Deployment using Kaspersky Security Center

Expand all | Collapse all

Prerequisites

• Your IT infrastructure must meet the hardware and software requirements of Kaspersky Managed Detection and Response.
• For ports 443 and 1443 on each asset that you want to protect, all outgoing non-SSL traffic is allowed and traffic inspection is disabled. These ports are used for transferring telemetry data from the assets to the following Kaspersky servers:
  • *.ksn.kaspersky-labs.com
  • ksn-*.kaspersky-labs.com
  • ds.kaspersky.com

Deployment of Kaspersky Managed Detection and Response by using Kaspersky Security Center proceeds in stages:

1. Activation of the solution

   Activate the Kaspersky Managed Detection and Response solution with your license.

2. Installing EPP applications

   Ensure that you have installed the EPP applications that support Kaspersky Managed Detection and Response functionality on your assets.

3. Downloading the MDR configuration file

   Download the MDR configuration file for your organization or download separate archives for every tenant from the Tenants section of MDR Web Console.

   Starting from Kaspersky Endpoint Security for Windows 12.6, if you have only root tenant and if you are not using the MDR solution together with Kaspersky Endpoint Detection and Response Optimum you do not need to download MDR configuration file. Please refer to the instruction provided for Kaspersky Endpoint Security for Windows at stage 5.

4. Kaspersky Private Security Network (KPSN) configuration

   The Switching the MDR solution to operation without KPSN configuration files article describes how to use the MDR solution without KPSN.

   If your configuration does not meet the requirements for operation without KPSN configuration files, you need to set up KPSN on your assets by using your KPSN configuration file from the MDR configuration file.

5. Integration with EPP applications

   Perform the application-specific deployment scenarios for all the Kaspersky applications installed on your assets:

   • Kaspersky Endpoint Security for Windows

     Deployment depends on the version of Kaspersky Endpoint Security for Windows that is installed on your assets. If you have more than one version of Kaspersky Endpoint Security for Windows installed in your infrastructure, you can perform the scenarios for these versions in any order:

     Kaspersky Endpoint Security for Windows 12.6 and later with only root tenant and without Kaspersky Endpoint Detection and Response Optimum

     If you have only root tenant, you can skip downloading the MDR configuration file and add and deploy your license key directly in Kaspersky Security Center.

     To deploy Kaspersky Managed Detection and Response on Kaspersky Endpoint Security for Windows 12.6 and later:

     1. Ensure all your assets belong to the root tenant.
     2. Check whether Kaspersky Endpoint Security for Windows on all the assets is updated to the version 12.6 or later.
     3. Ensure Kaspersky Managed Detection and Response component is enabled in Kaspersky Endpoint Security for Windows on all the assets.
     4. Add a license key to the license key repository in Kaspersky Security Center.
     5. Deploy the license key to the assets automatically or by using the Add license key task.

     For details about simultaneous use of MDR and EDR Optimum solutions refer to Kaspersky Endpoint Security for Windows help.

     Kaspersky Endpoint Security for Windows 12.5 and later with several tenants

     If you are switching to the built-in MDR functionality in Kaspersky Endpoint Security for Windows after working with it by using the Kaspersky Endpoint Agent functionality, make sure to disable Kaspersky Managed Detection and Response in the Kaspersky Endpoint Agent policy after configuring the integration with Kaspersky Managed Detection and Response in the Kaspersky Endpoint Security for Windows policy for all assets with Kaspersky Endpoint Security for Windows 11.6 and later.

     Note that if the same policy is also applied to assets with Kaspersky Endpoint Security for Windows 11.5 and earlier, it is necessary to create and configure a separate policy for these assets first, to maintain their integration with Kaspersky Managed Detection and Response via the Kaspersky Endpoint Agent policy.

   • Kaspersky Endpoint Security for Linux
   • Kaspersky Endpoint Security for Mac
   • Kaspersky Security for Virtualization 5.2 Light Agent

     1. Ensure that you have installed Kaspersky Endpoint Agent as part of Kaspersky Endpoint Security for Windows.

        Kaspersky Endpoint Agent can be installed:

        • During the installation of Kaspersky Endpoint Security for Windows.
        • After the installation of Kaspersky Endpoint Security for Windows.
     2. Check whether your Kaspersky Endpoint Agent for Windows version is up to date and, if necessary, update it.

        Kaspersky Endpoint Agent 3.10 or later is required for Kaspersky Endpoint Security for Windows 11.5.

     3. Configure your Kaspersky Endpoint Detection and Response Optimum solution.
     4. Create a policy for Kaspersky Endpoint Agent.
     5. Set up integration between Kaspersky Endpoint Agent for Windows and Kaspersky Managed Detection and Response by uploading the BLOB file from the MDR configuration file to the Kaspersky Endpoint Agent policy.
     6. Configure Kaspersky Endpoint Security for Windows on your assets.

        The following components must be enabled:

        • Kaspersky Security Network

          In the Kaspersky Security Network settings, select the Enable Extended KSN mode check box.

        • Behavior Detection

          Enabling these components is mandatory. Otherwise, Kaspersky Managed Detection and Response is not operable, as sending telemetry is not possible.

        Additionally, Kaspersky Managed Detection and Response can use data from the following components:

        • Web Threat Protection
        • Mail Threat Protection
        • Firewall

          Enabling these components is optional. If they are disabled, Kaspersky Managed Detection and Response continues sending telemetry, but with limited data.

     7. If you have enabled Firewall in Kaspersky Endpoint Security for Windows, create a Firewall rule with the following properties:
        • In the Action drop-down list, select the Allow value.
        • In the Direction drop-down list, select the Inbound/Outbound value.
        • In the Remote addresses and Local addresses drop-down lists, select the Any address value.

          Once the rule is created, move it to the top of the rules list.

     • Kaspersky Security for Virtualization 5.2 Light Agent
     • If you are using Kaspersky Endpoint Detection and Response Optimum (for Kaspersky Endpoint Security for Windows 11.6 and earlier)
       1. Ensure that you have installed Kaspersky Endpoint Agent as part of Kaspersky Endpoint Security for Windows.

          Kaspersky Endpoint Agent can be installed:

          • During the installation of Kaspersky Endpoint Security for Windows.
          • After the installation of Kaspersky Endpoint Security for Windows.
       2. Check whether your Kaspersky Endpoint Agent for Windows version is up to date and, if necessary, update it.

          Kaspersky Endpoint Agent 3.10 or later is required for Kaspersky Endpoint Security for Windows 11.5.

       3. Configure your Kaspersky Endpoint Detection and Response Optimum solution.
       4. Create a policy for Kaspersky Endpoint Agent.
       5. Set up integration between Kaspersky Endpoint Agent for Windows and Kaspersky Managed Detection and Response by uploading the BLOB file from the MDR configuration file to the Kaspersky Endpoint Agent policy.
       6. Configure Kaspersky Endpoint Security for Windows on your assets.

          The following components must be enabled:

          • Kaspersky Security Network

            In the Kaspersky Security Network settings, select the Enable Extended KSN mode check box.

          • Behavior Detection

            Enabling these components is mandatory. Otherwise, Kaspersky Managed Detection and Response is not operable, as sending telemetry is not possible.

          Additionally, Kaspersky Managed Detection and Response can use data from the following components:

          • Web Threat Protection
          • Mail Threat Protection
          • Firewall

            Enabling these components is optional. If they are disabled, Kaspersky Managed Detection and Response continues sending telemetry, but with limited data.

       7. If you have enabled Firewall in Kaspersky Endpoint Security for Windows, create a Firewall rule with the following properties:
          • In the Action drop-down list, select the Allow value.
          • In the Direction drop-down list, select the Inbound/Outbound value.
          • In the Remote addresses and Local addresses drop-down lists, select the Any address value.

            Once the rule is created, move it to the top of the rules list.

   • Kaspersky Anti-Targeted Attack Platform

     Kaspersky Managed Detection and Response allows you to analyze and monitor the data from Kaspersky Anti-Targeted Attack (KATA) Platform.

     Integration with Kaspersky Anti-Targeted Attack Platform is not available when using a license key for the Saudi Arabia region.

     To configure integration between Kaspersky Managed Detection and Response and Kaspersky Anti-Targeted Attack Platform, you need to receive an MDR configuration file, first. For details on how to configure the integration, refer to Kaspersky Anti-Targeted Attack Platform online help.

     Kaspersky Anti-Targeted Attack Platform is not part of Kaspersky Managed Detection and Response. If you want to use Kaspersky Anti-Targeted Attack Platform, you must purchase it separately.

   If you have more than one Kaspersky application installed in your infrastructure, you can perform the application-specific scenarios in any order.

   Activate the MDR solution in EPP applications.

   The Components required for MDR operation article lists EPP components that ensure sending telemetry from the assets

   You can check the status of your assets by using the MDR Health functionality.

Page top