Kaspersky Managed Detection and Response presents several new features and enhancements.
10/29/2024
MDR Plug-in for Kaspersky Security Center version 2.4.1 is released. It contains the following enhancements:
The ability to configure automatic acceptance of response actions was added in the MDR Plug-in for Kaspersky Security Center.
Enhanced functionality and user interface of the section that provides the list of inactive assets. Such assets have been added to Kaspersky Security Center, have the MDR component installed, but never sent telemetry to Kaspersky Managed Detection and Response. You can filter the assets by MDR status, view the detailed information about each asset, and export the asset list to a CSV file.
When you configure a summary report schedule, you can now specify the tenants for which you want to generate the report. The report will contain data from the specified tenants only.
12/18/2023
MDR Web Console now contains the Telemetry statistics dashboard, which shows the number of telemetry events, security events, and incidents.
Kaspersky Managed Detection and Response now supports Kaspersky Endpoint Security for Windows in Endpoint Detection and Response Agent (EDR Agent) configuration (with the limitations).
11/29/2023
Improved display of asset statuses in MDR Web Console and in MDR Plug-in for Kaspersky Security Center: the asset status now shows the operability of the asset's EPP application components, the asset's anti-virus database update status, and telemetry transmission status.
Asset status now shows the presence of asset's telemetry losses, allowing you to identify assets with telemetry delivery issues. This feature is enabled by default for new customers and will be gradually enabled for existing customers.
10/26/2023
The client residency region Saudi Arabia is added, for clients who store telemetry data in the Kingdom of Saudi Arabia.
9/11/2023
MDR Plug-in for Kaspersky Security Center version 2.3.1 is released. In this version, the incident management functions have been removed from the MDR section in Kaspersky Security Center. You can manage incidents in MDR Web Console.
7/20/2023
MDR Plug-in for Kaspersky Security Center version 2.3.0 is released. It contains the following enhancements:
You can now set up extended notifications in MDR Plug-in.
You can now use MDR functions in Kaspersky Security Center with MDR Plug-in through a proxy server.
You can now change the certificates to use MDR functions in Kaspersky Security Center with a proxy server or anti-virus software.
7/27/2022
MDR Plug-in version 2.1.17 is released. This plug-in version is compatible with Kaspersky Security Center version 14 and later.
5/31/2022
General enhancements:
The client residency region USA/Canada is added, for clients who store their telemetry data in Northern Europe.
Changed the MDR deployment process description in the help.
Enhancements in MDR Plug-in:
In the Settings section, you can now change the language for notifications in Telegram and email, and for communication in the chat about incidents.
Improved interface for working with pictures and tables in the incident cards.
MDR Expert. In the Service Usage section you can check how many incidents can be created according to the SLA.
Bug fixes and other improvements:
Search in the incident and asset lists is now performed by a full occurrence of the searched substring anywhere in the string.
In Kaspersky Endpoint Security for Mac version 11.2 and later after adding MDR license key and KPSN configuration file, you no longer need to restart your Mac in order to start a telemetry transfer.
When calculating licenses for virtual machines with Kaspersky Security for Virtualization 5.2 Light Agent version 5.2 and later, assets that have not transferred telemetry for more than 24 hours are not included.
5/20/2022
MDR Optimum users now can chat with Kaspersky SOC analysts about an incident (with the following limitation: requests are processed only in relation to a particular incident and no SLA is applied).
10/18/2021
Kaspersky Managed Detection and Response Plug-in for Kaspersky Security Center Web Console and Cloud Console was updated with the enhanced MDR Health functionality:
Improved interface of MDR Health.
The list of assets displays all the assets of all the statuses, which were previously available only in MDR Web Console.
Filtering and sorting options added to work with the list of assets.
7/21/2021
Support of Kaspersky Managed Detection and Response in Kaspersky Security Center Cloud Console, which allows managing the solution in the Kaspersky Security Center single administration console. The following features are available with the Kaspersky Managed Detection and Response solution:
New activation wizard, which allows connecting MDR in the Kaspersky Security Center single console
Automatic configuration of Private KSN, which no longer requires the manual downloading and uploading of a configuration file in the Kaspersky Security Center settings
Managing the organization tenants, including their creation
Getting information about the number of incidents available for registration on the user's side, and which are eligible for processing according to the terms of the service level agreement (SLA)
These features are also available in Kaspersky Security Center Web Console.
Managing several MDR Administrator accounts was added in the MDR Web Console: creating accounts and managing account privileges
New versions of compatible applications no longer require the additional installation of Kaspersky Endpoint Agent. The built-in Kaspersky Managed Detection and Response functionality is compatible with the following EPP applications:
Kaspersky Endpoint Security for Windows 11.6 and later
Kaspersky Endpoint Security for Mac 11.2
Kaspersky Endpoint Security for Linux 11.2
Kaspersky Security for Virtualization 5.2 Light Agent
Filtering by event type was added for Kaspersky Endpoint Security for Windows and for Linux with the built-in Kaspersky Managed Detection and Response functionality, which allows decreasing the load on channels and reducing traffic consumption when sending data by telemetry.
Performing these actions is possible with confirmation from the user who has the MDR Administrator role.
Support of the following new localizations in the web plug-in for Kaspersky Security Center Web Console and Cloud Console: French, German, Italian, and Spanish.
3/31/2021
A new web plug-in for Kaspersky Security Center Web Console allows using the following Kaspersky Managed Detection and Response functionality:
Viewing incidents
Creating incidents
Adding comments to the incidents
Contacting Kaspersky Security Operation Center about an incident
Accepting or rejecting the responses, suggested by SOC analysts
Possibility of independent response to an incident:
Isolate assets from the network
Create blocking rules by hash
Create tasks for deleting, moving to quarantine, ending the process, and searching by indicators of compromise (IoC) related to an incident
Monitoring Kaspersky Managed Detection and Response events on dashboards in the monitoring console of Kaspersky Security Center Web Console
Configuring email and Telegram notifications about Kaspersky Managed Detection and Response events
Configuring the schedule of incidents summary sent by email