Kaspersky Managed Detection and Response is a solution for automatically detecting and analyzing security incidents in your infrastructure using telemetry and advanced machine learning technologies. Information about the incident is sent to Kaspersky experts, who can then either process the incident themselves or provide recommendations on how to resolve it.
When interacting with Kaspersky Managed Detection and Response, Kaspersky Endpoint Security can carry out the following functions:
Integration of Kaspersky Endpoint Security with the Kaspersky Managed Detection and Response solution is facilitated by the Managed Detection and Response (MDR) component of the application.
To use the Kaspersky Managed Detection and Response functionality, you need to activate the MDR component in one of the following ways:
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent) by adding license keys to SVMs.
The license that allows to activate the Kaspersky Managed Detection and Response functionality must first be registered on the MDR portal.
If the Kaspersky Security Network infrastructure is deployed within the corporate LAN (you use the Kaspersky Private Security Network infrastructure solution) or if you use tenants other than the root tenant, then to integrate with Kaspersky Managed Detection and Response, you need to upload the KPSN configuration file to the Kaspersky Security Center Administration Server. This file contains the necessary telemetry settings. The KPSN configuration file with the pkcs7 extension is located in the ZIP archive of the MDR configuration file. For details, refer to Kaspersky Managed Detection and Response Help.
You can upload the KPSN configuration file in the Web Console or the Administration Console.
Integration with Kaspersky Managed Detection and Response involves the following steps:
Make sure that the following components of Kaspersky Endpoint Security are enabled and working:
If these components are disabled, the device will have a red status in Kaspersky Managed Detection and Response.
We also recommend enabling Web Threat Protection and Network Threat Protection. If these components are disabled, the device will have a yellow status in Kaspersky Managed Detection and Response.
See the Kaspersky Managed Detection and Response Help for more information about device statuses.
The Kaspersky Managed Detection and Response functionality is not available if Kaspersky Security Network is disabled or being used in standard mode. You can configure the use of Kaspersky Security Network in the Web Console, the Administration Console, or on the command line.
If you are using the MDR component under a license, make sure that one of the following conditions is satisfied:
If you are using Kaspersky Endpoint Security in Light Agent mode to protect virtual environments, you need to add the license key for activating the additional functionality to SVMs.
If you are activating the MDR component using an MDR BLOB file, you need to upload the BLOB file in the Web Console, the Administration Console, or on the command line.
If you are using the Kaspersky Private Security Network infrastructure solution, or you are using tenants other than the root tenant, you need to upload the KPSN configuration file to the Kaspersky Security Center Administration Server.
The MDR component is disabled by default. You can enable or disable the component:
You can check the status of the MDR component: