News & Promotions

Kaspersky Lab


Kaspersky launches ML-driven MDR for SMBDistribution

The new Kaspersky Managed Detection and Response (MDR) service ensures continuous machine learning-driven 24/7 protection while saving IT security teams’ resources for threat analysis, investigation and response. Thanks to two product tiers, Kaspersky MDR is now available not only for large enterprises, but for medium-sized businesses with different levels of IT security maturity and needs. Along with the MDR launch Kaspersky also updates its approach to product portfolios with cybersecurity frameworks. Different frameworks combine various sets of security solutions and services to enable protection from diverse types of threats.

Detecting and responding to sophisticated attacks requires specific expertise, while internal training or hiring additional experts may not always fit into the cybersecurity budget. A lack of resources can lead to untimely responses to incidents and, as a result, increase the losses of the organization. According to a Kaspersky report, for enterprises, the average cost of a data breach rises by more than $400k depending on whether a breach is discovered almost instantly or beyond seven days.

Targeted towards such organizations, Kaspersky Managed Detection and Response provides major benefits of an outsourced security operations center (SOC) and does not require specialized threat hunting and incident analysis skills from internal teams, which can be especially relevant for mid-size businesses. The service is complemented by detection technologies as well as extensive expertise in threat hunting and incident response from professional units including the Global Research & Analysis Team (GReAT). It is also empowered with AI Analyst that enables automatic alert resolution and allows Kaspersky SOC analysts to concentrate on the most important alerts. The combination of technologies and expertise gives customers protection form threats that evade detection, for example, by mimicking legitimate programs. IT security experts can see the protection status of all assets and threat detections in real time, receive ready-made response recommendations or authorize managed response scenarios.

The service integrates several components. Kaspersky products such as, for example, endpoint protection or EDR, send their telemetry to the Kaspersky Security Network. This telemetry is then analyzed in the internal Kaspersky Security Operations Center using more than 700 constantly updated proprietary TTP-based ‘hunts’ tailored to the customer's environment along with various detection engines. Since alerts are collected from all endpoints, this allows the system to detect links of one attack chain on various machines. All detections are further validated and prioritized by Kaspersky’s threat hunting team to ensure a timely response. After investigation, customers receive incident alerts and a comprehensive guide to incident response in the dedicated MDR portal. Response options can then be initiated through an endpoint detection and response (EDR) agent. Customers can also combine MDR with Kaspersky’s Incident Response retainer to completely outsource incident investigation, forensics and elimination.

Contact us if you would like to know more about this new Kaspersky solution.