Kaspersky Threat Intelligence now with expanded capabilities for threat data feed, threat analysis and brand protection. Introduced new Industrial Vulnerability Data Feed for detecting vulnerabilities.
Kaspersky has added new features to its threat intelligence service. The new version of Kaspersky Threat Intelligence now offers a set of streamlined feeds that help better understand cybercriminal behavior, tactics, techniques and procedures, regardless of region and language. In addition, new functions have been integrated that enable the protection of corporate brands in social networks and online marketplaces.
Vulnerabilities and Threat Analysis
Cyber criminals often gain access to company networks unnoticed and thus obtain confidential information; this can result in financial loss, reputational damage and long-term system downtime for the business. Loud Kaspersky Global Emergency Response Team statistics on average, it takes a good three months (94,5 days) before a prolonged attack is detected by an InfoSec specialist. Companies therefore need reliable solutions and services in order to be able to identify and stop threats at an early stage before they cause damage.
To this end, Kaspersky Threat Intelligence has been enhanced with new threat hunting capabilities and more effective Incident Investigation. Information is provided in both human and machine-readable formats, giving the security team a meaningful and comprehensive view of the entire incident management cycle, facilitating incident investigation and supporting strategic decision-making.
Advanced threat data feeds for better protection
The new version of Kaspersky Threat Intelligence includes new feeds on crimeware, cloud services and open source software threats. These feeds help companies detect and prevent data leaks. Furthermore, the risks resulting from supply chain attacks and potentially endangered or compromised software components are reduced. Furthermore, an Industrial Vulnerability Data Feed in OVAL format was introduced, with which users can easily find vulnerable ICS software on Windows hosts in their networks using common vulnerability scanners.
Additional valuable and actionable information has been added to the existing feeds, such as new threat categories, attack tactics and techniques in the MITER ATT&CK classification. They help companies to identify the attackers and to detect and react to threats faster and more efficiently.
The integration of Security Information and Event Management (SIEM) solutions via Kaspersky CyberTrace has also been improved by automatically analyzing IoCs (Indicators of Compromise) from emails and PDFs.
More transparency for more in-depth investigations
Kaspersky Threat Intelligence has expanded its offering to include IP addresses and added new categories such as DDoS, Intrusion, Brute-Force and Net-Scanner, since users have previously searched for these types of threats. The update also supports filters that allow users to specify sources, sections, and time periods for automatically searching schedules.
Also, the Research Graph, a graphical visualization tool, has been updated to support two new nodes: Actors and Reports. This allows users to find additional connections to IoCs. Accelerating threat response and threat hunting can be achieved by highlighting IoCs of known attacks described in APT, crimeware and industry reports, as well as threat actor profiles.
Reliable brand protection in social networks and online marketplaces as well as optimized analysis tools
By adding new notifications for Kaspersky Digital Footprint Intelligence the brand protection function of threat intelligence has been improved. Now real-time alerts for targeted phishing, fake social network accounts or applications on mobile marketplaces are supported. This makes it easier to track down phishing websites that misuse a company's name, online service or brand, and provide relevant, accurate and detailed information about phishing activity. The updated service also monitors and detects malicious mobile applications impersonating the company's brand and fake company profiles on social networks.
The way food is Kaspersky Cloud Research Sandbox updated to support Android OS and MITER ATT&CK mapping; corresponding metrics are displayed on a Cloud Sandbox dashboard. Alongside this, all network activity is displayed across all protocols including IP, UDP, TCP, DNS, HTTP(S), SSL, FTP, POP3, IRC. This allows users to specify command lines and file parameters to start the emulation individually.
Threat data as a basis
"At Kaspersky, we have been focused on threat research for over 25 years," said Anatoly Simonenko, Head of Technology Solutions Product Management at Kaspersky. “Powered by extensive, rich threat intelligence, advanced machine learning technologies and our unique team of experts, we work to empower clients with the latest threat intelligence from around the world and help them defend themselves against both known and unknown cyberattacks protection."
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/