Responder for Microsoft Defender XDR
24x7 Managed Threat Detection and Complete Response for Microsoft Defender XDR.
Benefits
Detect Threats Earlier Across Identity, Email, Endpoint and Software-as-a-service (SaaS) Without Traditional Security Information and Event Management (SIEM) Costs
By correlating telemetry across the Microsoft Defender suite and layering 350+ custom Kroll detections on top of Microsoft Defender’s out-of-the-box (OOTB) detections, our analysts can quickly identify and piece together each step of an attack to enable a more comprehensive response and protect all systems affected.
Automated Response Across Defender Products With Real Kroll Digital Forensics and Incident Response (DFIR) Experts at No Extra Cost
Our “Complete Response” methodology includes a combination of integrated, automated response actions across your Defender stack, with seasoned DFIR investigators using the Microsoft and proprietary Kroll forensic tools to conduct further root-cause analysis, hunting for additional indicators of compromise.
Integrate the Right Microsoft Data Sources and Licenses as Needed
$1 Million Incident Protection Warranty
We’re so confident in our ability to improve your security posture that we include a $1 million incident protection warranty at no extra cost if your service includes endpoint detection and response (EDR). This warranty covers the costs of a range of potential cyber incidents, including ransomware, business email compromise, compliance and regulatory failures, as well as business income loss.
"Kroll provides us with a critical second set of eyes. They ensure we’re taking the right steps to achieve improved security. Kroll’s threat hunters and experts give us invaluable insights by looking into the wider security landscape."
– Kerri Slaney, Cyber Security Change Lead, Southern Housing
What’s Included
- 24x7 Monitoring and Analysis
Our integration with the Microsoft Defender suite enables our analysts to correlate telemetry across devices, identities, apps, email, data and cloud workloads; triage alerts; and carry out immediate investigation. - High-fidelity Threat Detection With More Than 430 Detection Use Cases
Reduce false positives with custom detection use cases from Kroll threat intelligence, incident response (IR) cases and OOTB use cases. - Automated Response and Remediation Guidance
Stop advanced cyberattacks, such as data exfiltration and business email compromise, with automated blocking of malicious files on endpoints, deleting mailbox rules and revoking sessions. - Platform management
We provide platform configuration, administration, rules management and 24x7 health and availability monitoring.
-
Unified Threat Management Platform
To ensure visibility of our detections and responses, we provide a single user interface via our threat management platform, which also enables you to interact with our experts, view reports or request specific support. - Threat Intelligence Reporting
Out-of-band and weekly threat intelligence reports help you stay on top of the changing threat landscape. - Technical Account Management
Access to Technical Account Management support is available when you need it, supplemented by quarterly service reviews.
How It Works
Why Choose Kroll as Your Microsoft MXDR Partner?
-
Advanced Specialization in Microsoft Threat Protection and Cloud Security
Microsoft’s validation acknowledges our deep knowledge, extensive experience and proven success at delivering tailored threat detection and response services. - Microsoft Cloud Solution Provider (CSP)
As a Microsoft CSP partner, we can deploy, set up and configure your Microsoft Security Stack and quickly deploy log sources and rules directly into your workspace while proactively carrying out deeper investigation on your tenant.
- Adversary-driven Threat Detection
You’ll benefit from Kroll’s unique exposure to thousands of IR investigations a year and shared intelligence across Kroll’s managed detection and response (MDR), IR, threat intelligence and offensive security research. - Complete Response Methodology
Pair Kroll Responder’s unlimited remote DFIR on any high-priority incident at no extra charge. - Industry Recognition and High-touch Engagement
Kroll has been recognized as an Overall Leader in KuppingerCole’s MDR Leadership Compass and ranked No. 7 in MSSP Alert’s Top 250 MSSPs for 2024.
– Head of IT, Bernhard Schulte Shipmanagement“The human factor is something I’m always looking for. This personal approach is something I noticed from my first engagement with Kroll, and it is still true today.”
Frequently Asked Questions
Our Technology Partners
Stay Ahead with Kroll
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder MDR for Microsoft Security
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
MDR for Microsoft 365
Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.
