[Music]
integrating kaspersky managed detection
and response with kaspersky security
center cloud console specifics
kaspersky security center cloud console
is a kaspersky security center
administration server deployed in the
cloud essentially it is software as a
service
kaspersky security center cloud console
uses resources hosted in microsoft azure
infrastructure and does not require
additional investments
the administrator connects to the
administration server in a web browser
kaspersky takes care of the deployment
updates availability and scalability
the customers administrators only need
to install and manage endpoint security
applications
the customer is assumed to have a ready
kaspersky account which is used for
authentication in various kaspersky
services including the kaspersky
security center cloud console which is
located at ksc.kaspersky.com
let us skip creating a workspace for
kaspersky security center cloud console
since the wizard is quite simple
we will start from connecting to the
kaspersky security center cloud console
click go to workspace and the standard
interface of the kaspersky security
center web console will open in a few
seconds
you can integrate it with kaspersky
managed detection and response and
connect devices to the infrastructure
the same way as with an on-premises
kaspersky security center
we described this in our previous video
now let us focus on specifics of
interactions between kaspersky security
center cloud console and kaspersky
manage detection and response
a huge advantage of the web console is
that many things are automated and the
administrator doesn't have to bother
about them
for example all plugins are installed
automatically including the kaspersky
managed detection and response plugin
therefore the monitoring and reporting
incidence page is available immediately
let's open it
click the activate service button and
wait for a while
enter the kaspersky account under which
you are going to work with kaspersky
manage detection and response
we have already mentioned that an
application programming interface token
is generated in the kaspersky managed
detection and response portal and then
activated by the administration server
but the process looks seamless to the
user
you can see that the service has been
integrated successfully click start
setting up
select the check box i accept the
private ksn agreement to enable the use
of kaspersky private security network
kaspersky applications will send
telemetry there the configuration file
will be added automatically
and you will be redirected to the
getting started page
if you switch to the api tab you will
see that there is a new api token for
integration with the kaspersky managed
detection and response portal there
the first token was issued when we
configured integration with a local
kaspersky security center in the
previous video
let's open the service usage tab and
expand kaspersky security network
settings
it is important to ensure that the use
of kaspersky private security network
private ksn is enabled
this typically happens automatically but
may not be the case with some specific
settings of kaspersky security center
now let's open the administration server
properties and switch to the ksn
settings section
and here is the first important
particularity of kaspersky security
center cloud console
kaspersky security center cloud console
cannot act as ksn proxy for connected
devices
it delegates this functionality to
distribution points which need to be
assigned manually
this is a very important point to
remember there is no out-of-the-box ksn
proxy in kaspersky security center cloud
console and using ksn proxy and policies
may result in telemetry simply not going
anywhere
therefore if integration with kaspersky
managed detection and response is used
do not enable the option in the ksn
proxy settings area if you enable it
kaspersky private security network will
immediately be disabled in the mdr
integration section and in all product
policies
many policies have ksn proxy settings
that can also affect telemetry transfer
open devices policies and profiles
open the properties of the policy
kaspersky endpoint security for windows
11.6
go to application settings advanced
threat protection
open the properties of the kaspersky
security network component
you should be very careful with the use
ksn proxy option here
everything will be fine with the default
settings but be careful about the
checkbox use ksn servers when ksn proxy
is not available you may safely clear it
only if a distribution point is assigned
although it is possible to disable the
use ksn proxy option altogether let's
get back to the policies and open the
kaspersky security for windows server
policy
switch to the application settings tab
and open real-time server protection
open the settings of the ksn usage
component
pay attention to the option use
kaspersky security center as ksn proxy
it is enabled in the policy by default
but since the lock is open undefined
this option is not actually used
therefore you can turn it off completely
if a distribution point is not assigned
let's get back to the policies and open
the policy of kaspersky endpoint
security 11.2 for linux
go to application settings advanced
threat protection
open the properties of the kaspersky
security network component
when kaspersky endpoint security 11.2
for linux is managed via kaspersky
security center the latter always acts
as ksn proxy this behavior is hard-coded
you can see that there are no ksn proxy
settings here this means that kaspersky
endpoint security 11.2 for linux cannot
send telemetry out of the box you must
assign a distribution point to ensure
that telemetry of kaspersky endpoint
security 11.2 for linux is delivered to
kaspersky manage detection and response
let's get back to the policies
there is one more application that
supports kaspersky managed detection and
response kaspersky endpoint security for
mach 11.2 let's open its policy
go to application settings advanced
threat protection
you can see that the use ksn proxy
option is turned off by default here as
it should be
let's go to detection and response
enable manage detection and response and
add the activation blob file with the p7
extension
do not forget to enforce the policy to
apply the settings to the client
computers
if all is well a new component will
appear in the interface of kaspersky
endpoint security for mac on the client
computers after a while
in the local interface it looks like
this
after a while this host will connect to
kaspersky manage detection and response
and will be visible on the portal
