Advanced EDR test 2024: Kaspersky Endpoint Detection and Response Expert
AV-TEST conducted a comprehensive evaluation of Kaspersky Endpoint Detection and Response Expert from December 2023 to March 2024. The evaluation focused on the effectiveness of the EDR component in detecting and neutralizing threats commonly associated with sophisticated actor groups known for advanced persistent threats (APTs). The evaluation included detailed test scenarios simulating two different attack patterns, each representing a wide range of tactics and techniques typically used by advanced attackers.
Scenario 1 - APT18-like cyber espionage:
In this scenario, the system's resilience was tested against a well-coordinated attack by APT18, a group known for its sophisticated cyber espionage operations. The test recreated the group's known behaviors, such as spear phishing, system discovery, data collection and obfuscation methods. The main objective was to evaluate the product's ability to detect, respond to and mitigate sophisticated attack vectors to gain insight into corporate cybersecurity defenses.
In Scenario 1, Kaspersky Endpoint Detection and Response Expert demonstrated robust detection and blocking capabilities by successfully identifying and neutralizing all techniques across multiple attack stages. The product's effective monitoring and detection capabilities proved critical in defending against sophisticated cyber threats.
Kaspersky excelled in the quality of detection, providing detailed and actionable insights at every step. It was able to effectively categorize the techniques and provide comprehensive insight into the tactics and techniques of the attack. This performance underlines Kaspersky Endpoint Detection and Response Expert's ability to deal with complex cyber espionage attempts.
Scenario 2 - Mixed tactics similar to TA577, Turla and FIN6:
The second scenario mimicked the operational tactics of various notorious groups, including TA577, Turla and FIN6, and featured a complex mix of phishing, data manipulation and lateral movement techniques. The goal of this test was to evaluate the system's defenses against multi-layered and advanced threats designed to steal sensitive information and establish a long-term presence on the network.
Scenario 2 included a range of techniques. Kaspersky Endpoint Detection and Response Expert successfully detected and blocked all of these techniques, demonstrating its ability to adapt to different threat behaviors and effectively combat a wide range of cyber threats. The product's response to these scenarios confirmed its ability to protect systems from sophisticated and diverse attacks.
The overall performance of Kaspersky Endpoint Detection and Response Expert in both scenarios was impressive. The consistently high quality of detections and the blocking of all tactics and techniques underline the product's potential to protect organizations from evolving and complex cyber threats.
Based on the observed results, Kaspersky Endpoint Detection and Response Expert qualifies for the prestigious AV-TEST Approved Advanced Endpoint Detection and Response certification, which recognizes the product as a reliable and effective solution in the field of cyber security.