The new release of Kaspersky Threat Intelligence (TI) unifies all vendors’ TI services, sources, and cyber-reconnaissance capabilities in a single and convenient interface. The updated portal supports real-time search across various threat intelligence resources, including Kaspersky’s databases, Dark Web and Surface Web.
New features include the visualization of cyber-investigations and extended opportunities for the analysis of complex malicious objects.
Threat intelligence, which provides insights into the threat landscape and allows organizations to anticipate risks, has become one of the most evolving and in-demand specialties — as confirmed by IT security leaders’ surveys and market predictions. However, the diverse set of TI capabilities and the variety of available sources and services have made it difficult for security specialists to assemble a unified threat intelligence solution that matches their needs.
The renewed Kaspersky Threat Intelligence Portal is a single pane of glass for threat intelligence. In addition to cyberthreat data, it also delivers validated information from external sources and new features that facilitate incident investigation as well as detection and attribution of previously unseen malicious objects.
Unified search across all threat intelligence resources
Kaspersky Threat Intelligence Portal now supports search across different sources, all in a single UI, making access to valuable insights easily accessible. Through real-time master search, customers are able to get information across Kaspersky’s databases, including APT (advanced persistent threat), crimeware, ICS (industrial control system), and Digital Footprint Intelligence reports and actor profiles as well as across Dark Web, Surface Web, and validated OSINT IoCs sources.
New Dark Web search offers instant access to insights from a comprehensive range of deep and dark web sources allowing organizations to get tailored evidence of planned attacks, discussions around vulnerabilities, and successful data breaches in order to reduce the attack surface, and secure online brand value and take appropriate actions.
To offer security practitioners a reliable source of information about global security events that can potentially or are already threatening a company’s assets, brand, or organization, Kaspersky Threat Intelligence Portal introduces Surface Web search. The service allows investigators to search for security-related news, discussions, or other content across a validated range of relevant open web sources, such as theme-based newswires, blogs, or forums.
Better visibility for in-depth investigation
Graphical visualization is an extremely useful tool for researchers when they are looking for indicators and try to find connections between them. The Research Graph introduced in Kaspersky Threat Intelligence Portal is designed to explore data stored inside the portal, discover threat commonalities and generate new related IoCs. It provides a clear picture of the relationship between web addresses, domains, IP addresses, files, and other contexts encountered during investigations. It also allows for an in-depth view of information without losing the context of the conducted investigation.
Complex threat analysis
Kaspersky Threat Intelligence Portal delivers a unified interface for complex file analysis via a merged “Threat Analysis” tab that leads to Cloud Sandbox and Threat Attribution Engine (TAE), which now runs completely in the cloud. The tab offers access to the results of Dynamic, Static, Anti-Virus and Attribution analysis for objects considered suspicious, offering enriched Threat Intelligence within a single place and providing a powerful tool for faster detection of previously unseen malicious objects.