Kaspersky Endpoint Detection and Response Expert has demonstrated 100% protection from attacks exploiting Windows’ Local Security Authority Subsystem Service (LSASS) in a recent AV-Comparatives test. Kaspersky EDR Expert successfully protected the LSASS process from credential dumping during 15 different attacks.
With cybercriminals looking to gain access to corporate networks by any means possible today, building security against any type of threat has become critical to ensure protection and prevent business disruption. The right solutions are paramount for advanced detection, full visibility and appropriate response.
AV-Comparatives is a world-renowned independent organisation performing research and regular tests of security software. In the recent report, the test lab analysed hardening capabilities of four security solutions to protect the LSASS process and prevent credential dumping. By abusing the LSASS on a Windows machine, attackers can get domain user credentials to further propagate the attack locally or move laterally within the targeted network.
To evaluate the capabilities of tested products, AV-Comparatives engineers used a variety of tools and methods, including Reflective DLL, Native APIs DLL, Invoke-PPL Dump and others, while attempting to gain access to the infrastructure in a range of 15 complex attacks. Security solutions were expected to prevent the attempt of LSASS process memory dumping.
The test confirmed that Kaspersky Endpoint Detection and Response Expert includes efficient hardening measures against credential dumping activated by default and demonstrated 100% protection rate from all LSASS attack methods tested.
“We are thrilled to participate in the research by AV-Comparatives and to receive the real-world testing scenario results. Benchmarking our security products against specific attacks is key to confirming the quality of Kaspersky technologies. Our goal is to constantly deliver the highest level of protection capabilities for our customers, and such achievements validate our efforts,” comments Alexander Liskin, Head of Threat Research at Kaspersky.
“Kaspersky EDR Expert in default configuration has demonstrated 100% protection against the LSASS credential dumping attacks used in our dedicated research,” said Andreas Clementi, CEO, AV-Comparatives.
Kaspersky Endpoint Detection and Response Expert provides visibility across all endpoints on corporate networks and delivers superior defense, enabling automation of routine tasks to discover, prioritise, investigate and neutralise complex threats and APT-grade attacks. For more information about Kaspersky Endpoint Detection and Response Expert, visit our website.
The full report, detailing the performance of Kaspersky EDR Expert during the AV-Comparatives test, is available via this link.