Products

Kaspersky Next XDR Expert: Optimal XDR solution for enterprise security

Kaspersky Next XDR Expert integrates seamlessly with existing security measures, optimizing your security infrastructure effectiveness and enhancing threat detection capabilities with automated response and real-time visibility. This solution provides deep insights into evolving cyber threats targeting your enterprise, with a flexible architecture that can easily scale to meet your needs and ensure continuous protection for critical assets. Kaspersky XDR's superior security measures, including advanced threat detection and automated response, deliver the optimal solution to protect your organization's digital assets - now and in the future.

Kaspersky Next XDR Expert is the most premium product suite in the Kaspersky Next product line, equipped with the most advanced technologies available today and providing comprehensive security visibility for organizations and enterprises.

1.1.   Key features of Kaspersky Next XDR

• Incident management: Effective incident management helps SOC Teams enhance their ability to detect, investigate, and classify alerts, and improve the incident investigation process for coordinated response
  • Consolidate multiple alerts from different sources into a single incident.
  • Improve the quality of original alerts to generate more accurate detections.
  • Orchestrate response across different security products.
• Automation and orchestration
  • Establish automated response workflows for events, thereby freeing up time and budget to focus on higher-priority events.
  • Build team workflows during incident handling processes.

• Kaspersky Investigate Graph: A visualization tool for detecting hidden threats, this tool allows customers to navigate easily to identify root causes and access necessary information quickly
  • Utilize data on incidents, alerts, events, and EDR telemetry
  • Enrich information with context from Kaspersky Threat Intelligence. This helps save time and supports building an effective Cyber Kill Chain.

• Log Management & datalake: enables collecting data from multiple sources and real-time analysis to quickly detect incidents
• Threat detection and cross-correlation: aggregates findings and alerts from all sources into the log management component described earlier, enabling near real-time correlation through built-in and custom rules to detect attacks and threats.
• Asset management: provides a centralized asset inventory along with vulnerability assessment and prioritization capabilities. It helps security teams have a comprehensive view of their entire asset system, including endpoints, servers, and network devices. This component allows asset classification based on detailed information such as hardware, operating system, installed software, and network information (IP, MAC, etc.).
  • These classifications help accelerate incident response by highlighting incidents related to the most critical assets.
  • Classification information can be used in the correlation process to refine detection rules and reduce false alarms.
• Dashboards and reports: alert security teams by aggregating widgets from other components of Kaspersky XDR. Security teams can visualize and analyze data from multiple sources, helping make informed decisions and proactively respond to emerging threats.
• Deployment toolkit: Simplifies product deployment, upgrades, and support for its components. The deployment toolkit includes platform services and command-line interface (CLI)-based utilities
• Integration with Kaspersky products: Ensures smooth and seamless connectivity with products such as Kaspersky Endpoint Security (KES), Kaspersky EDR Expert (KEDR Expert), Kaspersky Anti Targeted Attack (KATA), Kaspersky Threat Intelligence (CTI), and Kaspersky Automated Security Awareness Platform (KASAP). Other integrations, such as SASE (FWaaS), KICS, and KSMG, are expected to be added in the future
• Integration capability with 3rd party tools: Kaspersky XDR stands out with seamless coordination capability with various systems and products
  • Data collection: Collect logs and remote monitoring information from various sources, including operating systems, applications, and third-party EDR solutions. With over 200 ready-made connections
  • Response and information enrichment: Integrate playbooks to execute responses across third-party solutions such as NGFW, NDR, EDR and DLP
  • Open API: Provides documented API allowing customers and integrators to implement custom integration scenarios. This API supports various integration use cases, facilitating seamless communication and data exchange

1.2.   Kaspersky Next XDR Expert Architecture

Kaspersky Next XDR Expert includes the following main components:

• Open Single Management Platform (OSMP) - The technology platform on which Kaspersky Next XDR Expert is built. OSMP integrates all solution components and provides interaction between components. OSMP is scalable and supports integration with both Kaspersky applications and third-party solutions.
• OSMP Console - Provides a web interface for OSMP.
• KUMA Console - Provides web interface for Kaspersky Unified Monitoring and Analysis Platform (KUMA).
• KUMA Core - The central component of KUMA. KUMA receives, processes, and stores information security events, then analyzes events using correlation rules. As a result of the analysis process, if the correlation rule conditions are met, KUMA will generate alerts and send them to the Incident Response Platform.
• Incident Response Platform - A component of Kaspersky Next XDR Expert that allows you to create incidents automatically or manually, manage alert and incident lifecycle, assign alerts and incidents to SOC analysts and respond to incidents automatically or manually, including response through playbooks.
• Administration Server (also called Server) - The main component of the customer organization's endpoint protection. Administration Server provides centralized deployment and management of endpoint protection through EPP applications and allows you to monitor endpoint protection status.
• Data Source - Information security hardware and software generate events. After you integrate Kaspersky Next XDR Expert with necessary data sources, KUMA will receive events to store and analyze them.
• Integration - Kaspersky applications and third-party solutions are integrated with OSMP. Through integrated solutions, SOC analysts can enrich the data needed to investigate incidents, then respond to incidents.

1.3.   Recommendations

Kaspersky Next XDR Expert solution is a product suite that provides deep insights into evolving cyber threats targeting your enterprise, with a flexible architecture that can easily scale to meet the needs of large organizations and enterprises, ensuring continuous protection for critical assets.

Kaspersky XDR's superior security measures, including advanced threat detection and automated response, provide the optimal solution to protect your organization's digital assets - now and in the future.

  Sonic Technology Solutions Joint Stock Company – Official distributor of Kaspersky security solutions in the Vietnamese market.