Kaspersky Security Center Cloud Console can integrate features of other Kaspersky solutions into the console interface. For example, you can add the detection and response features to the functionality of Kaspersky Security Center Cloud Console.
The detection and response solutions are designed to protect an organization's IT infrastructure from complex cyberthreats. The solutions' functionality combines automatic threat detection with the ability to respond to these threats to resist complex attacks, including new exploits, ransomware, fileless attacks, and methods that use legitimate system tools.
You can integrate the following solutions:
After a Kaspersky Endpoint Protection Platform (also referred to as EPP) application detects a threat, Kaspersky Security Center Cloud Console adds a new alert to the alert list. An alert contains detailed information about the detected threat and enables you to analyze and investigate the threat. You can also visualize the threat by creating a threat development chain graph. The graph describes the deployment stages of the detected attack in time.
As a response, you can choose one of the predefined response actions, for example, isolate an untrusted object, isolate a compromised device from the network, or create an execution prevention rule for an untrusted object.
For information about the solution activation, see the Kaspersky Endpoint Detection and Response Optimum documentation.
After a Kaspersky EPP application detects a threat, Kaspersky Security Center Cloud Console adds a new incident to the incident list. An incident contains detailed information about the detected threat. The MDR Security Operation Center (SOC) analysts of Kaspersky or a third-party company investigate the incidents and offer responses to solve the incidents. You can accept or reject the offered measures manually, or enable the option to auto-accept all of the responses.
For information about the solution activation, see the Kaspersky Managed Detection and Response documentation.
This is a solution for organizations that have a team of SOC analysts. The detected threats are registered as alerts or incidents that can be assigned to SOC analysts for investigation. Kaspersky Endpoint Detection and Response Expert provides you with detailed information on each alert or incident, as well as the tools for alert and incident management, threat hunting, and custom rules development. The SOC analysts or security officers can manually select the response actions, or the predefined automated response measures can be taken.
For information about the solution activation, see the Kaspersky Endpoint Detection and Response Expert documentation.