Kroll Responder Kroll Responder

Kroll Responder MDR for Microsoft Security

Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.

Get a Demo
MDR Microsoft

Organizations worldwide call on Kroll to protect, detect and respond to cyber threats quickly, accurately and efficiently. Microsoft’s email, cloud and endpoint technology—in conjunction with with Kroll Responder MDR—provides an outcomes-driven solution to reduce cyber risk by identifying and stopping threat actors before they lead to costly damage.

Kroll Responder MDR enriches Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organization’s mailboxes, networks and endpoints.  

Unlock the full power of your Microsoft technology investments, layering the expertise of the Kroll Responder team to quickly identify threats.

Get a Demo

MDR Microsoft

Kroll Responder MDR for Microsoft Security: Product Overview

A brief overview of the outcomes and platform coverage provided by Kroll Responder for Microsoft.

Package

Outcomes

Platform Coverage

Responder for
MS O365


  • Unified alerting and reporting
    or O365 security controls
  • Monitoring of sensitive files stored
    online, in SharePoint and OneDrive
  • Monitoring for misuse of privileged
    accounts or unauthorized access
  • Reduction in risk for BEC type
    compromises
  • 24x7 threat monitoring, with triage,
    investigation, analysis and response
  • Integration of Kroll’s applied
    threat intelligence
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Azure Active Directory

Responder for
MS Endpoint


  • Containment and remediation
    of infected endpoint(s)
  • Prevention and isolation of
    malicious files and processes
  • Identification of persistence
    mechanisms and eviction of
    the adversary
  • Major incident report
    with root cause analysis
    for all major incidents
  • 24x7 threat monitoring, with triage,
    investigation, analysis
    and remediation
  • 24x7 remote digital forensics and
    incident response (DFIR)
  • Integration of Kroll’s
    applied threat intelligence
  • Robust account management
  • Microsoft Defender for Endpoint

Responder for MS Cloud
Networks


  • Centralized log collection and
    long-term log storage
  • Visibility into IaaS, PaaS and SaaS
    workloads, across Azure and
    hybrid cloud environments
  • Advanced correlation rules
    and behavioural analytics
  • Identity and access monitoring
    across Azure AD and third-party
    platforms
  • Proactive human-led threat
    hunting and threat intelligence
    enrichment
  • 24x7 threat monitoring, with triage,
    investigation, analysis and response
  • Advanced correlation rules
    and behavioural analytics
  • Proactive threat hunting
  • Integration of Kroll’s
    applied threat intelligence
  • Microsoft Defender for Cloud
  • Microsoft Log Analytics
  • Microsoft Sentinel
    IaaS, PaaS and SaaS Platforms
  • On-Premise, hybrid and cloud environments

Watch Pierson Clair explain how Kroll Responder, our managed detection and response solution, seamlessly integrates with Microsoft Sentinel, Microsoft 365 Defender and Microsoft Defender for Cloud to deliver continuous threat visibility, hunting and Complete Response across their Microsoft and third-party environments.


Microsoft and Kroll: The Perfect Partnership

After four decades of global threat investigations and over 3,000 incidents handled every year, we know a strategic response is the best way to successfully mitigate any incident.

Kroll Responder MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) to deliver enhanced visibility and rapidly shut down cyber threats.

Kroll Responder simplifies your cyber security telemetry to draw out meaningful and actionable data and rapidly detect and close cyber events. 

Watch Pierson Clair explain how Kroll Responder, our managed detection and response solution, seamlessly integrates with Microsoft Sentinel, Microsoft 365 Defender and Microsoft Defender for Cloud to deliver continuous threat visibility, hunting and Complete Response across their Microsoft and third-party environments.


Full Coverage and Deep Insight of Your Environments

Kroll will take telemetry from Microsoft Sentinel and Microsoft Defender for Endpoint to identify, close and neutralize threats, working with your security teams for remediation activity.

Unify Your Security Telemetry Across the Microsoft Ecosystem

Kroll Responder MDR takes this information, along with any third-party EDR, network, cloud, and SaaS providers, to deliver enhanced visibility and rapidly shut down cyber threats.

Enrich Your Threat Intelligence Reporting

Kroll’s wide range of cyber functions—such as detection engineering, malware analysis, threat intelligence and incidence response—allows your teams to be informed on threats.

Utilize Actionable Intelligence

Using custom rules combined with Kroll’s centralized intelligence network, derived from front-line observations, ensures a swift reduction in the impact of a security incident.

 

Kroll Responder MDR for Microsoft Security: Key Features

Features

Responder for MS O365

Responder for MS Endpoint 

Responder for MS Cloud Networks 

Access to The
Redscan Platform

Service reporting

Weekly threat
intelligence reporting

Intelligence-led
detection engineering

Threat intelligence
enriched
alerting / detections

Access to a
seasoned Incident
Response team

 

Log data and
network monitoring

Endpoint detection

 

 

Alert triage

Alert analysis

Remediation advice

Security Orchestration
Automation and
Response (SOAR)

Major incident
report, with root cause
analysis

 

 

Policy, audit
and compliance

 

Incident Warranty

 

 

The Kroll Responder Advantage

Enhanced Threat Visibility
Enhanced threat visibility
Total Visibility
Total visibility of your environment in a single view
Complete response capabilities
Complete response capabilities

Get a Demo

This field is required
This field is required
This field is required
This field is required A valid email address is required
Please select an Option
This field is required
This field is required
We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.

Stay Ahead with Kroll Stay Ahead with Kroll

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Enlist experienced responders to handle the entire security incident lifecycle.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Incident Response Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Malware Analysis and Reverse Engineering

Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.

Cyber Litigation Support

Whether responding to an investigatory matter, forensic discovery demand, or information security incident, Kroll’s forensic engineers have extensive experience providing litigation support to help clients win cases and mitigate losses.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Explore insights

Cyber


Live from Davos – Cyber in 2023: Geopolitical and Economic Risks

Jan 16, 2023

by Jason N. SmolanoffMegan  Greene

Cyber


Q2 2022 Threat Landscape: Ransomware Returns, Healthcare Hit

Aug 10, 2022

by Laurie IaconoKeith Wojcieszek George Glass

Cyber


New MFA Bypass Phishing Method Uses WebView2 Applications with Hidden Keylogger

Jul 28, 2022

by Scott Hanson Mikesh Nagar, George Glass

Cyber


CVE-2021-43702 from Discovery to Patch: ASUS Modem/Router Device Takeover Vulnerability

Jun 21, 2022

by Luke Walker

Cyber


Bumblebee Loader Linked to Conti and Used In Quantum Locker Attacks

Jun 06, 2022

by George Glass

Cyber


MFA Prompt Bombing No More: Countering MFA Bypass Tactics

May 23, 2022

by Devon AckermanPierson ClairDavid Wagner Joshua Karanouh-Schuler

Conference


Kroll at RSA Conference 2023

Conference Conference Apr 24 - Apr 27, 2023 | Conference

Webcast


KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event