The latest release of Kaspersky Threat Intelligence service includes a range of improved feeds that contribute to a deeper understanding of cyberattackers’ behavior, tactics, techniques and procedures regardless of region or language.
Cybercriminals can remain undetected in companies’ networks, obtaining sensitive information resulting in financial loss, reputational damage, and long-lasting system failures. According to statistics provided by Kaspersky Global Emergency Response Team, the average duration a prolonged attack is 94.5 days before it is detected by InfoSec specialist. To protect businesses from hidden threats like these, companies should provide their security teams with reliable solutions that help them stay one step ahead of cybercriminals and eliminate cyber risks before they can do any harm.
To implement this goal, Kaspersky updated its Threat Intelligence[1] with new Threat Hunting and Incident Investigation capabilities. Providing information in human- and machine-readable formats, the solution supports security teams with meaningful context throughout the incident management cycle, boosts incident investigations and informs strategic decision-making.
Advanced Threat Data Feeds for better protection
The latest release of Kaspersky Threat Intelligence contains new feeds on crimeware, cloud services and threats to open-source software[2]. These feeds will help customers to detect or prevent confidential data leakage and mitigate risks of supply chain attacks and vulnerable or politically compromised software components. It also introduces Industrial Vulnerability data feed in OVAL format. It allows customers to find vulnerable ICS software easily on Windows hosts in their networks by using popular vulnerability scanners.
The existing feeds are enriched with additional valuable and actionable information such as new threat categories, attack tactics and techniques in MITRE ATT&CK classification, which will help customers identify their adversary, investigate and respond to the threats faster and more efficiently.
Integration with Security information and event management (SIEM) solutions via Kaspersky CyberTrace[3] is also enhanced with the automated parsing of indicators of compromise (IoCs) directly from e-mails and PDFs. Moreover, CyberTrace now supports flexible export format of IoCs, allowing seamless integration of filtered Threat Data Feeds into third party security controls.
Better visibility for in-depth investigation
Kaspersky Threat Intelligence extended its coverage to IP addresses and added new categories such as DDoS, Intrusion, Brute-force and Net scanners, as customers previously made many searches related to these types of threats. The updated solution also supports filters that can help users specify criteria sources, sections and periods for automated schedule searches.
The Research Graph, a graphic visualization tool, was also updated to support two new nodes: actors and reports. Users can apply them to find additional connections with IoCs. This option accelerates threat response and threat hunting activities by highlighting IoCs from high profile attacks described in APT, crimeware and industrial reports as well as in Actor profiles.
Improved threat analysis tools
The updated Kaspersky Cloud Research Sandbox now supports Android OS and MITRE ATT&CK mapping, related metrics will be displayed on a dashboard of the Cloud Sandbox. It also provides all network activities across all protocols, including IP, UDP, TCP, DNS, HTTP(S), SSL, FTP, POP3, IRC. The user can now specify command lines and file parameters to launch the emulation in a tailored way.
‘We have been focusing on threat research at Kaspersky for over two decades. With petabytes of rich threat data, advanced machine learning technologies and a unique pool of global experts we work to support customers with the latest threat intelligence from all over the world, helping them to defend themselves even from previously unseen cyberattacks’, comments Anatoly Simonenko, Head of Technology Solutions Product Management at Kaspersky.
Learn more about Kaspersky Threat Intelligence.
[1] Kaspersky Threat Intelligence is a service that provides evidence-based knowledge, context and actionable recommendations about cyber threats.
[2] Among new feeds are Cloud Access Security Broker (CASB) feed and Open Source Software Threats (OSST) feed.
[3] Kaspersky CyberTrace is a Threat Intelligence Platform that helps analysts make timely and better-informed decisions. It uses continuously updated threat data feeds to timely detect cyber threats, prioritize security alerts about threats and effectively respond to information security incidents.