KYRA MDR — AI-Powered Managed Detection & Response Platform with SIEM, NDR, EASM

kyra-mdr@seekerslab:~ 
 _  __  __   __  ____      _        __  __ ____  ____
| |/ /  \ \ / / |  _ \    / \      |  \/  |  _ \|  _ \
| ' /    \ V /  | |_) |  / _ \     | |\/| | | | | |_) |
| . \     | |   |  _ <  / ___ \    | |  | | |_| |  _ <
|_|\_\    |_|   |_| \_\/_/   \_\   |_|  |_|____/|_| \_\

$

$ _

# 시작하는 방법

복잡한 설정 없이, 세 단계면 보안관제가 시작됩니다.

첫 번째

01

무료 계정을 만드세요

이메일 주소만 있으면 30초 만에 가입할 수 있습니다. 신용카드 없이 바로 콘솔에 접속하세요.

소요 시간: 약 30초

두 번째

02

Collector를 설치하세요

터미널에서 한 줄 명령어로 설치가 끝납니다. 방화벽, 서버, 클라우드 로그를 자동으로 수집합니다.

소요 시간: 약 10분

세 번째

03

AI가 보안을 관제합니다

설치 직후부터 AI가 24시간 위협을 탐지하고, 99%의 오탐을 걸러내며, 위험한 상황에 자동으로 대응합니다.

설치 즉시 시작

93%

전담 인력 대비 비용 절감

99%

오탐을 자동으로 걸러냅니다

10분

이면 설치가 끝납니다

100+종

보안 장비와 연동됩니다

₩0

무료로 시작할 수 있습니다

5분

이내에 위협을 탐지합니다

우리 회사 보안 점수는 몇 점일까요?
무료 가입 후 1분 만에 보안 점수를 확인하세요
무료로 보안 점수 확인하기

# Quick Install

🐧

Linux Collector

One-line install
bash 
curl -fsSL https://kyramdr.com/install.sh | sudo bash -s -- YOUR-LICENSE-KEY

One command: downloads binary, generates config with your API key, installs systemd service, starts collector. Get your key from Console → Settings → Collector Keys.

Custom gateway: 
curl -fsSL https://kyramdr.com/install.sh | sudo bash -s -- YOUR-KEY --gateway https://collector.kyramdr.com:13011

Windows EDR Agent

Console
1 Login to KYRA Console
2 Go to Settings → Downloads
3 Download & run installer as Administrator

EDR agent installer is available from the KYRA Console after sign-up. Collects Security, Sysmon, PowerShell, Defender events.

architecture

$ kyra collector --show-topology


windows_edrkyra-edr.exe → Collector :5055 (HTTP)
firewallsyslog → Collector :514 (UDP/TCP)
switchsyslog → Collector :514 (UDP/TCP)
file_logstail → Collector (local)
collector→ Gateway :9090 (gRPC/mTLS) → KYRA MDR

# EDR agents on Windows endpoints forward to central Linux collector

# All data encrypted in transit (mTLS) and at rest (AES-256-GCM)

# AI-Powered MDR Automation

ai-engine

$ kyra ai --capabilities


[>_]

AI Alert Triage

LLM-powered alert analysis filters ~99% of false positives (FN < 0.1%) — analysts focus on verified threats only

[<=>]

Auto-Correlation Engine

Clusters related alerts across sources into unified incidents using graph-based entity linking

[/*]

AI Threat Hunting

Continuously scans telemetry for hidden attack patterns and zero-day indicators using behavioral models

[#!]

Incident Summarization

Auto-generates executive summaries, root cause analysis, and remediation steps for every incident

automation-pipeline

$ kyra automation --show-pipeline


  Ingest             AI Analysis         Decision           Action
  ======             ===========         ========           ======

  [Log Stream ] --> [Normalize   ] --> [AI Triage    ] --> [Auto-Close FP   ]
  [EDR Alerts ] --> [Enrich      ] --> [Risk Score   ] --> [Escalate P1-P2  ]
  [NDR Events ] --> [Correlate   ] --> [MITRE Map    ] --> [Run Playbook    ]
  [Cloud Logs ] --> [Deduplicate ] --> [Predict Next ] --> [Contain + Notify]

  Throughput:  50K EPS     ~200ms        ~500ms            ~30s to action

false_positive_reduction99.1%
mean_time_to_detect< 30 sec
mean_time_to_respond< 5 min
auto_resolution_rate78%
mitre_technique_coverage200+ techniques
event_throughput50,000 EPS

# AI models fine-tuned on Korean threat landscape and APT groups

# Human-in-the-loop for critical severity — full auto for known patterns

ai-features

$ kyra ai --feature-matrix


natural_language_queryAsk questions in plain language — AI translates to log queries
anomaly_detectionBaseline learning + statistical deviation alerts per entity
ueba_scoringUser & entity behavior analytics with risk score timeline
predictive_defensePredicts likely next attacker actions based on MITRE kill chain
adaptive_playbooksPlaybooks that self-adjust response steps based on context
auto_reportingGenerate compliance reports, executive briefs, and board decks

# All AI outputs include confidence scores and explainability traces

보안팀 없이도 24/7 AI 보안관제

무료 가입 → 10분 설치 → 즉시 모니터링 시작. 신용카드 불필요.

무료로 시작하기 요금제 비교

# See It In Action

Enterprise-grade security operations console with real-time threat visibility

Security Overview Dashboard
Security Overview Real-time KPIs, detection timeline, ATT&CK coverage heatmap, and integration status at a glance
Detection Deep Dive
Detection Deep Dive Sigma-correlated alerts with MITRE technique mapping, severity scoring, and one-click investigation
Network Logs
Network Logs Real-time network flow analysis with protocol breakdown, field browser, and traffic visualization
Log Timeline
Log Timeline Full-text log search across all sources with field-level filtering and live tail mode
Asset Risk
Asset Risk Infrastructure inventory with risk scoring, vulnerability tracking, and agent health monitoring
MITRE ATT&CK Coverage
MITRE ATT&CK Coverage 14 tactics, 200+ techniques mapped to detection rules with coverage heatmap visualization

# Platform Overview

platform-overview

$ kyra describe platform


KYRA MDR is an AI-powered Managed Detection & Response platform

designed for enterprise SOC teams. Built on open standards with

full MITRE ATT&CK mapping, Sigma rule engine, and automated

response orchestration.


kyra-mdr-platform/

|

+-- detection-engine/ # Sigma rules, behavioral analytics, ML models

+-- response-engine/ # SOAR playbooks, automated containment

+-- threat-intel/ # OTX, AbuseIPDB, custom feeds

+-- siem-pipeline/ # Log ingestion, normalization, enrichment

+-- ndr-engine/ # Network traffic analysis, DPI

+-- identity-analytics/ # UEBA, impossible travel, privilege escalation

+-- compliance/ # ISMS-P, ISO 27001, SOC 2, TISAX, CMMC, CCPA

+-- tenant-portal/ # Multi-tenant dashboard, RBAC, SSO


multi_tenanttrue# Full tenant isolation with RBAC
deploymentSaaS / On-Prem / Hybrid# Flexible deployment models
retention90-365 days# Configurable per plan

# Detection Engine

sigma-engine

$ kyra rules --stats


Sigma Rule Engine v3.2

===========================


Credential Access 342
Lateral Movement 289
Execution 274
Defense Evasion 361
Persistence 261
C2 / Exfiltration 232

# Custom rule authoring supported via YAML DSL

# Auto-mapped to MITRE ATT&CK technique IDs

mitre-attack-coverage

$ kyra mitre --matrix


Recon
Resource Dev
Initial Access
Execution
Persistence
Priv Escalation
Defense Evasion
Credential Acc
Discovery
Lateral Move
Collection
C2
Exfiltration
Impact

covered   partial

# 14 tactics / 200+ techniques mapped

detection-methods

$ kyra detect --list-methods


[01] Sigma Rule Correlation

Pattern-based detection using 3,200+ Sigma rules.

Multi-source log correlation across endpoints,

network, identity, and cloud telemetry.

[02] Behavioral Analytics (UEBA)

Baseline user/entity behavior profiling.

Anomaly scoring for impossible travel,

privilege abuse, and lateral movement.

[03] Network Traffic Analysis

Deep packet inspection, JA3/JA3S fingerprinting,

DNS anomaly detection, encrypted traffic

analysis, and C2 beacon identification.

[04] Threat Intelligence Correlation

Real-time IOC matching against OTX, AbuseIPDB,

and custom threat feeds. STIX/TAXII ingestion

with automated enrichment pipeline.

# Response & Automation

response-engine

$ kyra playbook --describe incident-response


  Detection          Triage             Response           Remediation
  =========          ======             ========           ===========

  [Sigma Rule] ---> [Severity    ] --> [Auto-Contain  ] --> [IOC Block    ]
  [UEBA Alert] ---> [Scoring     ] --> [Isolate Host  ] --> [Patch Deploy ]
  [NDR Alert ] ---> [Correlation ] --> [Kill Process  ] --> [Cred Reset   ]
  [TI Match  ] ---> [Dedup       ] --> [Notify SOC    ] --> [Forensic Pkg ]
                    [Enrich      ] --> [Create Ticket ] --> [Post-Incident]

  Timeline:    ~30s         ~2min            ~5min              ~30min

$ kyra playbook --list


malware_containmentIsolate + kill + scan + restore
credential_compromiseDisable account + force MFA + audit trail
lateral_movementSegment + block + trace + report
data_exfiltrationBlock egress + snapshot + forensics
ransomware_responseIsolate + backup verify + decrypt assess
insider_threatMonitor + restrict + legal escalation
phishing_responseQuarantine + URL block + user notify
brute_forceRate limit + IP block + lockout policy
spoofing_detectionDNS/IP validation + sender verify + block
dos_mitigationRate limit + geo-block + CDN failover
apt_responseKill chain tracking + IOC sweep + full IR
threat_intelIOC feed + auto-block + STIX/TAXII sync

# Custom playbooks via YAML workflow DSL

# Approval gates configurable per severity level

incident-management

$ kyra incident --capabilities


[>_]

Incident Timeline

Unified event timeline with log, alert, and action correlation

[:::]

Task Assignment

Break incidents into tasks, assign to analysts, track SLA

[{=}]

Evidence Collection

Automated forensic artifact packaging and chain-of-custody

[///]

Post-Incident Review

Automated timeline report with MITRE mapping and IOC export

# Architecture

system-architecture

$ kyra arch --diagram


                        +-------------------+
                        |   Tenant Portal   |
                        |   (Web Console)   |
                        +--------+----------+
                                 |
                        +--------v----------+
                        |    API Gateway    |
                        |  (Auth, Routing)  |
                        +--+-----+------+--+
                           |     |      |
              +------------+  +--+--+  ++-----------+
              |               |     |               |
     +--------v------+ +-----v---+ +-------v------+ |
     | Detection Svc | | SIEM    | | Admin API    | |
     | (Sigma,YARA)  | | Pipeline| | (Billing,    | |
     +--------+------+ +-----+---+ | Tenant Mgmt) | |
              |               |     +--------------+ |
              |         +-----v---------+            |
              |         |   Event Bus   |    +-------v-------+
              |         |   (Streaming) |    | Notification  |
              |         +-----+---------+    | Svc (Email,   |
              |               |              | Slack, SMS)   |
     +--------v------+  +----v--------+     +---------------+
     | Threat Intel  |  | Analytics   |
     | (OTX,AbuseIP) |  | Engine      |
     +---------------+  +----+--------+
                              |
                      +-------v--------+
                      |  Platform DB   |
                      |  (Multi-tenant)|
                      +-------+--------+
                              |
                      +-------v--------+
                      |  Cache Layer   |
                      +----------------+

$ kyra arch --stack


portalWeb-based tenant console, real-time dashboards
apiRESTful API gateway, WebSocket event streaming
databaseMulti-tenant with row-level security (RLS)
analyticsHigh-cardinality columnar log analytics engine
cacheIn-memory cache (session, rate-limit, threat-intel)
messagingDistributed event streaming, log pipeline
searchFull-text log search, NDR event indexing
authJWT + OAuth2 / SAML SSO / MFA (TOTP)
encryptionAES-256-GCM (at rest), TLS 1.3 (in transit)
data-pipeline

$ kyra pipeline --describe


  Agents/Syslog/API          Normalization          Detection           Storage
  ==================         =============          =========           =======

  [Endpoint Agent ]--+
  [Syslog (CEF)   ]--+--> [Parse   ] --> [Enrich ] --> [Sigma   ] --> [Platform DB ]
  [Cloud API      ]--+    [Normalize]    [GeoIP  ]    [UEBA    ]    [Analytics   ]
  [Network Sensor ]--+    [Validate ]    [TI-IOC ]    [ML Model]    [Search Index]
  [Identity (AD)  ]--+

  Throughput: 50,000 EPS per node    |    Latency: < 500ms end-to-end

# Integrations

connectors

$ kyra connector --list-supported


// Endpoint Detection & Response (EDR)

글로벌 EDR Falcon Microsoft Defender SentinelOne Carbon Black Cortex XDR

// SIEM & Log Sources

Splunk Elastic SIEM Microsoft Sentinel IBM QRadar Syslog (CEF/LEEF)

// Cloud Security

AWS CloudTrail AWS GuardDuty Azure Activity Log GCP Security Command Kubernetes Audit

// Network & Firewall

Palo Alto NGFW Fortinet FortiGate Cisco ASA/FTD Zeek/Bro IDS Suricata

// Identity & Access

Active Directory Azure AD / Entra ID Okta Google Workspace CyberArk PAM

// Ticketing & Communication

Jira ServiceNow Slack Microsoft Teams PagerDuty

protocolREST API / Syslog / Event Stream / S3 / Webhook
formatJSON / CEF / LEEF / CSV / STIX / TAXII
customCustom connector SDK (Python/Go)

# Pricing

★ LAUNCH EVENT — 연간결제 50% 할인 (1년간 한정)

# ★ Launch event: 연간결제 시 50% 할인 적용 (출시 후 1년간 한정)

ndr-addon

$ kyra billing --ndr-addon


# Smart traffic reduction: metadata-only analysis + adaptive sampling

# Typical 85-95% bandwidth reduction vs full-packet capture NDR


tierPriceTrafficIncludes
MDR ₩150,000/interface/mo ≤ 1 Gbps Flow metadata, DPI (8 proto), JA4, 13 ATT&CK rules
Pro ₩250,000/interface/mo ≤ 10 Gbps + behavioral baseline, IOC matching, daily analyst review
Custom Negotiated 10 Gbps+ Unlimited interfaces, full PCAP on-demand, dedicated tuning, on-site installation

# How traffic reduction works:

+ Metadata-only transport — headers + flow records, not full packets

+ Adaptive sampling — 1:100 for normal traffic, full capture on anomaly

+ Edge pre-filtering — drop known-good (Windows Update, CDN) at collector

+ Protocol-aware compression — deduplicate DNS/TLS/HTTP headers

+ On-demand PCAP — full packet capture triggered only on alert escalation


# NDR runs on the existing collector agent — no additional hardware.

# TAP/SPAN port connection only. Volume does NOT count toward SIEM log limits.

# Annual billing: 2 months free (₩1,500,000 → ₩1,250,000/interface/yr for MDR).

feature-comparison

$ kyra plans --compare --detail


# 플랜별 상세 기능 비교


Feature FREE MDR PRO CUSTOM
Detection & Monitoring
실시간 탐지
로그 보관7일30일90일365일
탐지 규칙10개무제한무제한무제한
MITRE ATT&CK 매핑
커스텀 탐지 규칙
AI 위협 분류
행위 분석 (UEBA)
Incident Response
인시던트 관리
조사 그래프
분석가 워크벤치
SOAR 플레이북5개무제한무제한
자동 대응 액션
타임라인 상관분석
Threat Intelligence
위협 인텔 피드커뮤니티프리미엄프리미엄+커스텀
리스크 스코어링
IOC 연동 (VirusTotal)
네트워크 트래픽 분석
Infrastructure & Integrations
로그 수집기2개10개50개무제한
커넥터 (SIEM/EDR/Cloud)5개20개무제한
자산 자동 탐색
일일 로그 수집량500 MB10 GB100 GB무제한
EPS (초당 이벤트)505005,000무제한
알림 (Slack/Teams/카카오톡)
Compliance & Privacy
ISMS-P 컴플라이언스
계정/ID 관리
개인정보 처리 요청 (DSR)
감사 로그 내보내기
컴플라이언스 보고서
Reporting & Analytics
SOC 메트릭 대시보드
정기 보고서 (PDF/CSV)
경영진 보고 (CISO 뷰)
맞춤 보고서 빌더
Support & SLA
커뮤니티 지원
이메일 지원업무시간24/724/7
전담 분석가
인시던트 대응 SLA4시간1시간15분
온보딩셀프서비스가이드현장 방문
API 접근읽기전용전체전체전체+커스텀

# Why KYRA MDR

ISO 27001

인증 보유

AWS Seoul

데이터 국내 보관

AES-256

암호화 저장

TLS 1.3

전송 암호화

99.9%

SLA 가용성

competitive-analysis

$ kyra compare --competitors


KYRA MDR 기존 SOC 글로벌 EDR 대형 보안관제사
monthly_cost ₩300,000 ₩2,000,000+ ₩820,000/yr ₩2,000,000+
includes_siem true separate false separate
includes_easm true false false false
ai_false_positive 99% manual partial partial
setup_time 10 min 2-4 weeks hours 2-4 weeks
iptime_support true false false false
korean_ui true true partial true
voucher_eligible true (80%) varies false varies

# KYRA MDR: MDR + SIEM + EASM + SOAR = ₩30만/mo (통합)

# 기존 SOC 대비 1/7 가격, 보안 인력 대비 1/15 가격

regulatory-deadline

$ kyra compliance --deadlines --kr


⚠ 2026-2027 한국 규제 강화 타임라인


2026-09-11 개인정보보호법 개정 시행 CEO 개인 책임 명시, 과징금 매출 10%
2027-07-01 ISMS-P 의무화 107+ 조직 필수 인증, 실시간 시스템 검증

최근 과징금 동향:

통신사 A₩1,300억+수천만명 가입자 정보 유출
이커머스 B₩수천억대규모 고객 데이터 반출
서비스 C₩75억매출 3% 상한 최초 적용

# 사전 보호조치 시 과징금 감경 — KYRA MDR 도입 = 규제 대응 + 비용 절감


지금 무료로 시작하기 →
compliance-frameworks

$ kyra compliance --supported


ISMS-P

Korean information security management

ISO 27001

International security standard

SOC 2

Service organization controls

PCI-DSS

Payment card industry security

TISAX

Automotive information security

CMMC

Cybersecurity Maturity Model Certification

GDPR

EU data protection regulation

CCPA

California consumer privacy act

NIST CSF

Cybersecurity framework


# Automated evidence collection and audit trail

# Scheduled compliance reports (PDF/CSV)

# Real-time compliance posture dashboard

# Industry Solutions

$ ./industry --sector

제조업 / 스마트팩토리

산업기술보호법 준수, OT/IT 통합 모니터링, 핵심기술 유출 방지

$ ./industry --fintech

핀테크 / 금융

전자금융감독규정, 실시간 침입탐지, 금융위 보고 자동화

$ ./industry --health

의료 / 헬스케어

의료법 준수, EMR 보호, 랜섬웨어 방어, 환자 데이터 유출 방지

$ ./industry --saas

SaaS / IT서비스

ISMS-P / SOC 2 인증, 공급망 보안 요구 충족, API 보안

$ ./industry --legal

법무 / 회계

소규모 but 고가치 데이터, 기밀 유출 방지, IT 인력 없이 관제

$ ./industry --ecommerce

전자상거래

결제 데이터 보호, PCI-DSS 준수, 고객 신뢰 확보

보안 인사이트 뉴스레터

격주 발행 — 한국 보안 사고 분석, 규제 변경, 실전 가이드

스팸 없음 · 언제든 구독 취소 가능

# 최신 블로그

모든 글 보기 →

# Get Started Free