The latest release of Kaspersky Threat Intelligence service includes a range of improved feeds that contribute to a deeper understanding of cyberattackers’ behavior, tactics, techniques, and procedures regardless of region or language.
Kaspersky Threat Intelligence service also contains new integrated elements allowing for the protection of companies’ brands on social networks and in marketplaces.
According to statistics provided by Kaspersky Global Emergency Response Team, the average duration of a prolonged attack is 94.5 days before it is detected.
“To protect businesses from hidden threats like these, companies should provide their security teams with reliable solutions that help them stay one step ahead of cybercriminals and eliminate cyber risks before they can do any harm,” Kaspersky said.
To implement this goal, Kaspersky updated its Threat Intelligence with new Threat Hunting and Incident Investigation capabilities. Providing information in human- and machine-readable formats, the solution supports security teams with meaningful context throughout the incident management cycle, boosts incident investigations, and informs strategic decision-making.
Advanced Threat Data Feeds for better protection
The latest release of Kaspersky Threat Intelligence contains new feeds on crimeware, cloud services, and threats to open-source software. These feeds will help customers to detect or prevent confidential data leakage and mitigate risks of supply chain attacks and vulnerable or politically compromised software components. It also introduces Industrial Vulnerability data feed in OVAL format. It allows customers to find vulnerable ICS software easily on Windows hosts in their networks by using popular vulnerability scanners.
The existing feeds are enriched with additional valuable and actionable information such as new threat categories, attack tactics, and techniques in MITRE ATT&CK classification, which will help customers identify their adversary, investigate and respond to the threats faster and more efficiently.
Integration with security information and event management (SIEM) solutions via Kaspersky CyberTrace is also enhanced with the automated parsing of indicators of compromise (IoCs) directly from emails and PDFs. CyberTrace now supports flexible export format of IoCs, allowing seamless integration of filtered Threat Data Feeds into third-party security controls.
Better visibility for in-depth investigation
Kaspersky Threat Intelligence extended its coverage to IP addresses and added new categories such as DDoS, Intrusion, Brute-force, and Net scanners, as customers previously made many searches related to these types of threats. The updated solution also supports filters that can help users specify criteria sources, sections, and periods for automated schedule searches.
The Research Graph, a graphic visualization tool, was also updated to support two new nodes: actors and reports. Users can apply them to find additional connections with IoCs. This option accelerates threat response and threat-hunting activities by highlighting IoCs from high-profile attacks described in APT, crimeware, and industrial reports as well as in Actor profiles.
Reliable brand protection on social networks and marketplaces
The brand protection capability of Threat Intelligence was improved by adding new notifications to the Digital Footprint Intelligence service. Now it supports real-time alerts for Targeted Phishing, fake Social Networks accounts, or applications in Mobile Marketplace.
It helps to track the appearance of the phishing website targeting its brand company name, online services, or trademarks and provides relevant, accurate, and detailed information about phishing activities. The updated solution also monitors and detects malicious mobile applications impersonating the customer’s brand and fake organization profiles on social networks.
Improved threat analysis tools
The updated Kaspersky Cloud Research Sandbox now supports Android OS and MITRE ATT&CK mapping, related metrics will be displayed on a dashboard of the Cloud Sandbox. It also provides all network activities across all protocols, including IP, UDP, TCP, DNS, HTTP(S), SSL, FTP, POP3, and IRC. The user can now specify command lines and file parameters to launch the emulation in a tailored way.