Driven by the goal of building a safer world, Kaspersky today announces new access to its threat intelligence portal offering its revered threat analysis to a wider audience of incident responders and Security Operation Center (SOC) analysts working in-house and at Managed Security Service Providers (MSSPs). Kaspersky Threat Intelligence Portal is a single point of access for the company’s threat intelligence and provides all cyberattack data and insights gathered by Kaspersky, allowing enterprises to investigate and respond to threats in a timely manner.
Access to relevant threat information enables a company to quickly analyze suspicious activity, making the work of IT security departments more effective. Despite this, a recent Kaspersky survey revealed that only 36% of enterprises currently use threat intelligence, while less than one third (31%) of respondents are seeking to implement this tool in the next 12 months1.
Since the main barrier of adopting this deep level of analysis is the high cost of commercial threat intelligence sources, Kaspersky has made a curated selection of its Threat Intelligence Portal functions, which were previously only available to enterprise customers, accessible to the general public. The service delivers a vast range of current and historical threat intelligence collected by the company.
With this level of access to basic threat intelligence, analysts can more efficiently validate which alerts pose real threats and prioritize incidents based on risk level. Whenever SOC analysts find a suspicious threat indicator, whether it be a file, file hash, IP address or URL, they can now check it on the Kaspersky Threat Intelligence Portal. The portal will then determine if it is malicious, as well as provide information on how widespread the threat is. It also presents analysts with names the threat has previously been detected under, details of organizations which have registered a suspicious web resource, the date the domain was created, when the file was first and last detected, etc.
Every submitted file is analyzed by a set of advanced threat detection technologies such as heuristic analysis and Kaspersky Cloud Sandbox to monitor its behavior and actions. The Sandbox is based on the company’s proprietary and patented technology which is used internally and allows Kaspersky to detect more than 346,000 new malicious objects every day.
In addition to advanced threat detection technologies, information about submitted files, URLs, IP addresses or hashes, the portal is also enriched with threat intelligence aggregated from fused, heterogeneous and highly reliable sources. This includes information from the Kaspersky Security Network which is made up of the company’s own web crawlers, spam traps, research findings, partner information and more. The heavily anonymized data is carefully inspected and refined using several preprocessing techniques and technologies such as statistical systems, similarity tools, sandboxing, behavioral profiling, whitelisting verification and analyst validation.
“IT security teams in enterprises deal with numerous alerts every day. To find out which require detailed investigation or immediate response, specialists need context such as how widespread the suspicious object is, or where it originates from,” said Artem Karasev, senior product marketing manager of cybersecurity services at Kaspersky. “Therefore, having access to up-to-date information is essential to protect companies from cyber threats. To meet our mission of building a safer world, we are happy to announce that the Kaspersky Threat Intelligence Portal will make relevant and insightful data available to a wide range of companies.”
Each user of the Threat Intelligence Portal can upload any number of files to check with lookups for URL, hash or IP limited by 100 requests per day. For users with a full commercial license, additional premium functionality, including access to detailed Threat Lookup and Cloud Sandbox reports, APT Intelligence and Financial Threat Intelligence Reporting and Sandbox for URLs, is available.
This new level of access to Kaspersky Threat Intelligence joins the range of Kaspersky’s open access products for business such as Kaspersky CyberTrace, intended for integration of different threat intelligence feeds with various security controls, and Kaspersky Anti Ransomware Tool for Business.
Kaspersky Threat Intelligence Portal is now available to all information security analysts on our website.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
1 Kaspersky Corporate IT Security Risks Survey 2019 – Brand13. “What is your organization’s adoption of, or plans to adopt each in the next 12 months? – Threat intelligence”