What's new

Kaspersky Managed Detection and Response presents several new features and enhancements.

12/18/2023

• MDR Web Console now contains the Telemetry statistics dashboard, which shows the number of telemetry events, security events, and incidents.
• Kaspersky Managed Detection and Response now supports Kaspersky Endpoint Security for Windows in Endpoint Detection and Response Agent (EDR Agent) configuration (with the limitations).

11/29/2023

• Improved display of asset statuses in MDR Web Console and in MDR Plug-in for Kaspersky Security Center: the asset status now shows the operability of the asset's EPP application components, the asset's anti-virus database update status, and telemetry transmission status.
• Asset status now shows the presence of asset's telemetry losses, allowing you to identify assets with telemetry delivery issues. This feature is enabled by default for new customers and will be gradually enabled for existing customers.

10/26/2023

The client residency region Saudi Arabia is added, for clients who store telemetry data in the Kingdom of Saudi Arabia.

9/11/2023

MDR Plug-in for Kaspersky Security Center version 2.3.1 is released. In this version, the incident management functions have been removed from the MDR section in Kaspersky Security Center. You can manage incidents in MDR Web Console.

7/20/2023

MDR Plug-in for Kaspersky Security Center version 2.3.0 is released. It contains the following enhancements:

• You can now set up extended notifications in MDR Plug-in.
• You can now use MDR functions in Kaspersky Security Center with MDR Plug-in through a proxy server.
• You can now change the certificates to use MDR functions in Kaspersky Security Center with a proxy server or anti-virus software.

6/23/2023

The client residency region Latin America is added, for clients who store their telemetry data in Brazil.

7/27/2022

MDR Plug-in version 2.1.17 is released. This plug-in version is compatible with Kaspersky Security Center version 14 and later.

5/31/2022

General enhancements:

• The client residency region USA/Canada is added, for clients who store their telemetry data in Northern Europe.
• Changed the MDR deployment process description in the help.

Enhancements in MDR Plug-in:

• In the Settings section, you can now change the language for notifications in Telegram and email, and for communication in the chat about incidents.
• Improved interface for working with pictures and tables in the incident cards.
• MDR Expert. In the Service Usage section you can check how many incidents can be created according to the SLA.

Bug fixes and other improvements:

• Search in the incident and asset lists is now performed by a full occurrence of the searched substring anywhere in the string.
• In Kaspersky Endpoint Security for Mac version 11.2 and later after adding MDR license key and KPSN configuration file, you no longer need to restart your Mac in order to start a telemetry transfer.
• When calculating licenses for virtual machines with Kaspersky Security for Virtualization 5.2 Light Agent version 5.2 and later, assets that have not transferred telemetry for more than 24 hours are not included.

5/20/2022

MDR Optimum users now can chat with Kaspersky SOC analysts about an incident (with the following limitation: requests are processed only in relation to a particular incident and no SLA is applied).

10/18/2021

• Kaspersky Managed Detection and Response Plug-in for Kaspersky Security Center Web Console and Cloud Console was updated with the enhanced MDR Health functionality:
  • Improved interface of MDR Health.
  • The list of assets displays all the assets of all the statuses, which were previously available only in MDR Web Console.
  • Filtering and sorting options added to work with the list of assets.

7/21/2021

• Support of Kaspersky Managed Detection and Response in Kaspersky Security Center Cloud Console, which allows managing the solution in the Kaspersky Security Center single administration console. The following features are available with the Kaspersky Managed Detection and Response solution:
  • Working with incidents:
    • Viewing, creating, and commenting incidents
    • Contacting Kaspersky Security Operation Center about an incident, accepting or rejecting responses suggested by SOC analysts
    • Responding to an incident by using Kaspersky Endpoint Detection and Response

    The following responses are available:

    • Applying network isolation of devices
    • Creating blocking rules by hash
    • Creating tasks for deletion, moving to quarantine, ending the process, and searching by indicators of compromise (IoC) related to an incident
  • Monitoring Kaspersky Managed Detection and Response events on dashboards in the monitoring console of Kaspersky Security Center Web Console
  • Configuring notifications about Kaspersky Managed Detection and Response events by email and Telegram
  • Configuring the schedule of the MDR performance summary sent by email
  • Viewing the devices on which there are problems in MDR performance
  • New activation wizard, which allows connecting MDR in the Kaspersky Security Center single console
  • Automatic configuration of Private KSN, which no longer requires the manual downloading and uploading of a configuration file in the Kaspersky Security Center settings
  • Managing connections to the public MDR API: viewing, creating, editing, and deleting tokens
  • Managing the organization tenants, including their creation
  • Getting information about the number of incidents available for registration on the user's side, and which are eligible for processing according to the terms of the service level agreement (SLA)

    These features are also available in Kaspersky Security Center Web Console.

• Managing several MDR Administrator accounts was added in the MDR Web Console: creating accounts and managing account privileges
• New versions of compatible applications no longer require the additional installation of Kaspersky Endpoint Agent. The built-in Kaspersky Managed Detection and Response functionality is compatible with the following EPP applications:
  • Kaspersky Endpoint Security for Windows 11.6 and later
  • Kaspersky Endpoint Security for Mac 11.2
  • Kaspersky Endpoint Security for Linux 11.2
  • Kaspersky Security for Virtualization 5.2 Light Agent

  For details on different deployment scenarios, refer to Deployment of Kaspersky Managed Detection and Response.

• Filtering by event type was added for Kaspersky Endpoint Security for Windows and for Linux with the built-in Kaspersky Managed Detection and Response functionality, which allows decreasing the load on channels and reducing traffic consumption when sending data by telemetry.
• Support of the following response types: getting file from device, isolating the device, disabling the isolation of the device, deleting registry key, terminating process.

  Performing these actions is possible with confirmation from the user who has the MDR Administrator role.

• Support of the following new localizations in the web plug-in for Kaspersky Security Center Web Console and Cloud Console: French, German, Italian, and Spanish.

3/31/2021

A new web plug-in for Kaspersky Security Center Web Console allows using the following Kaspersky Managed Detection and Response functionality:

• Viewing incidents
• Creating incidents
• Adding comments to the incidents
• Contacting Kaspersky Security Operation Center about an incident
• Accepting or rejecting the responses, suggested by SOC analysts
• Possibility of independent response to an incident:
  • Isolate assets from the network
  • Create blocking rules by hash
  • Create tasks for deleting, moving to quarantine, ending the process, and searching by indicators of compromise (IoC) related to an incident
• Monitoring Kaspersky Managed Detection and Response events on dashboards in the monitoring console of Kaspersky Security Center Web Console
• Configuring email and Telegram notifications about Kaspersky Managed Detection and Response events
• Configuring the schedule of incidents summary sent by email

Page top