The Managed Detection and Response component was added in Kaspersky Endpoint Security in version 11.2. This component interacts with a solution known as Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response (MDR) continuously searches for, detects, and eliminates threats aimed at your organization. For detailed information about how the solution works, please refer to the Kaspersky Managed Detection and Response Help.
When interacting with Kaspersky Managed Detection and Response, the application lets you perform the following functions:
The Managed Detection and Response component has the following additional requirements:
Integration with Kaspersky Managed Detection and Response
To integrate with Kaspersky Managed Detection and Response do the following:
The Kaspersky Security Network proxy server facilitates data exchange between computers and the Kaspersky Security Network cloud service infrastructure via the Administration Server instead of direct exchange.
Load the Kaspersky Security Network configuration file in the Administration Server properties. The Kaspersky Security Network configuration file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For details on configuring the Kaspersky Security Network proxy server, please refer to the Kaspersky Security Center Help.
As a result, Kaspersky Endpoint Security will use Private KSN to determine the reputation of files, applications, and websites. The "Infrastructure: Kaspersky Private Security Network" operating status will be indicated in the policy settings in the Kaspersky Security Network section.
Usage of Private KSN with Kaspersky Managed Detection and Response ensures that telemetry is sent to GDPR (General Data Protection Regulation) compliant servers. If Private KSN is not used, telemetry can be sent to the Global KSN. This may violate the laws of your country.
Important: You must enable extended KSN mode for Managed Detection and Response to work.
Load the BLOB configuration file in the Kaspersky Endpoint Security policy (see the instructions below). The BLOB file contains the client ID and information about the license for Kaspersky Managed Detection and Response. The BLOB file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For detailed information about a BLOB file, please refer to the Kaspersky Managed Detection and Response Help.
Activate Managed Detection and Response in the Administration Console (MMC)
Activate Managed Detection and Response in the Web Console and Cloud Console
As a result, Kaspersky Endpoint Security will verify the BLOB file. BLOB file verification includes checking the digital signature and the license term. If the BLOB file is successfully verified, Kaspersky Endpoint Security will load the file and send the file to the computer during the next synchronization with Kaspersky Security Center.