Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
GET IN TOUCH

Speak to an MDR expert

Get in touch for a no obligation quote

1000 characters left
View our privacy policy

Overview

What is Managed Detection and Response (MDR)?

All organisations need the ability to detect and contain threats. For all but the largest enterprises, however, the staff and infrastructure costs associated with running a Security Operations Centre (SOC) are simply too high. Even those with extensive in-house resources may lack the expertise and visibility to adequately defend themselves against the latest threats.

Managed Detection and Response (MDR) is a service designed to address these challenges by providing the people, processes, and technologies required to strengthen an organisation’s security posture and reduce its risk exposure.

Kroll Responder is an outcome-focused MDR service that provides the frontline intelligence, high-fidelity detections and incident response support required to shut down threats across your organisation’s networks & endpoints before they cause damage and disruption.

Resources

Benefits

Extensive threat visibility

Without awareness of activity inside your organisation’s network, it can be impossible to know if systems and data are in danger of being compromised. Kroll Responder provides extensive threat visibility across on-premises, cloud and hybrid environments, 24/7.

Continual detection of attacks

With the threat landscape constantly evolving, it’s important to ensure that detection capabilities keep pace. Kroll Responder leverages the latest security tools and threat intelligence to ensure your organisation is prepared to respond to current and emerging cyber threats.

Eases the pressure on in-house teams

Kroll’s Security Operations Centre experts manage and monitor all the security technologies included as part of Kroll Responder. By investigating and triaging all the alerts they generate, our analysts ensure that your in-house team is not burdened with the responsibility of around-the-clock threat detection.

Unrivaled response

A swift response to cyber incidents demands a high level of situational awareness. Kroll Responder ensures that members of your security team are not weighed down by irrelevant alerts and that when genuine incidents occur, they receive the actionable mitigation guidance and automated response actions needed to respond effectively.

Reduces time to maturity

By operating as an extension of your organisation, Kroll Responder enables you to quickly elevate security capabilities to enterprise level. The service helps to make processes more efficient, ensuring that important security events don’t get missed, and your team is free to focus on other priorities.

Facilitates compliance

A proactive approach to threat detection is now required to achieve compliance with the latest regulations and standards. With Kroll Responder, you can quickly elevate your organisation’s cyber security capabilities to a level needed to help meet the requirements of the GDPR, NIS Directive, PCI DSS, ISO 27001, and more.

How our service works

The visibility to detect
The context and actions to respond

01

Ingestion

Telemetry is collected from across your networks, endpoints, and cloud environments, analysed using the latest machine learning and behavioural detection engines, then enriched with the latest threat intelligence.

02

Analytics

Detections are correlated and then grouped together by common attributes to create ‘cases’ – providing a more complete overview of security events.

03

Investigation

Cases are triaged by Kroll’s 24/7 Security Operations Centre experts, and those which require attention are raised to your security team as prioritised incidents.

04

Response

Clear remediation guidance and automated response actions are supplied to swiftly disrupt, contain and eliminate threats before they result in damage and disruption.

What Our Customers Say

4.8/5 - based on 54 Reviews
“Redscan’s security experts work hand in hand with our in-house team, providing us with the insights we need to identify and eliminate threats across our environment 24/7.
IT Security & Infrastructure Director
“Thanks to Redscan, we’re in an infinitely better place now. We have got more visibility than we ever had, and critically, in all the right places. I can now sleep easy knowing that Redscan’s expertise is protecting our business.”
Head of Technology & Cybersecurity
Housebuilding Company
“With so much organisational change, this is a time of incredible pressure on our small team. Partnering with Redscan is making it easier for us to address the security challenges of business consolidation.”
Head of IT Security
Global Plastics Manufacturer
“Redscan staff are always on hand to provide swift, clear advice. They help us keep a constant eye on our network and respond quickly to incidents to ensure systems remain operational.”
IT Director
Private Hospital
“I can offer a higher level of assurance at board level about our information security now. Redscan gives us a broader lens on a complex and changing environment.”
IT Director
Global Asset Manager
“We now know we’ve got eyes on our critical assets and that those events are being looked at, scrutinised, triaged and qualified as legitimate or false positives. That is night and day in contrast with where we were before our relationship with Redscan.”
Head of Technology & Cybersecurity
Housebuilding Company
"Redscan's cost effective service gives us peace of mind that we are doing all we can to protect our clients, our business, our staff, our counterparties and other partners."
Head of IT Infrastructure
Asset Management Firm
“Faster incident alerting enables us to better understand what is going on in our network and react more quickly. From an advice side of things, it’s great to be able to talk to knowledgeable people and discuss solutions to help mitigate our security risks.”
Head of IT Security
Global Plastics Manufacturer
“With Redscan, we are able to understand and quickly identify any threats. Redscan’s support gives us the freedom to feel more secure and be more productive.”  
Head of IT
Global Shipping Company
“By working in partnership with Redscan, we have significantly improved our operational resilience.”  
Head of Cyber Security
Specialist bank
“Thanks to Redscan we now have a solution that gives us the ability to monitor, isolate and eliminate threats across our IT infrastructure.”
Head of IT
Private Hospital
“The personal approach is something I noticed from my first engagement with Redscan and it is still true today. We have 30 locations worldwide and it is valuable to have a third party being proactive in identifying potential security issues.”
Head of IT
Global Shipping Company
“Services like these are few and far between.”
Head of IT Infrastructure
Asset Management Firm
“I value the fact that Redscan aggregates insight about the cyber-attacks it sees on other customers and retrospectively applies it to other organisations, so we all benefit from that knowledge.”  
Head of Cyber Security
Specialist bank
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director
Global Asset Manager

Features

A turnkey solution for threat detection

Kroll Responder provides everything your organisation needs to detect and respond, 24/7.

View full service features table.

Experienced SOC experts
Our specialist team of security analysts and engineers work as a virtual extension of your team to ensure your organisation is always aware of security incidents.
High-fidelity telemetry
To achieve deeper threat visibility and enhance decision-making, Kroll Responder supports the integration of network and endpoint telemetry from a wide range of log sources.
Cyberoffensive intelligence
Real-world threat intelligence from our in-house research and offensive security engagements conducted by our Red Team ensures Kroll Responder is continually optimised to identify and help shut down attacks.
Best-in-class detection tools
Kroll’s agnostic approach to technology selection means that Responder includes the tools that deliver the best security outcomes for your organisation.
The Redscan platform
Our proprietary threat management platform is used by our SOC team to communicate incident information and mitigation guidance to your in-house team.
Integrated incident response
To facilitate incident response, Kroll Responder supplies actionable remediation guidance, automated response actions, and optional on-site support for priority incidents.
Rapid service deployment
Due to a streamlined on-boarding process, Kroll Responder can be protecting your organisation within a matter of weeks and easily scales up in line with future operational needs.
Scenario-based testing
In order to continually enhance threat visibility and coverage of adversarial tactics, Kroll Responder’s offensive security experts conduct simulated attacks aligned to testing frameworks such as MITRE ATT&CK.

Coverage

Threat detection and incident
response in the cloud

thumb
thumb
thumb
thumb
thumb
thumb
thumb

Amazon Web Services (AWS)
Continuously secure your cloud workloads with Kroll Responder MDR for AWS.

Microsoft Azure
Maintain a constant view of your cloud infrastructure with Kroll Responder MDR for Microsoft Azure.

Google Cloud Platform
Secure your cloud workloads with Kroll Responder MDR for GCP.

Microsoft Office 365
Secure your cloud applications with Kroll Responder MDR for Office 365.

Google G Suite
Gain visibility of your Google cloud applications with a Kroll Responder MDR service for G-Suite.

Microsoft Hyper-V
Benefit from 24/7 Hyper-V monitoring with Kroll Responder MDR.

Hybrid Cloud Monitoring
Secure your cloud and on-premises workloads with 24/7 hybrid cloud monitoring.

Kroll Responder brings together the best of machine intelligence and human expertise to swiftly identify and respond to threats, 24/7

High-fidelity security telemetry mapped to MITRE ATT&CK

Security orchestration

High-fidelity telemetry for threat awareness and decision advantage

To identify attacks, it’s important to not only use the best detection tools but also ensure they are fed the right security event data. Kroll Responder’s MDR experts integrate the most valuable security telemetry into your technology stack, benchmarking it against frameworks such as MITRE ATT&CK to minimise visibility blind spots.

Security event data alone is not enough – a deep level of threat intelligence is required to enrich it. Kroll Responder leverages the very latest offensive security and threat intelligence insights from our global team of experts to help improve real-time detection of the latest adversarial tactics and techniques.

More about threat intelligence More on MDR use cases

Cyber threat hunting

Seeking out known and unknown threats at the earliest stages of attack

Kroll’s proactive, data-driven approach to threat detection means that our security team doesn’t wait for alerts. Using a combination of manual and machine-assisted techniques, we continually search for indicators that could signal the presence of unknown threats. This includes tuning security systems to better understand regular network activity, creating watchlists and conducting scenario-based testing to validate the effectiveness of controls and processes.

Learn more about our SOC Learn more about threat hunting
Redscan's SOC team conducting cyber threat hunting

An infected endpoint being isolated from a network

events-based response

The security outcomes needed to rapidly respond

Being aware that there is a threat within your network is not enough. It is vital to respond before it achieves its objective. Kroll’s SOC analyses and triages all incoming security alerts and, once a genuine incident is identified, provides the actionable mitigation guidance and incident response actions your team needs to respond quickly and effectively.

Kroll Responder also includes ‘Events-based Response’ – automated playbooks to contain and disrupt a wide variety of threats. Virtual and on-site support to help resolve priority incidents is also offered.

Learn more about Cyber Incident Response

CyberOps incident displayed on desktop and mobile

The Redscan Platform

End-to-end threat management, security analytics and reporting

The Redscan Platform™ is the threat management platform used to deliver Kroll Responder. This highly intuitive system integrates with all the underlying technologies included as part of the service to enable our SOC team to provide swift and secure incident alerting through a single pane of glass.

Capable of operating on a standalone basis or integrating with popular ITSM tools, The Redscan Platform is also used to supply mitigation guidance, automate response actions, deliver service reports and present security analytics.

Learn more about The Redscan Platform

Meet some of our team

Juliette Hudson
“All of the SOC team undergo rigorous training to enable us to provide the best support and advice to our customers. Each of us loves what we do, which means we go the extra mile with every activity, from helping to tackle malware to forensic analysis.”    
Juliette
SOC Team Lead
Jack Akehurst
“Being technology-agnostic, we’re not limited by just one set technology stack. We use the best tools to deliver the optimum threat coverage and visibility for your business and integrate them seamlessly through our CyberOps platform.”
Jack
Lead Security Integration Engineer
George - Redscan team
“Staying on top of the latest threats is a constant challenge for organisations, but as your cyber security partner, we never take our eye off the ball.  We use the latest open source threat intelligence to proactively hunt out threats to make sure you’re protected today and tomorrow.”
George
Head of Threat Intelligence
Josh
“To safeguard your business, you need to have confidence that a cyber security provider is putting your needs first. At Kroll, we give your organisation the attention it deserves. We work closely with you to support your security strategy over the long-term.”
Josh
Team Lead, Technical Account Management

Our SOC

Easing the burden on your in-house team

Detecting and responding to threats can place a real strain on resources. Kroll Responder supplies the security specialists needed to detect and respond 24/7 . To ease the pressure, the service includes:

Full service deployment

Our SOC team deploys, configures and continually tunes all underlying detection technologies to ensure they as effective as possible.

Thorough alert investigation

We analyse, investigate and triage security alerts to ensure that we only provide notification of genuine incidents rather than false positives.

Actionable insights

We provide high quality incident information and support to help guide your organisation’s cyber security strategy over the long term.

Stakeholder reporting

We provide service reports and offer regular reviews to help key stakeholders within your organisation understand the latest security risks and measure service improvements.

Why Kroll?

Your trusted partner for
Managed Detection and Response

  • A leading global MDR company
  • Rated 9/10 for overall customer satisfaction
  • CREST-accredited Security Operations Centre
  • An outcome-focused approach
  • Red and blue team security expertise
  • Technology agnostic
Teiss Awards 2020 Winner

Learn more about our Kroll Responder MDR service

Complete the form for a prompt response from our team.

Contact us to learn more about our ThreatDetect service

 

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
22nd April 2024
Quishing attacks increase tenfold
According to new research, quishing attacks, a type of phishing that leverages QR codes, have significantly increased, rising from 0.8% in 2021 to 10.8% in 2024.
15th April 2024
Half of UK businesses affected by cyber-incident in the past year
According to a new report by the UK government, half of UK businesses have reported a cyber incident or data breach in the past 12 months.  
8th April 2024
Infostealers prominent in retail cyber-attacks
New research has highlighted that the use of infostealers dominated in cyber-attacks on retailers over the past year.  
2nd April 2024
Zero-day vulnerabilities soared by over 50% between 2022 and 2023
In a new report Google has revealed that the volume of zero-day vulnerabilities it detected rose by over 50% from 2022 to 2023, with bugs in third-party components on the increase.
Close

Get an MDR quote

Please fill out the form below and we'll get back
to you shortly to discuss your MDR requirements.
View our privacy policy