The chosen solution has replaced the conventional malware protection of stations with a more advanced system, through which we can more effectively counter cyber attacks. It is important to us that we can administer the system ourselves and much of the system's activities, including incident response, are automated.
Baseline and project objectives
The protection of DPMO's IT infrastructure and data is entirely the responsibility of the IT department, which also oversees cyber security, responds to incidents and takes preventive action. The existing antimalware solution protecting endpoints and servers is no longer functionally sufficient for the advanced team of IT specialists. Detailed insight into detected incidents was lacking and the ever-increasing number of cyber attacks led to the idea of an additional layer of protection against unknown or emerging threats.
Therefore, there was a need to make anti-malware protection activities transparent, enabling detailed incident analysis and rapid response, both with the help of machine learning and artificial intelligence, and by engaging the experience and knowledge of the customer's IT team environment. There was also a requirement to increase defence against unknown threats, with the ability to automatically test unknown files in a secure environment (sandboxing), which will be run in the IT infrastructure and fully integrated with endpoint and server antimalware protection. At the same time, there should be no unnecessary increase in the workload of operating the security solution and the workload of DPMO IT team members. Of course, price and high technological level were also very important parameters.
From the possible offerings available on the market, the company chose Kaspersky Endpoint Security Select, complemented by Kaspersky EDR Optimum and Kaspersky Sandbox. These three products best matched the requirements and together form a comprehensive and fully integrated on-premise security ecosystem, the so-called Optimum Security Framework.
- Increasing protection against unknown cyber threats.
- Detailed overview and analysis of incidents.
- Detection of threats that are undetectable by traditional antimalware protection.
- On-premise solution, data does not leave the DPMO network, independent of WAN connection quality.
- Automation and low maintenance.
The solution is based on Kaspersky Endpoint Security software, which is complemented by the supporting EDR Optimum and the on-premise Kaspersky Sandbox file analysis environment. The endpoint agent for EDR purposes on endpoints, for example, monitors the activity of running files or scripts, network traffic or changes in registries, all sent to a central server where full visualization of incidents takes place. Incident response can be automatic or operator input is possible if required.
If a brand new unknown file is discovered on the device, the agent sends the file directly to Kaspersky Sandbox. For each analysis, the Sandbox launches a separate virtual environment to run the file and monitor the actions the file performs once it is run. If the file is detected as malicious, Sandbox notifies the central server and clients, automatically running a scan on all stations and creating a compromise indicator. This ensures that if a malicious file is detected anywhere else, it will be automatically removed immediately, without the need for operator intervention and independent of the virus definition database.
Thanks to the symbiosis of these solutions, the Transport Company's team of IT specialists have acquired a tool that allows them to detect a potential attack immediately in its early stages. At the same time, it makes available and visualizes detailed information about incidents, which is important for DPMO specialists to make informed decisions about necessary responses or preventive actions.
- Kaspersky Endpoint Security
- Kaspersky EDR Optimum
- Kaspersky Sandbox
You May Also Like
- The first four companies adopt the new name Aricoma
- We have joined the EDIH NORTHEAST BOHEMIA consortium’s digitalization project
- Kofola has cybersecurity under control
- Faster and safer login to computers and applications at the Jihlava Hospital
- Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
- BUDVAR systematically increases its cyber security
- Security and remote management of thousands of commissioners' mobile devices for Census 2021
- Simple, secure and unified network management at Zeelandia
- Secure handling of sensitive data for the Magistrate of the City of Ostrava
- Efficiency through Identity Management for Palacký University in Olomouc
- Secure management of corporate network and user rights from the cloud for LetsGetChecked
DO NOT HESITATE TO
Are you interested in more information or an offer for your specific situation?