Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
I prefer to be contacted by:
View our privacy policy

Overview

Unlock the full power of your Microsoft technology

In partnership with Kroll Responder MDR, Microsoft’s email, cloud and endpoint technology provides an outcomes-driven solution to reduce cyber risk by identifying and stopping threat actors before they lead to costly damage. Kroll Responder managed detection and response for Microsoft provides enriched telemetry, frontline threat intelligence and complete response capabilities to enable you to maximise your native endpoint and cloud technology.

Kroll Responder MDR enhances Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organisation’s mailboxes, networks and endpoints.

Microsoft and Kroll: the perfect partnership

After four decades of global threat investigations and over 3,000 incidents handled every year, we know a strategic response is the best way to successfully mitigate any incident.

Kroll Responder MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) to deliver enhanced visibility and rapidly shut down cyber threats. Kroll Responder simplifies your cyber security telemetry to draw out meaningful and actionable data and rapidly detect and close cyber events.

Benefits

MDR for Microsoft Security benefits

Full coverage

Kroll takes telemetry from Microsoft Sentinel and Microsoft Defender for Endpoint to identify, close and neutralise threats, working with your security teams for remediation activity.

Unified telemetry

Kroll Responder MDR utilises critical telemetry, along with any third-party EDR, network, cloud, and SaaS providers, to deliver enhanced visibility and shut down cyber threats.

Enriched threat intelligence

Kroll’s wide range of cyber functions, such as detection engineering, malware analysis, threat intelligence and incidence response, keeps your teams better informed.

Actionable intelligence

Using custom rules combined with Kroll’s centralised intelligence network, derived from front-line observations, ensures a swift reduction in the impact of a security incident.

Find out more

Get in touch

Packages

Microsoft MDR: Product Overview

Package Outcomes Platform Coverage
Responder for MS 365 • Unified alerting and reporting of O365 security controls
• Monitoring of sensitive SharePoint and OneDrive files
• Monitoring for account misuse or unauthorized access
• Reduction in risk for BEC type compromises
• 24x7 threat monitoring, triage, investigation and response
• Integration of Kroll’s applied threat intelligence
Microsoft Defender for 365
Microsoft Defender for Identity
Microsoft Azure Active Directory
Responder for MS Endpoint • Containment and remediation of infected endpoint(s)
• Prevention and isolation of malicious files and processes
• Identification of persistence and eviction of the adversary
• Major incident report, root cause analysis for major incidents
• 24x7 threat monitoring, triage, investigation, remediation
• 24x7 remote digital forensics and incident response (DFIR)
• Integration of Kroll’s applied threat intelligence
• Robust account management
Microsoft Defender for Endpoint
Responder for MS Cloud Networks • Centralized log collection and long-term log storage
• Visibility into IaaS, PaaS and SaaS workloads
• Coverage across Azure and hybrid cloud environments
• Advanced correlation rules and behavioural analytics
• Identity and access monitoring across Azure AD
• Proactive threat hunting and intelligence enrichment
• 24x7 threat monitoring, triage, investigation and response
• Advanced correlation rules and behavioural analytics
• Proactive threat hunting
• Integration of Kroll’s applied threat intelligence
Microsoft Defender for Cloud
Microsoft Log Analytics
Microsoft Sentinel IaaS, PaaS, SaaS
On-Premise, hybrid and cloud environments

Microsoft MDR FAQs

Frequently asked questions

What is MDR?

Managed Detection and Response is a specialist type of security service designed to help organisations rapidly detect and respond to cyber threats across their network and endpoints. MDR services adopt a fully turnkey approach – providing the people, technology and intelligence as part of one overall service.

How does Kroll MDR work in conjunction with Microsoft?

Kroll Responder Microsoft MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) in order to draw out meaningful and actionable data to deliver enhanced visibility and rapidly shut down cyber threats.

What are the benefits of this approach to MDR?

Kroll Responder MDR for Microsoft helps businesses to achieve more from their investment in native endpoint and cloud technology. It provides them with enhanced threat visibility in one single view and comprehensive response capabilities. This approach also keeps your security team more up to date and better prepared to respond to potential security threats.

Which Microsoft technology does Kroll Responder work with?

Kroll Responder MDR for Microsoft Security is available in three packages: Responder for MS O365, Responder for MS Endpoint and Responder for MS Cloud Networks. Specific features, outcomes and coverage will vary according to your choice of package. For more insight into the different options, view the Product Overview table above.

What are the security outcomes of Kroll Responder Microsoft MDR?

Security outcomes of Kroll Responder for MS O365 include unified alerting and reporting or O365 security controls, and a reduction in risk for BEC-type compromises, while the outcomes of Responder for MS Endpoint include the identification of persistence mechanisms and eviction of the adversary and 24×7 threat monitoring, with triage, investigation, analysis and remediation. Outcomes for Responder for MS Cloud Networks include proactive human-led threat hunting and threat intelligence enrichment and 24×7 threat monitoring, with triage, investigation, analysis and response. View the table above for details of all outcomes for the three different options.

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
30th January 2023
IT leaders view security as essential to business transformation
Almost a quarter (22%) of IT leaders recognise cyber security as a key foundation for digital transformation, according to new research.
23rd January 2023
Nearly half of critical manufacturing organisations at risk of breach
With high severity vulnerabilities continuing to increase in manufacturing, nearly half (48%) of critical manufacturing companies are vulnerable to a breach, according to a new report.    
16th January 2023
Customer and employee data most valued by cyber-attackers
A new report has confirmed that customer and employee data is the information most highly valued by hackers.
9th January 2023
Global cyber-attacks increased by 38% in 2022
The volume of cyber-attacks recorded in 2022 was almost two-fifths higher than the total volume seen in the previous year, according to new research.