The free version of the Kaspersky Threat Intelligence Portal offers registered users new, extended functions via community access. Thanks to an API integration, your own applications can now be connected to the service.
In addition, Kaspersky Cloud Sandbox provides a way to get a limited number of full reports on the behavior of a file or URL. In order to increase data protection, a special transfer mode has also been introduced that allows files to be checked so that the results are not available to others, with the exception of Kaspersky.
Threat Intelligence offering
Investing in threat intelligence is one of the main measures after a data breach, as current Kaspersky research shows - for both medium-sized (39 percent) and large (41 percent) companies. For companies, however, the high cost of commercial threat intelligence offerings can be an obstacle to adoption. In order to counteract this fact and to be able to make threat information available to a larger number of organizations, Kaspersky is continuously developing new functions to offer them free access to the Kaspersky Threat Intelligence Portal.
Premium features for community members
After registering, users receive a special API with which they can connect the service to customized projects and solutions. This allows them to send and receive information on files, hashes, IP addresses and URLs from Kaspersky Threat Intelligence Portal through their own applications without visiting the web service. This facilitates automated requests to review suspicious objects.
All registered users can execute a limited number of suspicious files and URLs in Kaspersky Cloud Sandbox, which contains advanced anti-bypass techniques. This gives you a final decision about the dangerousness of the file and basic information about risky objects as well as a detailed report on the activities of the file, including its behavior on certain websites such as downloads, JavaScript or the execution of Adobe Flash.
Threat Intelligence: free community access
The updated Kaspersky Threat Intelligence Portal now includes a private submission mode that ensures that the analysis results of shared samples are not available to anyone, including other community members, with the exception of Kaspersky. Thus, the functionality of the service is also available and interesting for organizations with strict data protection guidelines. Community members have the full history of their searches (both private and public) available, while others can only access the list of public requests.
The free Kaspersky service can now perform a static analysis that contains data on the PE file structure (Portable Executable) and extracted strings for more detailed information on transmitted files. The PE format refers to files that run on Windows and contains information about how the operating system should execute its code. Based on these analysis results, security researchers can identify the functionality of the object and, as long as it does not have typical artifacts, determine its harmful potential, even if the malware was previously unknown. The results can also be used to create indicators of compromise, detection heuristics or rules.
More data protection and detailed threat intelligence
In addition to the sandbox, heuristic analysis, and emulation and reputation services, the free version of the Kaspersky Threat Intelligence Portal now uses technology for behavioral detection. This increases detection rates and helps identify advanced threats and APTs.
“The time it takes to respond to an incident is one of the most important KPIs for IT security teams,” said Artem Karasev, Senior Product Marketing Manager, Cybersecurity Services at Kaspersky. “Now that they are under high pressure from a growing number of threats, speed of response has become even more important. To help the cybersecurity community during this difficult time, we've expanded our ability to integrate threat intelligence into their processes for free, so they can automate routine tasks. In addition, we have provided access to more comprehensive information that may assist in dealing with an incident."
Paid version for more complex incident investigations
Users can upgrade to a commercial license of the Kaspersky Threat Intelligence Portal by requesting access to it from the free version. The paid version helps conduct complex incident investigations by outlining specific APT actors, campaigns, their motivations and tactics, techniques and procedures.
More on this at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/