The chosen solution has replaced the conventional malware protection of stations with a more advanced system, through which we can more effectively counter cyber attacks. It is important to us that we can administer the system ourselves and much of the system's activities, including incident response, are automated.
Baseline and project objectives
The protection of DPMO's IT infrastructure and data is entirely the responsibility of the IT department, which also oversees cyber security, responds to incidents and takes preventive action. The existing antimalware solution protecting endpoints and servers is no longer functionally sufficient for the advanced team of IT specialists. Detailed insight into detected incidents was lacking and the ever-increasing number of cyber attacks led to the idea of an additional layer of protection against unknown or emerging threats.
Therefore, there was a need to make anti-malware protection activities transparent, enabling detailed incident analysis and rapid response, both with the help of machine learning and artificial intelligence, and by engaging the experience and knowledge of the customer's IT team environment. There was also a requirement to increase defence against unknown threats, with the ability to automatically test unknown files in a secure environment (sandboxing), which will be run in the IT infrastructure and fully integrated with endpoint and server antimalware protection. At the same time, there should be no unnecessary increase in the workload of operating the security solution and the workload of DPMO IT team members. Of course, price and high technological level were also very important parameters.
From the possible offerings available on the market, the company chose Kaspersky Endpoint Security Select, complemented by Kaspersky EDR Optimum and Kaspersky Sandbox. These three products best matched the requirements and together form a comprehensive and fully integrated on-premise security ecosystem, the so-called Optimum Security Framework.
- Increasing protection against unknown cyber threats.
- Detailed overview and analysis of incidents.
- Detection of threats that are undetectable by traditional antimalware protection.
- On-premise solution, data does not leave the DPMO network, independent of WAN connection quality.
- Automation and low maintenance.
The solution is based on Kaspersky Endpoint Security software, which is complemented by the supporting EDR Optimum and the on-premise Kaspersky Sandbox file analysis environment. The endpoint agent for EDR purposes on endpoints, for example, monitors the activity of running files or scripts, network traffic or changes in registries, all sent to a central server where full visualization of incidents takes place. Incident response can be automatic or operator input is possible if required.
If a brand new unknown file is discovered on the device, the agent sends the file directly to Kaspersky Sandbox. For each analysis, the Sandbox launches a separate virtual environment to run the file and monitor the actions the file performs once it is run. If the file is detected as malicious, Sandbox notifies the central server and clients, automatically running a scan on all stations and creating a compromise indicator. This ensures that if a malicious file is detected anywhere else, it will be automatically removed immediately, without the need for operator intervention and independent of the virus definition database.
Thanks to the symbiosis of these solutions, the Transport Company's team of IT specialists have acquired a tool that allows them to detect a potential attack immediately in its early stages. At the same time, it makes available and visualizes detailed information about incidents, which is important for DPMO specialists to make informed decisions about necessary responses or preventive actions.
- Kaspersky Endpoint Security
- Kaspersky EDR Optimum
- Kaspersky Sandbox
You May Also Like
- Robust multi-level user and data protection of Military Hospital Olomouc
- BUDVAR systematically increases its cyber security
- Kofola has cybersecurity under control
- Data of CENTROPOL ENERGY customers and employees is safe thanks to the DLP system
- The first four companies adopt the new name Aricoma
- Complete management of the corporate IT of MORAVIA PROPAG
- Modern and secure IT infrastructure with operational services for Arkance Systems CZ
- We have joined the EDIH NORTHEAST BOHEMIA consortium’s digitalization project
- Faster and safer login to computers and applications at the Jihlava Hospital
- Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
- Security and remote management of thousands of commissioners' mobile devices for Census 2021
- AC Identity - Identity Management for the city of České Budějovice
DO NOT HESITATE TO
Are you interested in more information or an offer for your specific situation?