Pondurance MDR Essentials uses autonomous SOC to tackle AI-driven attacks

Pondurance announced MDR Essentials, MDR Essentials, an MDR service providing an autonomous SOC that reduces the time from threat detection to containment by 90%.

Threat actors today use AI to attack at machine-speed, making it difficult for traditional cybersecurity solutions to accurately detect and contain cyber threats before they can become breaches.

A recent paper from PwC notes that “in AI-driven SOCs, threats can be blocked in seconds, autonomously.” Pondurance’s MDR Essentials with the Kanati Agentic SOC operates entirely autonomously at machine-speed in order to stop attacks earlier in the kill chain.

“The era of siloed security tools and reactive SOC operations is over,” said Doug Howard, CEO of Pondurance. “Running autonomously in MDR Essentials, our Autonomous SOC delivers what cybersecurity and IT leaders have been demanding — an enterprise-class cybersecurity SaaS based on Agentic AI that thinks, acts, responds and contains threats at machine-speed.

“For organizations that struggle to attract qualified cybersecurity talent and deal with alert overload, this is a transformational shift in how they secure their organizations without breaking the bank,” added Howard.

Enterprise-class managed cybersecurity for mid-market organizations

MDR Essentials with the Kanati Agentic SOC outshines other Managed Security and MDR services by providing a complete cybersecurity solution that doesn’t compromise on accuracy or speed.

By incorporating enterprise-grade EDR tools from CrowdStrike, SentinelOne, and Microsoft, and ingesting threat signals from Microsoft 365 environments, Agentic SOC relies on threat intelligence and detection algorithms. In this way, Kanati can correlate patterns, analyze threats, and take direct action to contain any compromise before it leads to harm.

With cybercriminals migrating to exploit inherent vulnerabilities within the M365 and Entra ID ecosystem, an Agentic AI SOC with the ability to take autonomous response actions as high confidence threats are detected across the Microsoft M365 environment — without human delay — is crucial to stopping breaches from occurring. Among the most critical of Kanati’s capabilities in this use case is autonomous session and account password resets for Microsoft 365.

“Account takeovers targeting organizations that rely on M365 applications and IT infrastructure are among the most common and damaging attack vectors we see,” said Johnny Calhoun, SVP of MDR operations at Pondurance. “Every minute an attacker maintains an active session is another minute they have to exfiltrate data, create fraud campaigns, or launch phishing attacks targeting employees, customers or partners. Operating at machine-speed, our Agentic SOC will analyze and contain threats with precision, maintaining a complete record of every action taken.”

When Kanati identifies a high-confidence account compromise, credential theft, or unauthorized access event tied to a user’s Microsoft 365 session, the platform can automatically:

• Terminate all active authenticated sessions for the affected user account across Microsoft 365 or Google Workspace environments
• Revoke OAuth tokens and invalidate active refresh tokens to eliminate attacker persistence
• Force multi-factor authentication re-enrollment where policy permits
• Restrict or suspend account access pending analyst review for elevated-risk scenarios
• Log all actions with full audit trails for compliance, legal hold, and post-incident review

A complete managed cybersecurity SaaS

Cyber threats today are AI-driven and attack at machine-speed. The new Pondurance Kanati Agentic SOC operating autonomously completes our MDR Essentials SaaS solution specifically designed to address the cyber needs of highly regulated organizations at risk of ransomware and data breach compromises.

Included is an entire suite of enterprise-grade cybersecurity capabilities specifically chosen to eliminate breach risks. Key services include:

• Managed EDR service that works directly with CrowdStrike, SentinelOne, or Microsoft Defender
• Kanati Agentic AI SOC configured for autonomous operation throughout the detection, analysis, and containment cycle
• Microsoft M365, Entra ID, and Windows log ingestion, correlation, and threat analysis
• RansomSnare microsensor-based ransomware prevention that stops attacks before encryption or data exfiltration
• Ticketing system for audit-ready incident tickets with explainable AI investigation trails for compliance documentation

Customer notification and oversight

Pondurance recognizes that autonomous action demands transparent communication. The Autonomous SOC platform includes automated customer notification workflows that ensure security contacts and designated stakeholders are immediately informed when containment actions are taken.

Real-time alerts are provided by phone, email, messaging, or integrated ticketing channels with clear, plain language summaries of what was detected, what action was taken, and what the customer should do next. Further, escalation notifications to specific named contacts are made for incidents that require business decisions or broader organizational response.

Together, host isolation and orchestrated customer notification ensures that autonomous response is never a black box — customers retain full situational awareness even as Kanati acts at machine-speed on their behalf.

Pricing and availability

MDR Essentials with the Kanati Agentic SOC for autonomous operation will be available by April 30, 2026. Pricing will be based on the number of endpoints in the customer environment.