Kaspersky updates its threat intelligence portal
Security vendor extends functions of the updated portal to both enterprise customers and the general public
Kaspersky has updated its Threat Intelligence Portal to help enterprises investigate and respond to a threat in a timely way. This tool for deep threat analysis is now available to a wider audience of incident responders and Security Operation Center (SOC) analysts, working in-house and at Managed Security Service Providers (MSSPs).
One of the main barriers to adoption is the high cost of commercial threat intelligence sources. To address this, Kaspersky has made a selection of functions of its Threat Intelligence Portal – which were previously only available to enterprise customers – accessible to the general public. The service delivers a vast range of up-to-date and historical threat intelligence collected by the company.
With this level of access to basic threat intelligence, analysts can quickly validate which alerts pose real threats and prioritise incidents based on risk level. Whenever SOC analysts find a suspicious threat indicator, whether it be a file, file hash, IP address or URL, they can now check it on the Kaspersky Threat Intelligence Portal. The portal will then determine if it is malicious, as well as provide information on how widespread the threat is. It also presents analysts with names the threat has previously been detected under, details of organisations which have registered a suspicious web resource, the date the domain was created and when the file was seen for the first and last time, among other information.
Every submitted file is analysed by a set of advanced threat detection technologies such as heuristic analysis and Kaspersky Cloud Sandbox, to monitor its behavior and actions. The Sandbox is based on the company’s proprietary and patented technology, which is used internally and allows Kaspersky to detect more than 346,000 new malicious objects every day. Besides advanced threat detection technologies, information about submitted files, URLs, IP addresses or hashes, the portal is enriched with threat intelligence aggregated from fused, heterogeneous and highly reliable sources.
This includes information from the Kaspersky Security Network which is made up of the company’s own web crawlers, spam traps, research findings, partner information and much more. The heavily anonymised data is carefully inspected and refined using several preprocessing techniques and technologies, such as statistical systems, similarity tools, sandboxing, behavioral profiling, whitelisting verification and analyst validation.
“IT security teams in enterprises deal with numerous alerts every day. To find out which require detailed investigation or immediate response, specialists need context such as how widespread the suspicious object is, or where it originates from. Therefore, having access to up-to-date information is essential to protect companies from cyberthreats. To meet our mission of building a safer world, we are happy to announce that the Kaspersky Threat Intelligence Portal will make relevant and insightful data available to a wide range of companies,” said Artem Karasev, senior product marketing manager, Cybersecurity Services, at Kaspersky.
Every user of the Threat Intelligence Portal can upload any number of files to check with lookups for URL, hash or IP limited by 100 requests per day. For users with a full commercial license, additional premium functionality, including access to detailed Threat Lookup and Cloud Sandbox reports, APT Intelligence and Financial Threat Intelligence Reporting and Sandbox for URLs is available.