Contents
Detection and response capabilities
This section contains information about Kaspersky solutions that can be integrated into Kaspersky Security Center Cloud Console to add the detection and response capabilities to the console.
Page topAbout detection and response capabilities
Kaspersky Security Center Cloud Console can integrate features of other Kaspersky solutions into the console interface. For example, you can add the detection and response features to the functionality of Kaspersky Security Center Cloud Console.
The detection and response solutions are designed to protect an organization's IT infrastructure from complex cyberthreats. The solutions' functionality combines automatic threat detection with the ability to respond to these threats to resist complex attacks, including new exploits, ransomware, fileless attacks, and methods that use legitimate system tools.
You can integrate the following solutions:
- Kaspersky Endpoint Detection and Response Optimum
After a Kaspersky Endpoint Protection Platform (also referred to as EPP) application detects a threat, Kaspersky Security Center Cloud Console adds a new alert to the alert list. An alert contains detailed information about the detected threat and enables you to analyze and investigate the threat. You can also visualize the threat by creating a threat development chain graph. The graph describes the deployment stages of the detected attack in time.
As a response, you can choose one of the predefined response actions, for example, isolate an untrusted object, isolate a compromised device from the network, or create an execution prevention rule for an untrusted object.
For information about the solution activation, see the Kaspersky Endpoint Detection and Response Optimum documentation.
- Kaspersky Managed Detection and Response
After a Kaspersky EPP application detects a threat, Kaspersky Security Center Cloud Console adds a new incident to the incident list. An incident contains detailed information about the detected threat. The MDR Security Operation Center (SOC) analysts of Kaspersky or a third-party company investigate the incidents and offer responses to solve the incidents. You can accept or reject the offered measures manually, or enable the option to auto-accept all of the responses.
For information about the solution activation, see the Kaspersky Managed Detection and Response documentation.
- Kaspersky Endpoint Detection and Response Expert
This is a solution for organizations that have a team of SOC analysts. The detected threats are registered as alerts or incidents that can be assigned to SOC analysts for investigation. Kaspersky Endpoint Detection and Response Expert provides you with detailed information on each alert or incident, as well as the tools for alert and incident management, threat hunting, and custom rules development. The SOC analysts or security officers can manually select the response actions, or the predefined automated response measures can be taken.
For information about the solution activation, see the Kaspersky Endpoint Detection and Response Expert documentation.
Interface changes after integrating the detection and response features
The following Kaspersky solutions provide detection and response features that can be integrated into the interface of Kaspersky Security Center Cloud Console:
- Kaspersky Endpoint Detection and Response (EDR) Optimum
- Kaspersky Managed Detection and Response (MDR)
- Kaspersky Endpoint Detection and Response (EDR) Expert
The table below lists the changes that the solutions make in the interface of Kaspersky Security Center Cloud Console after integration.
Interface changes made by integrated Kaspersky solutions
Solution |
Changes in Kaspersky Security Center Cloud Console |
|---|---|
Kaspersky EDR Optimum |
Adds the following elements:
|
Kaspersky MDR
|
Adds the following elements:
|
Kaspersky EDR Expert |
Adds the following elements:
|