multiple features. For example, it offers encryption, protection against targeted attacks, behavior and ML analysis, and multiple policies are available in Kaspersky. We recommend Kaspersky the most in Pakistan. Its advanced EDR features provide additional capabilities in endpoint security, including complete visibility of the quarantine system.

Kaspersky EDR gives complete path visibility of file location. It's allowed to contain the file in the same place. It does not spread the file to other locations or another system.

Kaspersky needs improvement in communication between the network and endpoint, as well as between endpoint and server. Sensors often fail to listen to the server due to communication issues resulting in multiple hurdles. Kaspersky needs to prioritize addressing this communication issue. While Kaspersky provides all the necessary functionality, there's room for improvement. Kaspersky should consider adding features to allow us to create use cases in the Sky console. If analytics don't detect anything in the Kaspersky console, the alerts must be configured in Kaspersky Sky so that they trigger when an attack is performed. This would make it easier for us to find any threats.

I have been using Kaspersky Endpoint Detection and Response for two years.

The product is stable. Some issues with certain parts and connectivity are still unresolved.

We do not face any downtime. To update the license, we remove the previous license and apply the new one. If we fail to remove it, there's an option in Kaspersky called the reserve fee. You can add the reserve and use it to apply for the new license. Once the actual license expires, your reserve is automatically converted.

You need more licenses to install the new sensors. Once you receive the license, enter it into your console, and you can use multiple sensors according to your license.

When you purchase Kaspersky, you can choose to buy the ticketing solution, opt for proper support for the response service, or both options. Otherwise, the response time will be between four to eight hours.

Neutral

Kaspersky Endpoint Detection and Response outperforms Symantec in several aspects. Unlike Symantec, Kaspersky offers a single console for managing both media and endpoints. Additionally, Kaspersky provides encryption features, whereas Symantec lacks encryption capabilities in its Endpoint solution. Kaspersky offers more visible and comprehensive features compared to other products.

The initial setup is easy and takes around one or two hours to complete. We have to download our packages.

Overall, I rate the solution an eight out of ten.

We've deployed the client at the user’s end. We provide software security.

The advanced detection features are valuable. The solution provides reports on users and their devices. We get to know whether the devices are infected. The tool has saved us time and resources. Otherwise, we have to check every PC for viruses.

Many viruses change algorithms. The product does not detect zero-day threats. Kaspersky must provide zero-day threat detection. The product must provide a detailed status of the users and their activity on the devices.

I have been using the solution for more than a year.

The tool is stable.

We have 40 to 50 clients that use the solution.

The solution is deployed on my Windows Server 2019. The initial installation is easy.

The product is cheap.

My recommendation will depend on the number of users and the features other competitors offer. We are partners. Overall, I rate the tool a seven out of ten.

My company uses the EDR functionalities of Kaspersky, which are not related to application security. Kaspersky Endpoint Detection and Response is useful for environment scanning and can be deployed on a server to scan for viruses, malware, and hardware. We also use the product for EDR integration with the SIEM solution and get logs from each device.

The most valuable feature of the solution is its centralization capability allowing everything to be done from one device, including deployment, and integrating with the domain controller to do further deployments.

There are certain shortcomings with the UI of the solution. The UI is not at all user-friendly. The product should have an easier UI.

I have experience with Kaspersky Endpoint Detection and Response for two years. I use Kaspersky Endpoint Detection and Response Version 13.

It is a stable solution.

It is a very scalable solution.

The product is used by 2,500 employees in my company.

The product is extensively used in my companies since it is very good.

We can plan to increase the number of users in our company since it is a very scalable product.

The solution's technical support is very helpful and responsive. The documentation of the product also helps a lot.

Five years ago, I used Malwarebytes.

Considering the use cases of Malwarebytes, it was used to protect two servers from ransomware. During the time when we were using Malwarebytes in my previous company, the best solution on Gartner was GravityZone. At my previous company, we chose GravityZone to protect our two servers in a small environment with around 50 employees. Due to the aforementioned reasons, there was a requirement for a small business solution. Kaspersky Endpoint Detection and Response is the best for large environments.

The initial setup of the product is complicated and requires more work and effort from the system administrator. The product should provide domain controller admin access to allow for the maintenance of the network. Every issue we face in Kaspersky Endpoint Detection and Response relates to network and system administrators.

The solution is deployed on-premises.

Steps for the deployment should be followed to configure the network and ensure that all devices are accessible on the network or the same subnet while ensuring that there are no DMZs.

Though the product is not user-friendly, I was involved in the implementation process since I am an integrator.

Yearly payments are to be made toward the licensing costs of the solution.

To those planning to use the solution, I can say that it provides various specific customization and offers many shields for protection, because of which there is a need to be specific about the resources you want to save.

If you have a SIEM solution, then you should be specific when integrating Kaspersky with that SIEM solution and the best logs.

The product is not friendly, and it's not for end users. The product is meant for engineers and security engineers owing to its complex nature.

I rate the overall tool a ten out of ten.

We use the solution to gather information on how endpoints behave and any events happening. If there's any suspicious activity on a machine, it alerts us. For investigating specific devices, we can refer back to the EDR.

The product is integrated with endpoint protection. We don't have to implement a separate technology. It provides visibility over the endpoints. 

Kaspersky Endpoint Detection and Response needs vast resources on the central node. Not all maintenance tasks are in the GUI, so we often use commands. The lack of documentation for these processes means we frequently reach out to support, open tickets, and run complex CLI commands. It's not the most straightforward process. It should also improve stability. 

I have been working with the product for three years. 

Kaspersky Endpoint Detection and Response is scalable. We have two admins using it. 

Even when we raise a support ticket, the engineers often don't provide direct answers. We have to dig into R&D and experiment; getting a resolution for a support ticket takes time.

Neutral

The tool's deployment was straightforward. It took a week to deploy. 

The tool's pricing is reasonable. 

I rate the product a six out of ten. 

It allows me to selectively block certain websites for personal reasons, and I can control the usage of USB drives when connecting external devices to safeguard my computer. Additionally, I have the ability to manage other network devices for enhanced security.

It downloads essential security patches that are valuable for my PC. This is particularly useful as Windows doesn't always automatically update immediately.

Incorporating an AI protection tool with the capability to detect and prevent zero-day threats, particularly those with a five-star rating in terms of severity would be beneficial.

I have been working with it for six months.

It provides excellent stability.

The current scalability is insufficient for my needs on my PC. I personally manage HTTP, but it lacks the necessary capability. I believe an upgrade is required.

I previously utilized Sophos XDR, but I transitioned to Kaspersky as it offers a more cost-effective solution. I also used ESET, but it didn't meet my requirements.

The initial setup is straightforward and user-friendly.

The deployment process takes approximately thirty minutes.

In terms of return on investment, I saved money by protecting my laptops, as universal ransomware poses the most significant threat, and the chosen solution effectively mitigates this risk.

The pricing falls within the average range.

Overall, I would rate it eight out of ten.

Kaspersky EDR has been beneficial for our organization, enhancing threat detection and response capabilities. It helps identify issues such as malware detection, unauthorized downloads, and inappropriate user permissions, enabling swift action to mitigate risks.

Kaspersky EDR offers automated response capabilities, enhancing efficiency by enabling quick investigation and response to potential threats on Android devices. It streamlines the process by automatically checking and responding to security issues, potentially improving effectiveness and reducing the need for manual intervention.

Kaspersky EDR could be improved by adding network detection capabilities to enhance convenience and security. Detecting and responding to network protocol issues, such as phishing emails or malicious downloads, can be challenging, but integrating network monitoring into EDR tools could significantly improve overall network security.

Overall, I'm satisfied with the price of Kaspersky EDR. It is widely used among our peers and has been effective in detecting and mitigating malware and ransomware threats. However, I have noticed that other EDR tools like Palo Alto EDR offer more advanced AI capabilities and broader threat coverage.

Kaspersky EDR enhances response capabilities by capturing malware or problematic websites on endpoints and providing alerts for quick action to resolve issues.

Kaspersky EDR offers features for threat hunting and vulnerability scanning on endpoints. It identifies unapplied security patches and provides a reporting tool for managing patch deployments efficiently.

Kaspersky EDR offers good integration capabilities, particularly with services like Office 365, which is beneficial for our organization. However, there might be some limitations when integrating with other tools such as NetSuite and Monday.com. Improving integration with tools like SolarWinds could enhance overall cybersecurity management. Looking ahead, prioritizing integration with cloud services would be advantageous as organizations increasingly rely on cloud-based solutions.

I would recommend Kaspersky EDR, especially for organizations operating in the China market. It is a convenient tool that provides effective security solutions, particularly helpful in addressing firewall issues commonly faced in the Chinese market. However, for companies outside of China not facing similar market restrictions, it might be good to consider other solutions as well.

Overall, I would rate Kaspersky EDR as a seven out of ten. It is a useful choice for our organization, although not perfect. It requires a certain skill set to manage security nodes effectively. However, it is relatively easy to use compared to other EDR tools, making it a safer option for less experienced users.