Pondurance announced MDR Essentials, an MDR service that provides an autonomous SOC that reduces the time from threat detection to containment by 90%.
Threat actors are now using AI to launch attacks at machine speed, making it difficult for traditional cybersecurity solutions to accurately detect and stop cyberthreats before they become compromised.
A recent paper from PwC states that “AI-driven SOCs can autonomously block threats in seconds.” Powered by Kanati Agentic SOC, Pondurance’s MDR Essentials operates fully autonomously at machine speed to stop attacks early in the kill chain.
“The days of siled security tools and reactive SOC operations are over,” said Doug Howard, CEO of Pondurance. “Our Autonomous SOC, running autonomously on MDR Essentials, delivers what cybersecurity and IT leaders have been looking for: an enterprise-class cybersecurity SaaS based on Agentic AI that thinks, acts, responds, and contains threats at machine speed.
“For organizations struggling to attract qualified cybersecurity talent and deal with alert overload, this is a transformational change in how they protect their organizations without breaking the bank,” Howard added.
Enterprise-class managed cybersecurity for midsize businesses
MDR Essentials with Kanati Agentic SOC surpasses other managed security and MDR services by providing a complete cybersecurity solution that doesn’t compromise on accuracy or speed.
By incorporating enterprise-grade EDR tools from CrowdStrike, SentinelOne, and Microsoft and ingesting threat signals from your Microsoft 365 environment, Agentic SOC relies on threat intelligence and detection algorithms. In this way, Kanati can correlate patterns, analyze threats, and take direct action to stop breaches before they cause harm.
As cybercriminals move to exploit unique vulnerabilities within the M365 and Entra ID ecosystems, an Agentic AI SOC with the ability to take autonomous response actions without human delay when a high-confidence threat is detected across Microsoft M365 environments is critical to stopping a breach from occurring. One of the most important Kanati features for this use case is Microsoft 365 autonomous session and account password reset.
“Account takeovers targeting organizations that rely on M365 applications and IT infrastructure are one of the most common and harmful attack vectors we see,” said Johnny Calhoun, senior vice president of MDR operations at Pondurance. “For every minute an attacker maintains an active session, they have to steal data, create a fraud campaign, or launch a phishing attack targeting your employees, customers, and partners. Operating at machine speed, our agent SOC accurately analyzes and thwarts threats and maintains a complete record of every action taken.”
When Kanati identifies a high-confidence account compromise, credential theft, or unauthorized access event associated with a user’s Microsoft 365 session, the platform can automatically:
- Terminate all active authenticated sessions for affected user accounts across your Microsoft 365 or Google Workspace environment.
- Revoke OAuth tokens and invalidate active refresh tokens to eliminate attacker persistence.
- Force multi-factor authentication re-enrollment if policy allows
- Restrict or suspend account access pending analyst review of high-risk scenarios
- Log all actions with a complete audit trail for compliance, legal holds, and post-incident reviews.
Fully managed cybersecurity SaaS
Today’s cyber threats leverage AI and attack at machine speed. The new PonduranceKanati Agentic SOC, which operates autonomously, completes the MDR Essentials SaaS solution specifically designed to address the cyber needs of highly regulated organizations at risk of ransomware and data breaches.
Includes an entire suite of enterprise-grade cybersecurity features specifically selected to eliminate the risk of a breach. Main services include:
- Managed EDR services that work directly with CrowdStrike, SentinelOne, or Microsoft Defender
- Kanati Agentic AI SOC is configured to operate autonomously throughout the detection, analysis, and containment cycle
- Microsoft M365, Entra ID, and Windows log ingestion, correlation, and threat analysis
- RansomSnare microsensor-based ransomware protection stops attacks before encryption or data leakage.
- Audit-ready ticketing system for incident tickets with an explainable AI investigation trail for compliance documentation
Customer notification and monitoring
Pondurance recognizes that autonomous action requires transparent communication. The Autonomous SOC platform includes an automated customer notification workflow that instantly notifies security personnel and designated stakeholders when containment actions are taken.
Real-time alerts are provided via phone, email, messaging, or integrated ticketing channels, providing a clear, plain language summary of what was detected, what action was taken, and what the customer should do next. In addition, escalation notifications are provided to specific designated contacts for incidents that require a business decision or broader organizational response.
Host isolation and coordinated customer notifications ensure that autonomous responses are no longer a black box. Customers maintain complete situational awareness even as Kanati operates at machine speed on their behalf.
Price and availability
MDR Essentials with Kanati Agentic SOC for autonomous operations will be available by April 30, 2026. Pricing is based on the number of endpoints in the customer environment.
