Multitenancy
Kaspersky Next XDR Expert supports a multitenancy mode. This mode enables the main administrator to provide the Kaspersky Next XDR Expert functionality to multiple clients independently, or to separate assets, application settings, and objects for different offices. Each client or office is isolated from others and is called a tenant.
Typically, the multitenancy mode is used in the following cases:
- A service provider has a number of client organizations and wants to provide the Kaspersky Next XDR Expert functionality to each client organization independently. To do this, the service provider administrator can create a tenant for each client organization.
- An administrator of a large enterprise might want to isolate assets, application settings, and objects for the offices or organization units and manage the offices or organization units independently. To do this, the administrator can create a tenant for each office or organization unit.
The multitenancy mode has the following features:
- Tenant isolation
- Cross-tenant scenarios
Tenant isolation
A tenant is isolated and managed independently from other tenants. Only users who have assigned access rights to the tenant can work within this tenant and manage it. The tenant's data, resources, and assets cannot be accessed by an administrator of another tenant unless the main administrator grants the corresponding access rights to the administrator explicitly.
For each tenant, you define a number of objects, including the following ones:
- Assets
The asset list is unique for each tenant. Each asset can belong to one tenant only.
- Users and their access rights
- Events, alerts, and incidents
- Playbooks
- Integration with other Kaspersky applications, services, and third-party solutions
Cross-tenant scenarios
All tenants are arranged into a tenant hierarchy. By default, the tenant hierarchy contains a pre-created Root tenant at the top of the hierarchy. No other tenants can be created at the same level as the Root tenant. You create a new tenant as a child to any existing tenant, including the Root tenant. The tenant hierarchy can have any number of nesting levels.
The tenant hierarchy is used to provide cross-tenant scenarios, including the following ones:
- Inheritance and copying
A child tenant receives the following objects from the parent tenant:
- Users and their access rights
Access rights are inherited down by the hierarchy and cannot be revoked on a lower level of the hierarchy.
- Tenant settings, including integration settings, and playbooks
Tenant settings and playbooks are copied from a parent tenant to its child tenant. After the child tenant is created, you can reconfigure the copied settings to meet the requirements of the new tenant.
- Users and their access rights
- Licensing
A license key for Kaspersky Next XDR Expert is applied at the level of the primary Administration Server that is bound to the Root tenant. Then, the license key is automatically applied to all of the tenants in the hierarchy.
User roles
Kaspersky Next XDR Expert provides you a predefined set of user roles. You grant user rights to manage tenants by assigning user roles to the users.
User role |
User right |
||
|---|---|---|---|
Read |
Write |
Delete |
|
Main administrator |
|
|
|
Tenant administrator |
|
|
|
SOC administrator |
|
|
|
Tier 1 analyst |
|
|
|
Tier 2 analyst |
|
|
|
Junior analyst |
|
|
|
SOC manager |
|
|
|
Approver |
|
|
|
Observer |
|
|
|
Interaction with NCIRCC |
|
|
|
Tenants and Kaspersky Security Center Administration Servers
You can bind tenants to Kaspersky Security Center Administration Servers, physical or virtual. A link between a tenant and an Administration Server allows you to combine features of both solutions—Kaspersky Next XDR Expert and Open Single Management Platform.
Tenant filter in the application interface
In the Kaspersky Next XDR Expert interface, you can configure object lists to display only those objects that relate to the tenants that you select. The tenant filter applies to the following objects:
- Alerts in the Alerts section
- Incidents in the Incidents section
- Events in the Threat hunting section
- Playbooks in the Playbooks section
When you apply the tenant filter, the new settings are applied to all of the object types across the interface and in both consoles—OSMP Console and KUMA Console.