Managed Detection and Response

Configurations of Kaspersky Endpoint Security for integrating with MDR

The following configurations can be used to work with MDR:

• [KES+built-in agent]. In this configuration, Kaspersky Endpoint Security acts as both the application that ensures the security of the computer and the application for working with MDR. The built-in agent is available in Kaspersky Endpoint Security 11.6.0 for Windows or later.
• [third-party EPP+EDR Agent]. In this configuration, the security of the IT infrastructure is provided by the third-party Endpoint Protection Platform (EPP). The interaction with MDR is provided by Kaspersky Endpoint Security in the Endpoint Detection Response Agent (EDR Agent) configuration. In this configuration, EDR Agent is compatible with third-party EPP applications. EDR Agent is available in Kaspersky Endpoint Security 12.3 for Windows or later.

Support for previous versions of Kaspersky Endpoint Security

Kaspersky Endpoint Security version 11 and later supports the MDR solution. Kaspersky Endpoint Security versions 11 – 11.5.0 only sends telemetry data to Kaspersky Managed Detection and Response to enable threat detection. Kaspersky Endpoint Security version 11.6.0 has all the functionality of the built-in agent (Kaspersky Endpoint Agent).

If you are using Kaspersky Endpoint Security 11 – 11.5.0, you must update databases to the latest version to work with the MDR solution. You must also install Kaspersky Endpoint Agent.

If you are using Kaspersky Endpoint Security 11.6.0 or higher, you do not need to install Kaspersky Endpoint Agent to use the MDR solution.

If the Kaspersky Endpoint Security policy also applies to computers that do not have Kaspersky Endpoint Security 11 – 11.5.0 installed, you must first create a separate Kaspersky Endpoint Agent policy for those computers. In the new policy, configure integration with Kaspersky Managed Detection and Response.