Skip to content
KYRA MDR KYRA MDR Docs

FAQ

Common questions about KYRA MDR, answered.

1. What is MDR?

Managed Detection and Response (MDR) is a cybersecurity service that combines technology and human expertise to monitor, detect, and respond to threats across your IT environment.

Unlike traditional security products that only alert, MDR provides:

  • 24/7 monitoring of your security events
  • AI-powered threat detection and classification
  • Guided incident response with actionable recommendations
  • Proactive threat hunting to find hidden threats

KYRA MDR is a cloud-native MDR platform built specifically for the Korean market, with support for Korean compliance frameworks (ISMS-P) and local communication channels (KakaoTalk).

2. How is KYRA MDR different from a SIEM?

SIEMKYRA MDR
FocusLog aggregation and searchThreat detection and response
SetupMonths of rule tuningWorks out of the box
StaffingRequires dedicated SOC teamAI-powered, minimal staffing needed
AlertsHigh volume, many false positivesPrioritized, AI-triaged alerts
ResponseAlert onlyDetection + response guidance + automation
CostHardware + licenses + SOC staffSubscription-based, predictable pricing

KYRA MDR can complement an existing SIEM or replace it entirely for organizations that don’t have a dedicated security operations team. Most Korean SMBs (중소기업) find MDR more cost-effective than building an in-house SOC.

3. What data do you collect?

KYRA MDR collects security-relevant telemetry from:

  • Network devices: Firewall logs (FortiGate, Palo Alto, etc.), switch/router syslog
  • Endpoints: Windows Security events, Sysmon logs, Linux auth/audit logs
  • Cloud: AWS CloudTrail, Azure Activity Logs, GCP Audit Logs
  • Applications: Web server logs, authentication logs, database audit logs
  • Email: Microsoft 365 / Google Workspace email security events

We collect security metadata only — not the content of files, emails, or communications. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

4. Is my data encrypted?

Yes. KYRA MDR uses defense-in-depth encryption:

LayerEncryptionDetails
In transitTLS 1.3All data between collector and platform
At restAES-256All stored data in the platform
BackupAES-256All backup data is encrypted
APITLS 1.3 + JWTAPI calls authenticated and encrypted

Data is stored in Korean data centers (Seoul region) to comply with Korean data sovereignty requirements (개인정보보호법). For enterprise customers, dedicated tenancy and bring-your-own-key (BYOK) options are available.

5. Does KYRA MDR support ISMS-P compliance?

Yes. KYRA MDR provides built-in support for ISMS-P (정보보호 및 개인정보보호 관리체계) compliance:

  • Control mapping: Security controls mapped to ISMS-P certification requirements
  • Evidence collection: Automated evidence gathering for audit readiness
  • Compliance dashboard: Real-time view of your compliance posture
  • Gap analysis: Identify missing controls and remediation steps
  • Audit reports: Generate compliance reports for auditors

Additional frameworks supported: ISO 27001, SOC 2, PCI-DSS, NIST CSF, GDPR, CCPA, TISAX, CMMC.

6. How fast is alert response?

MetricTarget
Detection< 1 minute from event ingestion
AI Triage< 30 seconds after detection
Critical Alert Notification< 5 minutes
Analyst Review (PRO/CUSTOM)< 15 minutes for Critical, < 1 hour for High
Incident Report< 4 hours for Critical incidents

The AI engine classifies and prioritizes alerts in near real-time. For Critical and High severity alerts, notifications are sent immediately via your configured channels (email, KakaoTalk, Slack, webhook).

7. Can I export my data?

Yes. KYRA MDR supports multiple export options:

  • Log Search: Export search results as CSV or JSON
  • Reports: Download incident reports, compliance reports, and executive summaries as PDF
  • API: Use the REST API to programmatically retrieve alerts, incidents, and event data
  • SIEM Integration: Forward processed alerts to your SIEM via syslog or webhook
  • Data Retention: When your subscription ends, you can request a full data export before data is deleted

We do not lock your data in. You always retain ownership of your security data.

8. What are the plan limitations?

KYRA MDR offers four tiers — FREE, MDR, PRO, and CUSTOM:

FeatureFREEMDRPROCUSTOM
Price$0$230/mo$600/moNegotiated
Events per second (EPS)505002,000Unlimited
Daily ingestion500 MB5 GB20 GBUnlimited
Data retention7 days90 days180 days365+ days
Collectors113Unlimited
Endpoints40120350Unlimited
Users32550Unlimited
AI Alert TriageSummary onlyFull (99% FP filter)Full (99% FP filter)Full (99% FP filter)
SupportCommunity/docsEmail (24hr)Dedicated (4hr SLA)Dedicated (1hr SLA)
ComplianceBasic ISMS-PISMS-P + SOC 2Multi-framework

MDR Annual prepay: $1,380/yr (50% off).

To upgrade, go to Console > Settings > Billing or contact kyra@seekerslab.com.

9. Can I receive notifications via KakaoTalk?

Yes. KYRA MDR supports KakaoTalk (카카오톡) notifications for alert and incident updates.

Setup

  1. Go to Console > Settings > Notifications
  2. Select KakaoTalk as a notification channel
  3. Log in with your KakaoTalk account to authorize
  4. Configure which alert severities trigger notifications

Supported Channels

ChannelAlert Types
KakaoTalk (카카오톡)Critical, High, Medium alerts
EmailAll alert levels, daily/weekly digests
SlackCritical, High alerts (real-time)
Microsoft TeamsCritical, High alerts (real-time)
WebhookCustom integrations
SMS (문자)Critical alerts only (CUSTOM tier)

10. How do I cancel my subscription?

You can cancel your subscription at any time:

  1. Go to Console > Settings > Billing
  2. Click Cancel Subscription
  3. Select a reason (optional feedback)
  4. Confirm cancellation

After cancellation:

  • Your account remains active until the end of the current billing period
  • You can download your data during this time
  • After the billing period ends, data is retained for 30 days before permanent deletion
  • You can reactivate at any time during the retention period

For enterprise contracts, contact your account manager or email kyra@seekerslab.com.

Still Have Questions?