Kaspersky Endpoint Detection and Response Reviews

It's our primary, go-to product for email security. It covers our inbound and outbound mail. If somebody clicks on a bad link inside your company, it will automatically stop them from using that email to spread the rest of the phishing attempts. It checks outbound emails, not just inbound.

The solution is deployed on the cloud.

There are about 12 users in my organization. 

If we get a new employee, we'll buy another license. Otherwise, we don't have plans to increase usage. It scales with the amount of staff that we have.

It doesn't matter from where you log in, you're going to go through the Barracuda gateway. It will protect and filter any incoming mail. There's also a sandboxing feature. If Barracuda picks up something that's a little bit fishy, it will detonate it in the sandbox.

If it's not malicious, it'll pass it on. If it is malicious, it'll just quarantine it. The nice thing is that sometimes Barracuda doesn't know if the mail is good or bad for you. It gives you the option to allow delivery or to block delivery of that particular kind of mail.

If someone is trying to send you mail but is being blocked by your gateway, you can go into your Barracuda portal, see the last mail that came in, and you can choose from different options: allow/don't allow, deliver, once only, block user, or whatever the case may be.

In some cases, we can also restrict it, but only the admin can do that. If you have a problem and one of your clients can't send you mail, you need to contact the admin IT manager and tell them that you're expecting mail from a certain email address but you've been blocked. He will then allow the delivery of that. It gives you control over what gets delivered to your end users from an IT manager's point of view.

Encryption is the most valuable feature. It creates an encryption tunnel from your location to the delivery address. It's like a tunnel that can't be broken so that your mail can't be intercepted anywhere along the line. When you're using Barracuda as a gateway, your mail is guaranteed to be delivered as it was sent.

The other nice thing about the solution is that it's an archiver, which most companies need for compliance.

For e-discovery, a lot of legal companies need certain documents and for emails to be kept intact as they were sent. It acts as a paper trail.

It's pretty stable. It's older than Mimecast. The management tool is web-based, so it's also convenient.

It's managed on Barracuda Cloud Control. It covers spam, email viruses, email malware, phishing, undelivered mail, unsecured emails, and denial of service attacks. It's agentless and because it's an all-in-one product, it covers basically everything.

I would rate the scalability as 10 out of 10.

The difficulty of setup will depend on the number of users. It's scalable with the amount of users that you have. Setup with 1,000 users will obviously take longer than 10 users.

There is a labor cost involved in implementation. It takes about seven hours to deploy. There are a lot of different aspects involved in setup. It's not a simple implementation.

Once implemented, it's easy to maintain. Once the setup is done, it's fairly easy.

If you've given all your users rights, they can decide what mail comes through what doesn't. This makes an IT manager's job a lot easier. If you've kept the retention and everything needs to come through the admin or IT office but you send the alerts to the customer, then it's going to be pretty intensive depending on how many users you have.

The solution isn't the cheapest considering what you get. I would rate the pricing as seven out of ten.

The cost depends on what features you want. If you want to add advanced email security and compliance, advanced threat protection, cloud archiving services, and data loss protection, then there will be an additional cost.

I would rate the solution as nine out of ten. 

I would recommend complete compliance for most customers because it offers you email security services. It provides inbound and outbound scanning, blocking, and sandboxing.

It gives you data loss protection, encryption, and link and typosquatting protection. It also gives you advanced threat protection and cloud archiving services. That is all-in-one email protection.

Clients are using this product to protect their desktops and laptops and to respond adequately when some vulnerabilities are detected as exploited.

We like the automated change of policies, given some scenarios. It is wonderful. You can rely upon your automated policies being activated if you need to. If you are under attack, or maybe some ransomware is spreading across your network, and you want your endpoints to become more secure given that threat, you get good protection. It's maybe the most important feature of Kaspersky Endpoint Detection and Response.

It's easy to set up. 

The solution is scalable.

It's easy to manage and monitor the endpoints. 

I would like better integration with other products. For example, I would like to have another view in SolarWinds or Datadog. Integration is not easy. I'd like it to be simplified. 

We do not need any additional features. 

The business plan maybe could be improved. They need to change the way they sell the product. They could be better friends with their partners. A partner is not somebody who sells this product. It is usually somebody who manages this product for the end user or the end company that is predicting the assets. The role that a partner plays in this interaction is very important. They need to work to build that relationship to benefit the solution and the client. They should also offer better margins.

We've been dealing with the solution since 2019. It's been around three years. 

It is a very stable solution. The most important thing about stability is not if the product runs or stops running, it is the time window you need to be prepared for new threats. They offer good protection, which makes the product very stable. Kaspersky's usually the first in distributing the indicators of compromise of the newest threats.

The solution can scale well.  It is easy to deploy and manage a large number of endpoints running just a few tasks. You are very aware of what is happening with the threats in your institution. There's a lot of visibility.

Technical support can be improved. When you need support, when you call for support, and you present the evidence in a ticket, they always come back with more questions. They ask you for more evidence, and you have to go and collect it. You get to a point where you want to say, "Oh, just forget it, I don't need more support from you. You always ask me for more, more, more data." 

I would like to see a solution. I don't want to do all of this legwork and not get any help. 

Neutral

The console is very easy. The deployment is easy as well. If you have an active directory or something like that, or if you have previously installed the Kaspersky network agent, it's quite simple. If not, even if you don't have any of those, maybe if you have some software policy to deploy over your assets, it should also be easy. Otherwise, you have to go endpoint by endpoint running the agents. That can take time.

The maintenance is pretty straightforward. If I have 5,000 endpoints, I need one engineer to handle the console installation for, maybe a week's worth of work. The endpoints could take two or three people to deploy in the company. If you can centralize the deployment, it will only take two or three days for one engineer to handle the setup.

I don't have any details in regard to ROI. 

We are a partner of Kaspersky.

We always work with the latest version of the solution.

It's a wonderful product if you have a proper partner to handle it. If you let the product run by itself, by itself, it won't protect you. You need someone on this product with a hand on it every day, checking policies and seeing how it works. That's the only way to be protected from threats.

I'd rate the solution nine out of ten. 

Our company uses the solution for endpoint detection. We started with the cloud service but our experience was not very positive so we moved to the on-premises solution. 

The detection engine running on endpoints works very well and provides a good protection level. We had several infection attempts but all were captured and blocked by the solution with no ransomware or malware running wild in our network.

The SD engine is very powerful and profound. 

The solution can integrate with external SIM solutions or external SOCs like CrowdStrike or Microsoft Defender.  

The interfacing for remote endpoints could be improved because it does not work very smoothly. 

It is not easy to follow the kill chain of a potential infection or malware. We would like to be able to roll back and analyze all the steps in the chain. 

The on-premises solution is not fully aligned with the web-based option that includes a feature-rich interface. For example, you can analyze better on the web console than with the on-premises management console. 

It is complex to implement remote endpoints for visitors who have devices that are outside the control of your network but are on-premises. The solution did not even offer this until recently but instead provided an additional solution for integrating the functionality. The solution needs to focus on providing a completely cloud-based solution like CrowdStrike, SentinelOne, and Microsoft Defender.

The solution still works on the old signature-based antivirus format but modern options like CrowdStrike, SentinelOne, and Microsoft Defender are behavioral analysis tools that are completely signature-less. The solution is losing customers because it has not reacted quickly enough to the modern format. 

I have been using the solution for three years. 

The solution is stable. We had a couple of issues with the SD engine failing which caused users to experience a lowering of endpoint service. 

The solution is a very mature product and not a new player like CrowdStrike. Features have been added on a rather old engine or structure that runs on 32 bits. 

If you have a 64-bit operating system like the newer Windows, you need an engine aligned with this architecture. 

We have 150 endpoints so have not reached a level where we need to scale up. The next level is at 500 or 1,000 endpoints. 

We are lucky to have direct access with Kaspersky. 

We opened tickets with support a couple of times and their reactiveness was fine but not first level. 

Neutral

I had prior experience with the solution so setup was easy because the management console has not changed much over the years. 

In general, the initial setup is a bit cumbersome. You can start easily but might need help creating different profiles, accessing old features, or realizing the solution's full potential. 

It is useful to have guidance from a business partner or the vendor directly. In our case, we were lucky to have support from the vendor. 

We worked with the vendor for our implementation. 

Ongoing maintenance is easily managed by two technicians. 

The solution is worth its cost so I rate pricing a ten out of ten. 

We did a comparison before provisioning the solution, but it was not profound. We needed to move from our prior solution due to regulatory issues and constraints so had to make a quick decision. 

We are currently evaluating other options, not from a technical point of view but because of the war. Companies in Ukraine have constraints that are forcing us to move from Russian software providers. 

I rate the solution a six out of ten. 

We use Kaspersky Endpoint Detection and Response for threat protection.

Kaspersky Endpoint Detection and Response has helped our company in many ways. Since we have been using this solution has have not had issues compared to other solutions we have used.

The most valuable features of Kaspersky Endpoint Detection and Response are all the features. The features have all helped us and most recently malware has been an issue in our company and malware protection has been effective. 

Kaspersky Endpoint Detection and Response should continue to improve its protection while adapting to the changing threat ecosystems. Having more advanced features would be a benefit.

I have been using Kaspersky Endpoint Detection and Response for approximately four years.

The stability of Kaspersky Endpoint Detection and Response is good.

Kaspersky Endpoint Detection and Response is scalable.

We have approximately 250 end-user accounts with ten servers using this solution. we have a combination of people using the solutions, such as IT specialists, business users, operation staff, marketing personnel, marketing team, compliance officers, finance, and general IT personnel.

Next year, we will look at the number of new users, and what's required for the company. The company is in the process of improving the business, opening more and more branches in Ireland. There are another 30 to 40 users to be added to the package in the future.

The support we are receiving from Kaspersky Endpoint Detection and Response has been very good.

We were previously using ESET Antivirus and we were having a lot of problems. Since we migrated to Kaspersky Endpoint Detection and Response we have been protected very well.

Kaspersky Endpoint Detection and Response has a simple setup. We deployed the solution in approximately one day.

We have a separate server receiving day-to-day, updates and patches. Then we have in Ireland, a branch network where it is connected. We have an agent server that is connected to the main server. From the main server, it pushes the day-to-day update to the particular agent server. From the agent server, it will push to the endpoint user devices.

We used a vendor support team of two people and our IT team of two for the implementation of the solution.

I have not quantified the ROI. However, I was using another solution previously with a potential for user data loss and now I do not experience this. We have been clean since we have been using Kaspersky Endpoint Detection and Response and in this sense, we have received a return on investment benefit.

There is an annual license to use Kaspersky Endpoint Detection and Response. The price overall is a bit expensive when compared to other solutions. There are not any additional fees other than the license.

I rate the price of Kaspersky Endpoint Detection and Response a three out of five.

We did evaluate other solutions before choosing Kaspersky Endpoint Detection and Response.

I would recommend others to use this solution.

I rate Kaspersky Endpoint Detection and Response an eight out of ten.

I cannot give a security solution a ten out of ten because the threat stage is always changing and the protection could fail at any time. There is always room for improvement.

We primarily use the solution for endpoint protection. 

In the software that I use at Kaspersky, we have some options that we made to our client LiDAR for the block patching, and we can close the high chain. 

The endpoint protection can update the patching from this server directly to the client, and every employee. 

The performance for Kaspersky is good, and it's not impacted our client performance.

It offers good blocking capabilities.

The upper patching is excellent.

We have some problems with LiDAR. When we do the install, or reinstall the server console, or server endpoint protection, I don't know why we need to reinstall it. 

Even though we installed, or did a new install for the server endpoint protection features, we use some small PDO or some patching to upgrade it in the employee protection clients if that's in.

I need a local expert. I'm looking for more experts to be able to apply it to certain solutions that we understand already. In order to meet our requirements, we need more experts. 

There are some cases that take three days to deal with. It's too long.

I've used the solution for as long as I've been at the company - about one year. 

While the client is stable, for the console management, we have some problems with LiDAR. Sometimes, we installed it and had a problem and we need to reinstall it. In the last hour, the client can not do the configuration yet we need to add clients into the platform.

We don't find it to have enough space.

We have below 100 people on the solution.

Technical support is not too bad. I can say that it is in the middle of the road. They can be slow to respond.

Neutral

The initial setup is very straightforward. 

We used either an integrator or consultant. We had help from a third party and didn't handle the entire implementation ourselves. 

The pricing is good. I'd rate it four out of five in terms of affordability.

We did compare Kaspersky EDR with other software vendors.

I'm a customer and end-user.

I would rate the solution a seven out of ten. If we had more local expertise and better support, it would be better.

Kaspersky EDR is a targeted solution that collects telemetry and forensics data as well as end-to-end IoCs. It does not use any signatures.

The most valuable feature of Kaspersky EDR is its simplicity. The console is easy to use and not very complex.

Kaspersky EDR currently has limited OS support. They only focus on Windows Server and Windows. Kaspersky recently released a Linux version, but it's rudimentary. It does not have any advanced features available on Windows platforms. They should increase their footprint on the Linux side and support other operating systems on the market, like MacOS.

I have been using Kaspersky EDR for about four or five years.

Performance is one area where Kaspersky has room for improvement. The solution must be fast when it's acquiring telemetry data because the attack surface is unforgiving. The solution must be extremely fast with a high response time.

Kaspersky is scalable, but it lacks built-in high availability and disaster recovery. Currently, you need a third-party solution to provide high availability.

I rate Kaspersky support eight out of 10. We have never had any serious issues with their support. They take some time to respond, but they always provide the best solution.  

Positive

Setting up Kaspersky isn't straightforward, but their guide is good. The documentation is fairly well-defined, so we just need to follow that. At the same time, it isn't easy because sometimes there are errors. I rate Kaspersky EDR six out of 10 for ease of installation.

The license is competitive. Pricing is another Kaspersky advantage.

There is a lot of competition in the EDR category. As resellers in the industry for so long, we're aware of the various products to choose from. Kaspersky's strong point is detection. They have a huge threat intelligence and R&D team. Their threat detection is among the industry's best. Their products are generally effective in guessing attacks or detecting different types of unknown malicious techniques.  They also have a great sandbox with their EDR solution.

Their weakness is performance, but detection is one of the best in the industry, if not the best. Kaspersky is always at the top of any third-party analysis of EDR products.

I rate Kaspersky Endpoint Detection and Response eight out of 10. 

We use Kaspersky for our cash machines, 200 of which we have around the country. We use it to control the USB ports so nobody can use them without authorization from the owner. 

Currently, we implementing a new use case concerning our response when we get an alert.

In the past year, many banks have seen cases of ATM looting. We wanted to prevent that, which is why we implemented Kaspersky Endpoint Detection and Response. We are a bank and we haven't had any issues like the orders. Kaspersky helped us a lot. It helped up prevent unauthorized USB port usage. 

I would like to integrate Kaspersky with my Log Collector SIEM. Right now that's not possible. 

Kaspersky Endpoint Detection and Response could also introduce a way to make working in teams more accessible. At the same time, it would be interesting to see them explore artificial intelligence solutions. 

I have been using this solution for two years. 

My impression of the stability of this solution is good. We have not had any issues with stability. 

We have not had any performance issues and our board really likes the solution. Our facility and technical support teams use this solution as they manage the cash machines. 

I think they are good and we haven't had any problems with them. We haven't had any critical issues that would have required us to call the US technical support of US; we have only been in touch with local technical support.

We previously used Sophos, Crowdstrike, and Microsoft Defender. The most important reason we transitioned to Kaspersky is the agent that is installed in the end points on the cash machine. The Kaspersky agent is really soft. With the others, we noticed that their agents would stop, so that made a big difference.

We used three or four people to deploy and maintain the solution. 

Our current monthly costs are $1,000. 

You have to be really informed about the process of using this tool before deploying. With our use case with the cash machines, for example, implementing the white list could have been really hard work for us if we had not had previous experience with it.

We are Kaspersky partners and I'm an endpoint specialist. 

The major features I really like are behavior detection and the firmware scanner. The solution also has great threat prevention. Machine learning is also very good as is the real-time protection. The best thing is you can also get a vulnerability report. There are a couple of other features EDR has that are not available in other solutions and that includes the system-level device for controlling the UI which enables control of applications at the location level. There is also the IoC scanner that Symantec doesn't have. Finally, the threat intelligence portal gives me global visibility into threats and their interconnections which is great. 

The one thing Symantec has that EDR lacks is device control. I think Kaspersky has to increase its features when it comes to antivirus control. I'd like to see an increase in the 30-day retention period. 

I've been using this particular solution for 3 years but have used other Kaspersky solutions for over 15 years. 

The solution is stable. 

The scalability is good. Scaling is a matter of creating a new server and replicating all the data. It's not a big issue to do the migration or to upgrade hardware. We currently have around 20,000 users with that number increasing every day. 

The technical support is really bad. They have three models of support and if you have the regular level of support, it can take days to get a response. It forces you to pay extra to get premium support, and then you hear from them within two hours. 

The initial setup is straightforward. If you're deploying for customers then the deployment time will depend on the size of the organization and the level of preparation that has been done in advance. If you have 10,000 users, deployment will take about a day if everything is ready.  

Licensing costs are very reasonable. This is not an expensive solution. 

There are some features lacking in this solution and if I compare it with CrowdStrike or Microsoft, they are both better solutions than Kaspersky. I rate this solution eight out of 10.