SOC, TI and IR posts

Managed detection and response in 2021

Kaspersky Managed Detection and Response (MDR) helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients’ networks and analyze it using machine learning and artificial intelligence, plus human threat-hunting analysts. Kaspersky SOC investigates alerts and notifies the client if there is something bad going on, providing response actions and recommendations.

MDR in 2021 in numbers

In 2021:

  • Kaspersky MDR received 414K alerts.
  • 63.74% of received alerts were processed by SOC analysts, 6.67% of which were related to real incidents reported to customers via the MDR portal
  • 77.4% of all incidents are related to only one alert
  • 14% of incidents were high-severity, 66% medium-severity, and 20% low-severity
  • The average identification time of high-severity incidents was 41.4 minutes
  • 40.7% of high-severity incidents were targeted attacks; 18% were ethical offensive exercises (penetration testing, red teaming etc.)
  • Most incidents were detected at the initial access (27.3%) and lateral movement (16.3%) stages
  • Most often high-severity incidents were detected in IT (39%), industrial (30.2%), and financial (29.1%) organizations
  • The LOL binaries most often used by attackers were cmd.exe, powershell.exe, and rundll.exe

Download the full Kaspersky Managed Detection and Response 2021 report.

Managed detection and response in 2021

Your email address will not be published. Required fields are marked *

 

  1. Cristian

    Brunello Cucinelli Spa

    1. Securelist

      Hi Cristian!

      You filled in the comment form instead of PDF download form. If you cannot see the latter, please, try to add this page to exceptions in your browser settings and/or ad blocker.

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox