Architecture of Kaspersky Managed Detection and Response

The figure below shows the components of Kaspersky Managed Detection and Response, and their interaction.

Architecture of Kaspersky Managed Detection and Response

Description of Kaspersky Managed Detection and Response components:

• Asset is an organization's device that is protected by Kaspersky solutions.

  A device with an installed Kaspersky EPP application (for example, Kaspersky Endpoint Security for Windows).

• Endpoint Protection Platform (EPP) application is a Kaspersky application that protects assets, and the data stored on them, from malware and other threats.
• The Kaspersky Endpoint Agent is a program component that is installed on workstations and servers of the corporate IT infrastructure. Kaspersky Endpoint Agent continuously monitors processes running on those computers, active network connections, and the files that are modified. In recent versions of EPP applications it was replaced by the built-in functionality.
• Kaspersky Network Agent is a Kaspersky Security Center component that enables interaction between the Administration Server and the Kaspersky applications that are installed on a specific network node (workstation or server). This component is common to all of the company's applications for Microsoft Windows. Separate versions of Network Agent exist for Kaspersky applications developed for Unix-like operation systems and for macOS.
• Kaspersky Security Center is an application aimed at corporate network administrators and employees responsible for the protection of assets in a wide range of organizations.
• Kaspersky Security Network is an infrastructure of cloud services that provides access to the Kaspersky online knowledge base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
• Kaspersky Managed Detection and Response (also referred to as MDR) is a solution that delivers continuous managed protection, enabling organizations to hunt down evasive threats automatically, while freeing up IT security teams to focus on critical tasks that require their involvement.
• MDR Web Console provides a web interface for managing and maintaining the protection system of a client organization's network that is managed by Kaspersky Managed Detection and Response. In addition to MDR Web Console, the Kaspersky Security Center web plug-in was added to allow the management of Kaspersky Managed Detection and Response within a single administration console.
• The MDR API is the Application Programming Interface for managing and supporting the network protection system of a client organization managed by Kaspersky Managed Detection and Response.