Managed Detection and Response

The Managed Detection and Response component was added in Kaspersky Endpoint Security in version 11.2. This component interacts with a solution known as Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response (MDR) continuously searches for, detects, and eliminates threats aimed at your organization. For detailed information about how the solution works, please refer to the Kaspersky Managed Detection and Response Help Guide.

When interacting with Kaspersky Managed Detection and Response, the application lets you perform the following functions:

• Activate Managed Detection and Response using a BLOB configuration file.
• Execute commands from Kaspersky Managed Detection and Response.
• Send telemetry data to Kaspersky Managed Detection and Response for threat detection.

The Managed Detection and Response component has the following additional requirements:

• macOS 11
• Intel-based Mac

Integration with Kaspersky Managed Detection and Response

Integration with Kaspersky Managed Detection and Response consists of the following steps:

1. Configure the Kaspersky Security Network proxy server.

   The Kaspersky Security Network proxy server facilitates data exchange between computers and the Kaspersky Security Network cloud service infrastructure via the Administration Server instead of direct exchange.

   Load the Kaspersky Security Network configuration file in the Administration Server properties. The Kaspersky Security Network configuration file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For details on configuring the Kaspersky Security Network proxy server, please refer to the Kaspersky Security Center Help Guide.

   As a result, Kaspersky Endpoint Security will use Private KSN to determine the reputation of files, applications, and websites. The "KSN Infrastructure: Private" operating status will be indicated in the policy settings in the Kaspersky Security Network section.

   Usage of Private KSN with Kaspersky Managed Detection and Response ensures that telemetry is sent to GDPR (General Data Protection Regulation) compliant servers. If Private KSN is not used, telemetry can be sent to the Global KSN. This may violate the laws of your country.

   Important: You must enable extended KSN mode for Managed Detection and Response to work.

2. Activate Managed Detection and Response.

   Load the BLOB configuration file in the Kaspersky Endpoint Security policy (see the instructions below). The BLOB file contains the client ID and information about the license for Kaspersky Managed Detection and Response. The BLOB file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For detailed information about a BLOB file, please refer to the Kaspersky Managed Detection and Response Help Guide.

   Activate Managed Detection and Response in the Administration Console (MMC)

   1. Start Kaspersky Security Center Administration Console.
   2. Maximize the Administration Server <Server name> node.
   3. In the console tree, click Managed devices.
   4. In the workspace, select the Policies tab.
   5. Right-click the policy you want to configure and choose Properties.
   6. In the Properties window, select Detection and Response > Managed Detection and Response.
   7. Select the Managed Detection and Response checkbox.
   8. In the MDR configuration file block, click Import and select the BLOB file received in the Kaspersky Managed Detection and Response Console. The file has the P7 extension.
   9. Click OK to save your changes.

   Activate Managed Detection and Response in the Web Console and Cloud Console

   1. In the main window of Web Console, select Devices > Policies and profiles.
   2. Click the name of the Kaspersky Endpoint Security for Mac policy.
   3. The policy properties window opens.
   4. Select the APPLICATION SETTINGS tab.
   5. Select Detection and Response > Managed Detection and Response.
   6. Turn on the Managed Detection and Response toggle switch.
   7. Click Import and select the BLOB file that was obtained in the Kaspersky Managed Detection and Response Console. The file has the P7 extension.
   8. Save your changes.

   As a result, Kaspersky Endpoint Security will verify the BLOB file. BLOB file verification includes checking the digital signature and the license term. If the BLOB file is successfully verified, Kaspersky Endpoint Security will load the file and send the file to the computer during the next synchronization with Kaspersky Security Center.

Page top