Introducing Kaseya MDR

Kaseya MDR is a managed detection and response (MDR) platform designed to help organizations detect, investigate, and respond to threats across endpoints and infrastructure. For existing RocketCyber customers, Kaseya MDR represents the next evolution of the RocketCyber platform, introducing a modern, alert‑centric experience with centralized investigations and expanded visibility into response and automation, while preserving the same agent, SOC‑led monitoring model, and core protections.

This article provides a high‑level introduction to Kaseya MDR. It explains what is changing at the platform level, why the platform was built, and what to expect as you begin exploring the new experience.

What’s changing with Kaseya MDR?

Kaseya MDR is designed to support modern security operations by reducing noise, centralizing investigations, and making response workflows easier to understand and apply.

At a glance:

  • Platform evolution: Kaseya MDR represents the next evolution of the RocketCyber platform experience and is available to existing RocketCyber customers during the transition period.

  • Runs in parallel: Kaseya MDR operates alongside RocketCyber, without a forced migration or workflow disruption.

  • No agent changes: Existing agents continue to operate; uninstall or reinstall is not required.

  • Less noise, faster response: Alerts replace raw events as the primary focus of investigation.

  • Unified investigations: Investigations are centralized into a single Analysis experience.

  • Response and automation: User‑initiated response actions are available alongside SOC‑managed actions.

You can explore Kaseya MDR at your own pace while continuing to use RocketCyber.

What Kaseya MDR is

Kaseya MDR helps MSPs and internal IT teams detect, investigate, and respond to threats affecting endpoints and infrastructure with less noise and greater clarity. It builds on the capabilities of the existing RocketCyber platform while introducing:

  • A redesigned user interface

  • A unified investigation and Analysis experience

  • Clearer alert‑driven workflows

  • Clearer surfacing of response actions within investigations

  • Additional automation and response capabilities

IMPORTANT  Kaseya MDR remains a managed detection and response (MDR) platform. The managed SOC is a core component, but Kaseya MDR also includes detection logic, correlation, automation, and response workflows that extend beyond SOC‑only monitoring.

If you are familiar with RocketCyber

The underlying protections, agent deployment, and SOC engagement model remain consistent.

Kaseya MDR focuses on reorganizing how information is presented and acted on:

  • Alerts are the primary unit of attention.

  • Investigations are centralized into a single Analysis experience.

  • Configuration for MDR‑licensed organizations is managed through centralized settings rather than being spread across many app‑specific pages.

These changes are designed to reduce noise, improve clarity, and make it easier to understand what requires attention, without forcing you to relearn core security concepts.

The most important shift to understand is that Kaseya MDR is alert‑centric. Instead of reviewing individual activities or raw events, you focus first on curated alerts that represent meaningful security signals.

Why Kaseya MDR was built

Kaseya MDR was built to address scalability, performance, and long‑term development limitations in RocketCyber.

By consolidating core services on a shared, scalable platform foundation, Kaseya MDR:

  • Reduces duplicated functionality

  • Centralizes alert generation, event processing, and allowlisting

  • Enables faster delivery of new capabilities

The result is a more consistent and extensible platform that supports continued evolution without changing the underlying MDR service model.

Key concepts introduced in Kaseya MDR

Alert‑centric experience

Kaseya MDR shifts from an event‑focused model to an alert‑centric model. Alerts represent meaningful security-relevant conditions that require investigation or response, helping reduce noise and improve clarity.

Unified investigation and analysis

All investigations take place within a single Analysis experience. Security telemetry from across the environment is normalized, searchable, and correlated into a unified timeline spanning devices, users, IP addresses, and other assets.

The legacy app‑based investigation model has been removed—investigations now happen in one place.

Built‑in automation and response

Kaseya MDR supports both manual and automated response actions, such as device isolation. Automation is designed to augment the SOC, not replace human analysts.

Response actions can be applied to individual devices or executed in bulk, enabling actions such as isolating or restoring multiple devices at once directly from the platform, using existing response action support.

Simplified configuration

Global defaults and organization‑level overrides provide clear visibility into baseline settings and deviations, helping make configuration management easier to understand and manage across environments. For detailed information, see Global defaults and organization overrides.

Synchronization and availability

Parallel operation

Kaseya MDR runs alongside RocketCyber. Instead of forcing a migration, the two experiences remain synchronized, sharing organizations and users, with settings synchronized where applicable.

This allows you to explore and adopt Kaseya MDR without disrupting existing security operations. While the interface and investigation workflows are new, the underlying MDR service, agent deployment, and SOC engagement model remain consistent with RocketCyber.

Relationship to SaaS Alerts and Kaseya SIEM

Kaseya MDR remains a distinct MDR product focused on endpoint, firewall, and infrastructure monitoring with a 24/7 SOC.

  • SaaS Alerts focuses on SaaS application security.

  • Kaseya SIEM combines SaaS and infrastructure telemetry into a unified experience.

Each product maintains its own login and SKU, with the ability to move organizations between products as security needs evolve. For detailed information, refer to Kaseya MDR, Kaseya SIEM, and SaaS Alerts: How the products relate.

Related articles