Kroll Responder MDR for Microsoft Security

Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Get a Demo

Organizations worldwide call on Kroll to protect, detect and respond to cyber threats quickly, accurately and efficiently. Microsoft’s email, cloud and endpoint technology—in conjunction with with Kroll Responder MDR—provides an outcomes-driven solution to reduce cyber risk by identifying and stopping threat actors before they lead to costly damage.

Kroll Responder MDR enriches Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organization’s mailboxes, networks and endpoints.  

Unlock the full power of your Microsoft technology investments, layering the expertise of the Kroll Responder team to quickly identify threats.

Get a Demo

Kroll Responder MDR for Microsoft Security: Product Overview

A brief overview of the outcomes and platform coverage provided by Kroll Responder for Microsoft.

Package
Outcomes
Platform Coverage
Responder for MS O365
  • Unified alerting and reporting
    or O365 security controls
  • Monitoring of sensitive files stored
    online, in SharePoint and OneDrive
  • Monitoring for misuse of privileged
    accounts or unauthorized access
  • Reduction in risk for BEC type
    compromises
  • 24x7 threat monitoring, with triage,
    investigation, analysis and response
  • Integration of Kroll’s applied
    threat intelligence
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Azure Active Directory
Responder for MS Endpoint
  • Containment and remediation
    of infected endpoint(s)
  • Prevention and isolation of
    malicious files and processes
  • Identification of persistence
    mechanisms and eviction of
    the adversary
  • Major incident report
    with root cause analysis
    for all major incidents
  • 24x7 threat monitoring, with triage,
    investigation, analysis
    and remediation
  • 24x7 remote digital forensics and
    incident response (DFIR)
  • Integration of Kroll’s
    applied threat intelligence
  • Robust account management
  • Microsoft Defender for Endpoint
Responder for MS Cloud Networks
  • Centralized log collection and
    long-term log storage
  • Visibility into IaaS, PaaS and SaaS
    workloads, across Azure and
    hybrid cloud environments
  • Advanced correlation rules
    and behavioural analytics
  • Identity and access monitoring
    across Azure AD and third-party
    platforms
  • Proactive human-led threat
    hunting and threat intelligence
    enrichment
  • 24x7 threat monitoring, with triage,
    investigation, analysis and response
  • Advanced correlation rules
    and behavioural analytics
  • Proactive threat hunting
  • Integration of Kroll’s
    applied threat intelligence
  • Microsoft Defender for Cloud
  • Microsoft Log Analytics
  • Microsoft Sentinel
    IaaS, PaaS and SaaS Platforms
  • On-Premise, hybrid and cloud environments
The human factor is something I’m always looking for. This personal approach is something I noticed from my first engagement with Kroll, and it is still true today.
Head of IT, BSM
Watch Pierson Clair explain how Kroll Responder, our managed detection and response solution, seamlessly integrates with Microsoft Sentinel, Microsoft 365 Defender and Microsoft Defender for Cloud to deliver continuous threat visibility, hunting and Complete Response across their Microsoft and third-party environments.

Microsoft and Kroll: The Perfect Partnership

After four decades of global threat investigations and over 3,000 incidents handled every year, we know a strategic response is the best way to successfully mitigate any incident.

Kroll Responder MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) to deliver enhanced visibility and rapidly shut down cyber threats.

Kroll Responder simplifies your cyber security telemetry to draw out meaningful and actionable data and rapidly detect and close cyber events. 

Full Coverage and Deep Insight of Your Environments

Kroll will take telemetry from Microsoft Sentinel and Microsoft Defender for Endpoint to identify, close and neutralize threats, working with your security teams for remediation activity.

Unify Your Security Telemetry Across the Microsoft Ecosystem

Kroll Responder MDR takes this information, along with any third-party EDR, network, cloud, and SaaS providers, to deliver enhanced visibility and rapidly shut down cyber threats.

Enrich Your Threat Intelligence Reporting

Kroll’s wide range of cyber functions—such as detection engineering, malware analysis, threat intelligence and incidence response—allows your teams to be informed on threats.

Utilize Actionable Intelligence

Using custom rules combined with Kroll’s centralized intelligence network, derived from front-line observations, ensures a swift reduction in the impact of a security incident.

Kroll Responder MDR for Microsoft Security: Key Features

Features
Responder for MS O365
Responder for MS Endpoint
Responder for MS Cloud Networks
Access to The Redscan Platform
Alert analysis
Remediation advice
Security Orchestration Automation and Response (SOAR)
Major incident report, with root cause analysis
Policy, audit and compliance
Incident Warranty
Service reporting
Weekly threat intelligence reporting
Intelligence-led detection engineering
Threat intelligence enriched alerting / detections
Access to a seasoned Incident Response team
Log data and network monitoring
Endpoint detection
Alert triage

The Kroll Responder Advantage

Enhanced threat visibility
Total visibility of your environment in a single view
Complete response capabilities

Get a Demo

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.
Stay Ahead with Kroll

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.


Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Malware Analysis and Reverse Engineering

Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.


Cyber Litigation Support

Whether responding to an investigatory matter, forensic discovery demand, or information security incident, Kroll’s forensic engineers have extensive experience providing litigation support and global eDiscovery services to help clients win cases and mitigate losses.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.