Managed detection and response in 2024

Managed detection and response in 2024

Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky’s SOC team. It sheds light on the most prevalent attacker tactics, techniques, and tools, as well as the characteristics of identified incidents and their distribution across regions and industry sectors among MDR customers.
This report answers key questions, including:


Who are the potential attackers?
What methods are they using today?
How can their activities be effectively detected?

Security incident statistics for 2024


In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. Around 26% of these alerts were processed by machine learning algorithms and the rest were analyzed by the SOC team. On average, more than two high-severity incidents were detected daily. MDR customers were informed about all identified incidents via the MDR portal.


Geography of MDR customers


Kaspersky MDR customers span the globe, giving us a comprehensive and objective view of regional attack behaviors and tactics. The largest concentration of customers is in Europe, the CIS, and the META regions.

Kaspersky MDR customers by region


Distribution of incidents by industry


In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. However, if we consider only high-severity incidents, the distribution is somewhat different: 22.8% in IT, 18.3% in government, 17.8% in industrial, and 11.9% in the financial sector.

The mo ..

Support the originator by clicking the read the rest link below.