Kroll Responder
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
24x7 Threat Detection and 'Complete Response'
Security teams need access to the experience and know-how to recognize a real threat from a false alarm, understand how to stop it in its tracks no matter where it’s hiding, and neutralize it before it damages their business.
Kroll Responder managed detection and response (MDR) provides extended security monitoring around-the-clock, earlier insight into targeted threats, and complete response to contain and eradicate threats across your digital estate.
Stop Cyberattacks With Unrivaled Managed Detection and Response
98%
10x
7+ Hours
$1 Million
Kroll Responder MDR: In Tune with the Threat Landscape
Earlier Insight Into Targeted Threats From Our Frontline Threat Intelligence
Responder consumes and filters intelligence directly from the thousands of incident responses we conduct each year. We combine this threat intelligence from our own dark web research, open-source, commercial and law enforcement intelligence, to our update detections in near real-time so we can take action before it impacts your business.
Extended Visibility and Control of Your Entire Digital Footprint
Complete Response That Improves Your Security Posture
Our Complete Response Now With a Complimentary $1 Million Warranty!
- Available for all Kroll Responder clients utilizing the Redscan platform with endpoint protection
- New and existing clients benefit from the warranty
- No vendor-specific hardware requirements to benefit from the warranty
Mature Your Security with Proactive Hunting and Rapid Response
Explore Kroll Responder at work:
Telemetry & Intelligence
Telemetry is collected from across your networks, endpoints, and cloud environments, ingested into the Redscan platform - our centralized, tech-agnostic virtual interface – and enriched with the latest threat intelligence.
Detection & Triage
Our custom-built detections and watchlists generate high-fidelity alerts that are grouped together to create ‘Incidents’.
Investigation & Hunting
Cases are triaged Incidents are investigated by our 24/7 Security Operations team, using initial findings to hunt deeper before escalating high severity incidents to our elite Incident Response team.
Containment & Remediation
Automated response playbooks are enhanced with robust remediation to disrupt, contain, and eradicate threats before they cause costly damages.
Telemetry & Intelligence
Telemetry is collected from across your networks, endpoints, and cloud environments, ingested into the Redscan platform - our centralized, tech-agnostic virtual interface – and enriched with the latest threat intelligence.
Kroll demonstrated that they could join up the dots to help us achieve better security visibility—more so than any other provider we spoke to.
IT Director, Asset Management Firm
Why Kroll for MDR?
Threat Detection Fueled by the Largest Database of Live Breach Intelligence
Kroll’s unique position of having the largest IR market share, as referenced by Forrester, gives us access to the largest pool of breach intelligence from the thousands of IR investigations conducted by our DFIR team each year. We combine this with intelligence from our offensive and managed security engagements, the dark web, external partners, and open-source research to update our detections in near real-time.
An MDR Service With ‘Complete Response’
Customers have traditionally been disappointed with the “response” from most MDR providers, which often stop at “containment” and put the onus on you to remediate. We go through the entire process, removing persistence, cleaning up malware, even reverse engineering it, and assisting through the recovery process. Kroll Responder uses the same DFIR team which conducts 1000s of high-profile breach investigations a year. We extend that service to you, which means you get the value of remote digital forensics and incident response without additional cost.
Unrivaled Response Fueled by Remote Live Forensics
No matter where threats appear in your systems, seasoned incident response investigators behind Kroll Responder are armed with proprietary digital forensics tools like KAPE to dig deeper, at no extra cost. We can:
- Collect additional forensic evidence, including from virtual machines, using proprietary tools
- Enrich findings with extensive intelligence from our cases
- Write custom scripts to purge evil and eliminate persistence
- Reverse engineer suspicious malware
- Validate remediation of threat and "clean" status for impacted systems
Redscan: Unified Threat Management Platform
Kroll Responder is powered by Redscan, our threat management platform, which acts as a centralized interface between your team and our Security Analysts, Incident Responders, Threat Intelligence teams and Detection Engineers – ensuring complete transparency in all activities.
Redscan automatically ingests and correlates telemetry and threat intel from a variety of detection technologies such as EDR, SIEM, NDR, as well as Dark Web sources to provide a single pane of glass for managing security incidents and threat intelligence alerts.
Key Features
- Single view of validated incidents, alerts and SOC investigations
- Collaborative virtual interface between Kroll’s SOC team and your in-house team
- Raise service requests such as tailored reporting, custom detections, alert whitelisting, new log sources and more.
- KPI-driven service reporting and metrics
- Enrichment of security alerts with frontline threat intelligence
Faster incident alerting enables us to better understand what is going on in our network and react more quickly.
Head of IT, Global Manufacturer
Enriched MDR for Microsoft Security
Organizations currently leveraging Microsoft solutions—such as Defender, Azure Sentinel or M365—can benefit from enriched telemetry, frontline threat intel and Kroll’s Complete Response suite via Kroll Responder managed detection and response for Microsoft.
Augment Your Security Operations with 24x7 Hunting and Response
- We Detect.
Rich telemetry goes through our sophisticated detection and triage engine for enhanced visibility and proactive hunting. - We Hunt.
Potential threats and IOCs are sent to our investigators for triage. Our team will go live in your systems to dig deeper into the incident, validate threats and determine root causes. - We Contain.
Our team will isolate compromised endpoints, update WAFs and firewalls, and interact with authentication platforms to stop attacks and curtail potential spread, revoking access to compromised systems and offering you guidance in the process.
- We Remediate.
Once a threat has been contained, we will eradicate any malware or bad actors to secure your endpoints and eliminate residual threats to your systems from this incident. Our risk management expertise means we can also support board level communications, regulatory and consumer notifications, litigation support, and digital risk protection. - We Optimize.
Even after we’ve successfully responded to an incident, we’ll continue to aid you in next steps with new recommendations to harden your systems against future attacks. Our rich consulting expertise means we can also assist with larger assessments, overall cyber risk governance improvements, and even act as your virtual CISO.
Our Technology Partners
Stay Ahead With Kroll
Kroll Responder MDR for Microsoft Security
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Cyber Litigation Support
Whether responding to an investigatory matter, forensic discovery demand, or information security incident, Kroll’s forensic engineers have extensive experience providing litigation support and global eDiscovery services to help clients win cases and mitigate losses.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Malware and Advanced Persistent Threat Detection
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Breach Notification
Kroll’s data breach notification solutions – from drafting compliant letters, to full-service mailing help, to alternate notifications for large breaches – take the burden off your organization.
