To support security and response teams in companies in the detection, investigation and combating of threats and to increase the efficiency of IT security processes, Kaspersky has turned its threat intelligence fusion and analysis tool, Kaspersky CyberTrace, into a central threat intelligence -Platform expanded.
The Kaspersky CyberTrace solution now includes enhanced threat intelligence platform functions. This includes, among other things, an alert triage, the analysis of threat data and the investigation of incidents. The paid version can be integrated with all common SIEM (Security Information and Event Management) solutions and security controls and offers a graphic visualization for an efficient reaction. The community version of Kaspersky CyberTrace is still available free of charge.
CyberTrace threat intelligence platform
Multiple sources of threat intelligence constantly process huge amounts of information and generate millions of alerts. This fragmented and differently formatted data makes the effective prioritization, classification and validation of warning messages difficult and represents a challenge for IT security teams.
The solution has been enhanced with advanced functions with which security teams can perform complex searches across all indicator fields, analyze what has been observed from previously checked events, measure the effectiveness of integrated feeds and create a feed interface matrix. It also offers a public API for integrating automated workflows. In addition, the platform now provides multi-user and multi-tenancy functions to control processes that are managed by different users and to handle events from different branches separately. The paid version, which is suitable for large companies and MSSPs, supports all functions and allows processing and downloading of an unlimited number of EPS and Indicators of Compromise (IoC).
Community version for users remains free of charge
Kaspersky CyberTrace a centralized platform for threat intelligence management (Image: Kaspersky).
Kaspersky CyberTrace remains free of charge for users in the community version. It offers all of the existing capabilities of the solution as well as the new features mentioned above, with the exception of the ability to add multi-user and multi-tenant accounts. It also limits the number of events processed per second (up to 250) and the number of indicators that can be downloaded (up to a million).
Kaspersky CyberTrace can be seamlessly integrated into all common SIEM solutions and security controls and supports all threat intelligence feeds in the STIX 2.0 / 2.1 / 1.0 / 1.1, JSON, XML and CSV formats. By default, the solution includes native integration of a broad portfolio of Kaspersky Threat Data Feeds generated by hundreds of company experts.
Unique approach to integration
The platform addresses the challenge of feeding many different IoCs into SIEMs, which can lead to delays in processing incidents and missed detections. Kaspersky CyberTrace automatically extracts IoCs from logs received in SIEMs and analyzes them in its own built-in machine engine. This enables an unlimited number of IoCs to be processed faster without overloading the SIEM.
Easy administration
A dashboard with statistical detection data broken down by TI sources also helps users to identify and analyze which threat data is most relevant to their company. The multi-tenancy function also facilitates the exchange of knowledge and reporting for decision-makers with regard to threat intelligence practices and enables users to process events from different tenants.
The ability to tag IoCs helps assess the relevance of an incident. IoCs can also be automatically sorted and filtered based on these tags and their weighting. This function simplifies the management of IoC groups and their relevance.
Handy threat analysis tools
In order to get a complete overview of an incident, the service now includes a so-called research graph. This supports analysts in examining the relationships between the indicators and the development of an incident in a graphic visualization in order to be able to react more efficiently. The relationships are created based on the feeds recorded in Kaspersky CyberTrace, the enrichments from the Threat Intelligence Portal and the manually added indicators.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/