Kaspersky Next EDR Expert Reviews

I use Kaspersky Endpoint Detection and Response Expert to enhance endpoint protection for Windows and Linux environments. This includes Windows Client and Windows Server, as well as many Linux distributions that this solution supports with endpoint protection capabilities.

Kaspersky Endpoint Detection and Response Expert provides excellent visibility into endpoint activities by giving a comprehensive log that includes all software and hardware inventory of the endpoint. It shows the real-time processes running in memory and also provides visibility on detected threats and the actions taken against them. I run a weekly full scan of the system so that if a malicious file is stored in the hard drive, Kaspersky Endpoint Detection and Response Expert detects it and either quarantines or deletes the infected file.

I have found the most valuable features of Kaspersky Endpoint Detection and Response Expert to be its ability to tackle the biggest challenges customers face when they have to mitigate any kind of a malware, ransomware attack, or online theft scenarios. The solution utilizes its HIPS, which is the host intrusion prevention system, behavior analytics system, and device control mechanism, making the antivirus capabilities of EDR quite strong. It is able to detect zero-day threats as well as historical or legacy malware, providing protection against current threats in the market and legacy malware.

My opinion on the advanced threat detection algorithms in Kaspersky Endpoint Detection and Response Expert is that the ATP functionality is quite strong because it utilizes the behavioral analytics engine in the backend, which employs machine learning mechanisms to identify any kind of vulnerability or exploit running on the operating system level and the network level. If an attack is about to happen on the endpoint, it is able to protect over the network as well and checks for any illegitimate encryption activities.

The machine learning capability within Kaspersky Endpoint Detection and Response Expert has contributed to improving detection accuracy and reducing false positives in my environment by helping me identify malicious activity and differentiate between any malicious activity on the operating system level and on the network level. I have seen customers with in-house developed applications that have no public signatures available. Once I whitelist a particular application, it intelligently whitelists not only the executable but also all the dependent services required to run that application. Furthermore, Kaspersky Endpoint Detection and Response Expert has successfully blocked network-level attacks on the endpoint. For example, during a recent DoS attack aimed at choking the entire network, Kaspersky detected the attack, isolated the device in a sandbox network, and alerted my SOC team via email for corrective action, thereby proactively helping me detect and protect devices from malicious attacks.

I think Kaspersky Endpoint Detection and Response Expert could be improved or enhanced by integrating all its functionalities into a single application and a single agent. Currently, EDR is only one subset of their product lineup, which includes the Anti-Target system, email security, and different ATP products. A centralized dashboard is a primary requirement, as it would facilitate easier management without needing to install multiple agents, although Kaspersky allows centralized agent deployment and upgrades.

I have been working with Kaspersky Endpoint Detection and Response Expert for the last two years.

Regarding the stability and reliability of Kaspersky Endpoint Detection and Response Expert, I find it to be quite a stable platform. If customers are using the cloud platform, the backend architecture is managed by the Kaspersky team, allowing customers to focus on agent deployment and ensuring agents stay online for updates. For on-premise deployments, the server needs to be available 24/7 for endpoints to receive updates. The server configuration is not complicated, facilitating ease of deployment, and I have observed that customers using Kaspersky Endpoint Detection and Response Expert can manage environments with as few as 100 endpoints or as many as 5,000 endpoints very effectively.

I believe Kaspersky Endpoint Detection and Response Expert is scalable, as I can keep adding agents without hard limitations.

I do not often communicate with Kaspersky technical support, as I find all necessary technical support from Kaspersky's online knowledge base. In the last two to three years, I have only raised a query once regarding licensing. I have my own independent team for Kaspersky deployment and operational support, so I am not dependent on Kaspersky's backend technical support.

Neutral

Before Kaspersky Endpoint Detection and Response Expert, I worked with other technologies a long time ago, but for the last two to three years, I have been continuously working with Kaspersky Endpoint Detection and Response Expert.

My usual experience with the initial setup and deployment of Kaspersky Endpoint Detection and Response Expert is that Kaspersky provides two deployment types: through the SaaS portal or on-premise deployment. Generally, customers with more than 300 licenses can opt for the SaaS option, while those with less than 300 devices or certain compliance requirements can deploy it on-premise. The deployment is simple and takes about 30 minutes to 1 hour and 15 minutes. An important aspect is configuring the policies and deploying agents, which can be controlled centrally. Installing an agent in a Windows environment is straightforward since I can push it from the Kaspersky console, while Kaspersky requires manual deployment for Linux agents.

I find the pricing of Kaspersky Endpoint Detection and Response Expert to be competitive, as customers gain benefits when they switch from other EDR solutions like Trend Micro or Sophos.

I do not have any experience with Blade Servers, Cloud Access Security Brokers, or Vulnerability Management solutions, as I explored the available solutions to gather feedback. I have not actually worked on these solutions. However, if there is an option for the Arcserve UDP or otherwise for Kaspersky Endpoint Security, I can provide feedback on these two products.

Regarding Kaspersky Endpoint Detection and Response Expert tools such as Kaspersky Endpoint Detection and Response Expert and Kaspersky Anti Targeted Attack Platform, I have worked with EDR many times and can provide a review.

I am an integrator. My overall review rating for Kaspersky Endpoint Detection and Response Expert is 9 out of 10.

My usual use cases for Kaspersky Endpoint Detection and Response Expert involve detecting ransomware earlier and proactively addressing all ransomware and all threats.

The features I have found most valuable in Kaspersky Endpoint Detection and Response Expert are that it is the first line of defense for my organization. It already protects every single file from outbound traffic in my organization, checks every single mail and file by different methods like FTP files and cloud, and avoids any attacks that might impact my organization. It provides dashboards to my SOC team, allowing us to get alerts about any attacks in advance, and currently, we are working to add a new feature called Kaspersky XDR, which is the new release and advanced tool to complete the whole umbrella needed in my organization.

The advanced threat detection algorithms in Kaspersky Endpoint Detection and Response Expert are good, based on predefined scenarios using the built-in AI module. This tool also checks all user behavior, and it includes a machine learning tool that collects expertise related to every single user application. It detects everything based on this data, allowing us to whitelist some paths to avoid interruption of our services, while also analyzing every behavior in our organization.

The machine learning capability within Kaspersky Endpoint Detection and Response Expert is perfect and designed to improve detection accuracy while reducing false positives. It helps validate responses and automates every single action needed, and it also reduces false positive alerts by fine-tuning everything through detected activities while providing advice from expert teams at Kaspersky.

The visibility into endpoint activities from Kaspersky Endpoint Detection and Response Expert is excellent, as it provides alerting tools and dashboards shared with my SOC team. These dashboards give me visibility on multi-events, allowing for troubleshooting and root cause analysis, while also highlighting all risks in our organization and securing all devices effectively. Kaspersky Endpoint Detection and Response Expert will proactively prevent unexpected actions and alert admins to get justifications for any suspicious behavior.

There have been many improvements in Kaspersky Endpoint Detection and Response Expert over the years, and I believe the future releases will continue to enhance its capabilities. Kaspersky's secret algorithms and commitment to security have established it as a reliable solution for our organization, especially compared to other antivirus and EDR solutions.

The user interface of Kaspersky Endpoint Detection and Response Expert could be more intuitive, and I would appreciate more flexibility or optimization in certain aspects. Moreover, the achievement of merging the antivirus agent and EDR into one is anticipated for 2024 and 2025 to minimize impact on system performance and resource consumption.

I have been working with Kaspersky Endpoint Detection and Response Expert for three years now.

Kaspersky Endpoint Detection and Response Expert has been stable and reliable in detecting everything in my organization, with no impact on machine or server performance. It effectively detects new applications and requires whitelisting based on assessments discussed with the technical teams or vendors.

Kaspersky Endpoint Detection and Response Expert is very scalable, working with high availability techniques across three main data centers in my organization, and the failovers run smoothly without any human intervention when needed.

I have communicated with Kaspersky's technical support, and they have expert teams in my country. Since I am a platinum customer, we can discuss customized solutions for my organization, with the vendor implementing changes for free after working with Kaspersky for over seven years.

I rate the technical support from Kaspersky a 10, as they respond quickly with engineers joining the conversation within three to five minutes.

Positive

I did not participate in the initial setup or know what solutions were used before because this team was not under my umbrella until I was hired as the general manager three months ago.

Kaspersky Endpoint Detection and Response Expert's last release is version 6.2 or something similar.

I have used Kaspersky's customizable detection rules and policies. To customize rules and policies, we are asking the vendor and have local support for Kaspersky. We request all the use cases that help my organization, and they have large databases for different types of organizations such as financial sectors and telecom. We discuss these use cases with Kaspersky engineers and redefine them to fit our organization. If we validate any cases, we run proof of concepts live on my UET environment and production environment.

The pricing of Kaspersky Endpoint Detection and Response Expert is normal and worth it for my organization, which manages around 35,000 devices and 4,900 servers. The money versus value is perfect. I rate this review an 8 overall.

We have been using the Kaspersky Endpoint Detection and Response Expert cloud package, and we had been using Trend Micro's Deep Security for recommendation to our customers for their servers.

In our company, we have a small deployment of only 10 or 12 maximum users, but for our customers, it is around 50 plus users.

The most valuable features in Kaspersky Endpoint Detection and Response Expert are intrusion prevention, network monitoring, and firewall capabilities.

The analytics capabilities are good, as we have been using it for more than 10 plus years, approximately 15 years.

I would appreciate seeing some sort of utility feature that monitors and maintains the performance of the current system. Wherever it is installed, users could run a quick scan regarding the registry and other elements. If it were available to improve the performance, it would become a system utility as well.

I have been working with Kaspersky Endpoint Detection and Response Expert for almost more than a decade.

The initial setup is easy to use.

We haven't needed any technical support from Kaspersky Endpoint Detection and Response Expert as it is easy to configure, and assistance is readily available, enabling us to manage it ourselves.

I have been satisfied so far with the solution.

I haven't found any issues with this particular solution, and there's no room for improvement for Kaspersky Endpoint Detection and Response Expert.

I would generally recommend this product to both smaller and bigger companies, including small offices and the SMB section.

It is easy to use and easy to configure.

The pricing is nominal when we compare it with other solutions.

I would recommend Kaspersky Endpoint Detection and Response Expert to others. We recommend Kaspersky Endpoint Detection and Response Expert to all clients to whom we provide solutions, and for endpoint security, we usually choose Kaspersky Endpoint Detection and Response Expert exclusively.

Since we are comfortable with it and have been a partner of Kaspersky for more than 10 plus years, we recommend this as the best option on the market.

I would not recommend Kaspersky Endpoint Detection and Response Expert to those in custom software development. However, for clients to whom we are providing solutions and when we release our updates or apps to them, we always have security in place, and for their internal use, I recommend Kaspersky Endpoint Detection and Response Expert.

On a scale of 1-10, I rate this solution an 8.5.

I am a Systems Administrator at Alfa International Company Limited. We're an end-user of Kaspersky Endpoint Detection and Response Expert.

The product reviews of Kaspersky Endpoint Detection and Response Expert are very good. I was looking after that, and then we decided to go for this product. The product is strong enough and capable of handling the type of detections as protection and security. We are using the Endpoint Detection and Response solution, and all the features available in this solution are good enough to be considered a strong product.

The security side I am working in is part of my overall systems experience.

From my perspective, the local team and the support team of Kaspersky Endpoint Detection and Response Expert need to be more accurate and more responsible, because even the support from the remote side takes time to tackle the issues.

Compared to my previous product, Kaspersky Endpoint Detection and Response Expert is not up to the mark; it's below my rating.

As an EDR solution, it's still a new product that they have to work on to improve themselves.

I've been using this solution for two years.

From my perspective, the local team and the support team of Kaspersky Endpoint Detection and Response Expert need to be more accurate and more responsible, because even the support from the remote side takes time to tackle the issues.

Neutral

The earlier product which we were using allowed us to successfully integrate with other EDR solutions, but this is not supported.

It's on-prem, and the installation of Kaspersky Endpoint Detection and Response Expert was not straightforward compared to my previous installations with other products.

The deployment on the setup side, as with the installation, was not an easy task. The configuration was also a complex process.

It took almost one month for the deployment and configuration.

Compared to other products, the pricing for Kaspersky Endpoint Detection and Response Expert is almost the same, but we need to pay for the market.

I haven't used Kaspersky Incident Visualization. I don't use automated workflows with Kaspersky. On a scale of one to ten, I rate Kaspersky Endpoint Detection and Response Expert a seven out of ten.

Positive

I use the solution in my company mainly for endpoint protection and also for its XDR capabilities to deal with threat intelligence. It is used not only from the endpoint protection perspective but also from the threat intelligence aspect.

The solution's most valuable features are that it offers very strong encryption and acts as an antivirus product. It is one of the few antivirus tools that, once you discover a device remotely, you can install within the portal's central management.

I would say that Kaspersky is not too big in the cloud-related area. From an improvement perspective, it would be good if Kaspersky went big in the cloud since it would give the tool a fair chance to compete with other clouds.

I have been using Kaspersky Endpoint Detection and Response Expert for three years. The product has been used in my company for more than five years.

Stability-wise, I rate the solution a nine out of ten.

There are some basic issues in the product, some of which may not even be related to Kaspersky. The issues revolve around updates, integrations, and how the data center works.

Scalability-wise, I rate the solution a seven out of ten.

The previous client we were working with was a bank that had opened a ticket with Kaspersky some months ago, and nobody had responded. The only response from the support team is when it comes to pricing. Technical support is a little slow. I rate the technical support a five out of ten.

Neutral

The product's initial setup phase is a medium-level process. It is pretty easy to set it up, but I would say it is medium because I am not yet experienced working with it in an enterprise-level business with 10,000 or more people. I have worked with organizations with 1,000 to 5,000 people, and I can say that the setup phase is not difficult to manage. I rate the setup phase an eight out of ten.

I have clients who use on-prem services for Kaspersky Security Center, and I have clients who use Kaspersky Security Cloud. We have the ones that we manage in the cloud and the ones that we manage on-premises.

Depending on the number of endpoints we have to manage, the product can be deployed in a week.

We have different people to manage endpoints and security cloud. An average of three to four deploy the tool.

If one is cheap, ten is expensive, I rate the product’s price as a seven out of ten, especially if I compare it with CrowdStrike.

Compared to Trend Micro and CrowdStrike, Kaspersky is really big on endpoint protection and detection. Whatever an endpoint protection tool needs, Kaspersky has it all. It only lacks in the cloud area and visibility between the cloud, emails, and endpoints. When it comes to endpoint protection alone, I think it is a big tool.

The automated response capabilities improve security operations and are very useful. The tool can discover other devices in your environment that don't have antivirus. It goes the extra mile to tell you, even if you are installing an application, whether it is already outdated and if you need to update it. In terms of compliance, you can take a report from Kaspersky and switch to compliance while figuring out the devices that are most affected and the UIs that are most critical.

I would recommend the product to others since it is pretty easy to deploy and manage the setup phase while also being affordable. Mostly, if there is an SMB client who fears getting an enterprise-sized solution like CrowdStrike, they can get Kaspersky and be able to get maximum protection by just using the funds that they have.

I rate the tool a seven out of ten.

We work with Kaspersky and two modalities: the Censi final and Censi license. Most of our clients work in financial areas and industry. Our regular enterprise business relies on these solutions.

Kaspersky is viable with ADR; the Endpoint Detection response feature and the BitLocker management feature are important. 

Additionally, almost all our clients use the Patch Management, vulnerability, and integration feature.

The Kaspersky console could be easier to navigate and generate reports from. We've got Stripe in the method of deployment, which makes it easier and requires lower integration from my team. Deployment with the console directly, without depending on other workers to deploy the agents, would be beneficial.

I have been using Kaspersky for eight years.

Stability issues are not complex due to the easy Quadrigia method in the console.

Scalability has passed with the equal court strike. It is very easy, and it is both calibrated and strong.

Kaspersky supports us; when we and the analyst with Kaspersky grade it, we are almost prepared to respond to our questions with my team.

Neutral

My team consists of five people. Our team is customer certified.

Kaspersky is one of the best, and we are working with it today. I have tested others for knowledge, but Kaspersky remains the best after testing. My English isn't perfect, but feel free to call me for other questions. 

Overall, the product rating is ten out of ten.

We primarily rely on it for quick responses to threats.

It takes action when it detects any malicious or abnormal behavior.

Kaspersky EDR Expert improved our incident response times.

The integration with our hypervisor is quite smooth, especially within the Kaspersky Enterprise environment. We have many virtual machines, and the integration is helpful.

I find Kaspersky can be quite resource-intensive, consuming a significant amount of RAM and CPU.

Another area of improvement is customer service and support. Since the solution handles critical applications and vulnerabilities, immediate support is essential when issues arise.

We've been using Kaspersky without EDR for about three years. We added the EDR component six months ago.

It's stable.

Scalability is a good feature. We use a Kaspersky Security Center cluster. However, we need a separate SQL database for cluster communication.

We provide hosting services, so there are many virtual machines. We have about 500 virtual machines and 10 technical users.

There's room for improvement in customer service and support.  

The response time when I open a ticket or communicate with the vendor could be faster.

Neutral

We only use Kaspersky for EDR.

It is a little difficult. There's a certain level of complexity involved in the initial setup. We have an SDC environment, so we work with Live And. Deploying a lightweight agent on each virtual machine and having Linux as the engine on the host makes the implementation more complex.

MMaintenance is not easy, but it's not extremely hard either. 

One person is enough, and another for backup.

We have a higher-level license, so we have access to all the features, including network inspection and antivirus protection.

The pricing is reasonable. Not too cheap, not too expensive.  We pay yearly licenses. 

The cost depends on the number of agents. Since we have many, I'd estimate around three million Egyptian pounds for the license.

Overall, I would rate the solution a seven out of ten. I do recommend Kaspersky for others.

We use the product to monitor behaviors for endpoints to detect malware attacks and fraudulent activities.

The product has an easy-to-use EDR module based on signature-based antivirus detection. It is a complete software.

They could provide a source of visualization for the product. It needs to be easier to use for searches and activities. Additionally, they should work on an incident response module.

We have been using Kaspersky Endpoint Detection and Response Expert for three years.

I rate the product's stability an eight out of ten. It has more features than other EDR solutions.

The product has good scalability. We can size and schedule it as per requirements.

The initial setup process is straightforward. It takes two to three hours to work on configuration, installation, and implementation.

The product is worth the investment for small and medium businesses. Large enterprises can use it as an antivirus software rather than a complete EDR solution.

The product has a valuable pricing model. We need to purchase its monthly subscription.

The product is more advanced and scalable than other EDR solutions.

It is a nice EDR product. It works well for small and medium businesses than enterprises. I rate it a seven out of ten.

We use Kaspersky Endpoint Detection and Response for different in-depth solutions. It's a useful tool when you want everything in one module and you don't have a big budget for security. Other use cases are behavior detection, policy management, assessments, and patch fixings.

The most valuable features for me in Kaspersky are good security and performance. This solution is quite responsive and the tech support engineers are kind and good.

My opinion is that behavior detection could work better. This feature gets a high rate of false positives. This service is painful for network administrators.

I would like for this solution to better integrate with other solutions, especially with our network solution. I would also like for the support response time to be better.

I have been using this solution for about five years now.

I would say that the stability of this solution is quite good.

I would say that the scalability of this solution is good as your deployment and better if you have several management consoles. As of recently, in my console, there were about 110 points and several servers. We also have plans to increase usage in the future, depending on how much our company grows.

We do use the technical support of this solution and even though they are late to answer, especially via email, they are quite effective most of the time. The only thing that I think should improve is the time delay.

I would say that the initial setup process is complex. The amount of time it takes to deploy largely depends on the size of your network. It usually takes about two or three months, depending on the size of the endpoint and networks. 

Our model of deployment is on-premises. It took about one week to deploy the central management console and the full features and the policies, but the endpoints which connected to the central management console took longer. You also must have administration staff for the maintenance.

How much of an ROI a company has from this solution will vary. If there are no IT or security users in a company, the ROI is going to be very low. There must be at least one endpoint solution for a company to see ROI. The ROI is good for medium-sized networks.

My impression of the pricing plan is that it's good and reasonable. The license annual.

I would recommend this solution to other people as it's a good and useful tool.

I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.