Every year, Kaspersky releases a comprehensive report analyzing Managed Detection and Response (MDR) incidents identified by its Security Operations Center (SOC) team. The 2023 Kaspersky MDR Analyst Report reveals significant improvements in response times and underscores the importance of a robust cybersecurity framework.
The report categorizes incidents into high, medium, and low-severity types based on their impact on customers’ IT systems. High-severity incidents typically involve human-driven attacks or malware with significant repercussions. Medium-severity incidents may affect infrastructure without severe consequences, while low-severity incidents require precautionary measures but do not directly impact IT systems.
Key Findings from the Kaspersky MDR Analyst Report 2023
- High-Severity Incidents: The SOC team reported these incidents in an average of 36.37 minutes, a 17% improvement from previous years. These critical incidents often involve direct human involvement and require immediate action to mitigate damage.
- Medium-Severity Incidents: Response times for these incidents increased from 30 to almost 33 minutes, reflecting a rise in such incidents. These often stem from malware but typically do not have severe impacts.
- Low-Severity Incidents: These occurrences, often due to potentially unwanted software, saw a waiting time of just over 48 minutes before being analyzed by the SOC team.
The report also highlights the efficiency of Kaspersky’s response strategies. Approximately 74% of incidents were resolved after just one alert, demonstrating clear response protocols and effective attack termination. Around 24% of incidents required multiple alerts, indicating the need for human intervention in ongoing attacks such as network compromise or phishing campaigns. A small proportion (2%) of incidents involved more than 10 alerts, necessitating thorough investigation or monitoring during cyber exercises.
Sergey Soldatov, Head of Security Operations Center at Kaspersky, emphasized the importance of swift responses to high-severity incidents to prevent financial and reputational losses. “With the multi-layered protection offered by our MDR, we continue to effectively combat cyber criminals in this continually evolving threat landscape,” said Soldatov.
Recommendations for Organizations
In light of the findings, Kaspersky recommends several measures to enhance cybersecurity:
- Regular Inventory of Privileged Groups: Maintain formal procedures for privileges and access management.
- Threat Hunting Practices: Combine with classic alert-driven monitoring to enhance threat detection.
- Cyber Exercises: Conduct exercises to test the efficiency of security mechanisms.
- Multi-Layered Security Approach: Implement robust endpoint protection, network security, and threat intelligence.
- Managed Security Services: For companies lacking dedicated cybersecurity staff, consider services like Kaspersky Managed Detection and Response (MDR), Kaspersky Compromise Assessment, and Kaspersky Incident Response to ensure comprehensive protection and remediation.
Pokdepinion: These proactive steps can help organizations bolster their defenses against an ever-changing array of cyber threats, ensuring resilience and security in today’s digital landscape.
![[Computex 2024] Meet the COLORFIRE MEOW Series Gaming Laptops - Purr-fect for Cat Lovers and Gamers Alike](https://pokde.net/assets/uploads/2024/06/vlcsnap-2024-06-05-22h32m21s183-Large.jpeg "[Computex 2024] Meet the COLORFIRE MEOW Series Gaming Laptops - Purr-fect for Cat Lovers and Gamers Alike 20")
![[Computex 2024] COLORFUL Neptune Series on Display - Cutting-Edge All-in-One PC with Integrated Liquid Cooling](https://pokde.net/assets/uploads/2024/06/vlcsnap-2024-06-05-02h16m29s269-Large.jpeg "[Computex 2024] COLORFUL Neptune Series on Display - Cutting-Edge All-in-One PC with Integrated Liquid Cooling 26")
