About detection and response capabilities for MSPs
Kaspersky Security Center Cloud Console can integrate features of other Kaspersky applications into the console interface. For example, you can add the detection and response features to the functionality of Kaspersky Security Center Cloud Console by integrating the following applications:
- Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Detection and Response Optimum is a solution designed to protect an organization's IT infrastructure from complex cyberthreats. The solution's functionality combines automatic threat detection with the ability to respond to these threats to resist complex attacks, including new exploits, ransomware, fileless attacks, and methods that use legitimate system tools.
After a Kaspersky Endpoint Protection Platform (EPP) application detects a security incident, a detailed card with important data about the security incident is generated in Kaspersky Security Center Cloud Console. The incident card is generated by one of the following applications:
- Kaspersky Endpoint Agent which is installed together with a Kaspersky EPP application
- Kaspersky Endpoint Security 11.7.0 for Windows or later which has built-in EDR Optimum functionality and does not require additional installation of Kaspersky Endpoint Agent
An incident card enables you to analyze and investigate the incident. Also, you can visualize the incident by creating a threat development chain graph. The graph describes the deployment stages of the detected attack in time. The created graph includes information about the modules involved in the attack and the actions performed by these modules.
You can also initiate a chain of response actions: create an execution prevention rule for an untrusted object; search for similar incidents in the device group, based on the selected indicators of compromise (IOC); isolate an untrusted object; isolate a compromised device from the network.
For information about the application activation, see the Kaspersky Endpoint Detection and Response Optimum documentation.
If integrated, this application adds the Alerts section to the interface of Kaspersky Security Center Cloud Console (Monitoring & reporting → Alerts).
- Kaspersky Managed Detection and Response
Kaspersky Managed Detection and Response delivers round-the-clock protection from the growing volume of threats that circumvent automated security barriers to organizations who struggle to find the expertise and staff, or for those with limited in-house resources. The MDR SOC analysts of Kaspersky or a third-party company investigate the incidents and offer responses to solve the incidents. You can accept or reject the offered measures manually, or enable the option to auto-accept all of the responses.
For information about the application activation, see the Kaspersky Managed Detection and Response documentation.
If integrated, this application adds the Incidents section to the interface of Kaspersky Security Center Cloud Console (Monitoring & reporting → Incidents).
You can show or hide the interface elements that refer to the Kaspersky Endpoint Detection and Response or Kaspersky Managed Detection and Response features at any time in the Interface options section of Kaspersky Security Center Cloud Console.