Advanced EDR Test 2023: Kaspersky Endpoint Detection and Response Expert
AV-TEST conducted a rigorous assessment of Kaspersky Endpoint Detection and Response Expert (KEDRE) capabilities between November 2022 and January 2023. The evaluation was designed to measure the effectiveness of Kaspersky EDR Expert in identifying and thwarting malicious activities typically associated with advanced persistent threats (APTs). The study involved a series of red-team attacks simulated in two distinct detection scenarios, each encompassing various tactics and techniques that an attacker may employ.
Scenario 1 - Hafnium-Style Unauthorized Data Exfiltration: Assess your network's readiness against a simulated cyber threat inspired by Hafnium, a notorious state-sponsored actor. This scenario replicates Hafnium's tactics, involving spear-phishing, lateral movement, data exfiltration, and evasion techniques. It aims to evaluate product’s ability (KEDRE) ability to detect, respond to, and mitigate sophisticated attacks, providing valuable insights into your cybersecurity resilience.
Scenario 2 - Lazarus-Style Unauthorized Data Access and Lateral Movement: Evaluate your system's defenses against a simulated cyber threat reminiscent of the Lazarus group, a nation-state-sponsored threat actor known for advanced attacks. This scenario involves phishing, data collection, payload execution, privilege escalation, data exfiltration, mirroring Lazarus's tactics. It assesses your system's security posture and incident response capabilities against sophisticated threats, helping you identify vulnerabilities and enhance your defenses.
Kaspersky demonstrated exceptional coverage in Scenario 1, detecting all 29 techniques proficiently across 14 steps, reaffirming its robust monitoring and detection capabilities. The quality of detection exhibited variation, with telemetry detections for 11 techniques, general detections for another 11, and noteworthy tactic and technique detections for 7. These comprehensive findings provide valuable insights into Kaspersky's detection strengths and areas for improvement in this scenario.
In Scenario 2, inspired by the Lazarus group, Kaspersky exhibited commendable coverage, successfully detecting 29 out of 30 techniques across 5 steps. The single missed detection pertained to "Exfiltration over the C2 Channel (T1041)." Kaspersky's strong coverage underscores its ability to monitor and detect a significant majority of techniques employed, reaffirming its robust defense against a wide array of cyber threats.
Kaspersky's quality of detection in Scenario 2 presented a mix of detection types. It achieved 6 tactic or technique detections, 5 general detections, and 18 telemetry detections, with a notable emphasis on tactic and technique detections. These enhanced insights into attacker tactics and techniques can significantly benefit organizations in developing effective threat mitigation strategies and responses.
Overall, Kaspersky's EDR solution demonstrated impressive coverage and offered valuable insights, enabling organizations to make informed decisions in enhancing their cybersecurity posture.
With the remarkable results obtained, the product is now eligible for the prestigious AV-TEST Approved Endpoint Detection and Response Certification, a testament to its exceptional capabilities and commitment to advanced cybersecurity.