Kaspersky MDR provides round-the-clock monitoring and threat detection to identified incidents, based on Kaspersky’s technological solutions and expertise.
Endpoint security solutions, installed on the customer side, collect and transmit telemetry, which is analyzed, first using machine learning technologies, and then by a team of attack detection experts using specialized detection rules, indicators of attack (IoA), and manual threat hunting based on enriched raw telemetry events. As a result of the investigation, response actions may be assigned based on the SOC analyst’s decision and, if approved by the MDR user, the endpoint protection platform (EPP) provides the response. If it is not possible to organize an automated response, recommendations on how to organize a manual investigation and response, with the help of the digital forensics team, is provided.