Kaspersky’s 2023 MDR report highlights improved response times for high-severity incidents and emphasizes the importance of multi-layered security and managed services to combat evolving cyber threats. The report also provides recommendations for enhancing organizational cybersecurity practices.
23 May 2024 – Kaspersky has released its annual report analyzing Managed Detection and Response (MDR) incidents identified by the Kaspersky Security Operations Center (SOC) team. The report categorizes incidents into high, medium, and low-severity levels based on their impact on customer IT systems. High-severity incidents involve human-driven attacks or significant malware threats, medium-severity incidents affect infrastructure without severe consequences, and low-severity incidents require precautionary measures but do not impact IT systems directly.
The 2023 report reveals that the Kaspersky SOC team improved its average response time for high-severity incidents to 36.37 minutes, a 17% reduction from previous years. This efficiency is crucial for mitigating the damage caused by significant threats. Medium-severity incidents saw response times increase from 30 to nearly 33 minutes due to a rise in such incidents. Low-severity incidents, often related to potentially unwanted software, experienced longer waiting times, averaging just over 48 minutes.
In terms of response efficiency, 74% of incidents were resolved after a single alert, demonstrating effective and clear response protocols. About 24% of incidents required 2-10 alerts, indicating the need for human intervention in more complex scenarios such as ongoing network compromises or phishing campaigns. A small fraction (2%) of incidents involved more than 10 alerts, often due to complex threats or customer preferences for monitoring during cyber exercises.
Sergey Soldatov, Head of Security Operations Center at Kaspersky, emphasized the importance of rapid response to high-severity incidents to prevent financial and reputational damage. He highlighted Kaspersky’s commitment to reducing response times and combating cyber threats with multi-layered protection.
Based on the MDR analysis findings, Kaspersky recommends organizations to:
- Regularly inventory privileged group memberships and establish formal procedures for access management.
- Combine threat hunting practices with classic alert-driven monitoring.
- Conduct cyber exercises to test the effectiveness of security mechanisms.
- Adopt a multi-layered security approach, including robust endpoint protection, network security, and threat intelligence.
- Utilize managed security services such as Kaspersky MDR, Kaspersky Compromise Assessment, and Kaspersky Incident Response for comprehensive incident management and continuous protection.