Sharing 20+ years of cyberthreat expertise: Kaspersky opens privileged access to curated features of its threat intelligence
Kaspersky Threat Intelligence Portal is a single point of access for the company’s threat intelligence, providing all cyberattack data and insights gathered by Kaspersky. It helps enterprises to investigate and respond to a threat in a timely way. With the latest portal update, driven by its ultimate goal of building a safer world, Kaspersky today makes this tool for deep threat analysis available to a wider audience of incident responders and Security Operation Center (SOC) analysts, working in-house and at Managed Security Service Providers (MSSPs).
Access to relevant threat information enables a company to speed up its analysis of suspicious objects, making IT security departments more effective. Despite this, a recent Kaspersky survey revealed that only 36% of enterprises currently use threat intelligence, while one third (31%) of respondents seek to implement the use in the next 12 months[1].
One of the main barriers to adoption is the high cost of commercial threat intelligence sources. To address this, Kaspersky has made a selection of functions of its Threat Intelligence Portal – which were previously only available to enterprise customers – accessible to the general public. The service delivers a vast range of up-to-date and historical threat intelligence collected by the company.
Every submitted file is analyzed by a set of advanced threat detection technologies, such as heuristic analysis and Kaspersky Cloud Sandbox, to monitor its behavior and actions. The Sandbox is based on its proprietary and patented technology, which is used internally and allows Kaspersky to detect more than 346,000 new malicious objects every day.
Besides advanced threat detection technologies, information about submitted files, URLs, IP addresses, or hashes, the portal is enriched with threat intelligence aggregated from fused, heterogeneous, and highly reliable sources. This includes information from the Kaspersky Security Network, which comprises its own web crawlers, spam traps, research findings, partner information, and much more. The heavily anonymized data is carefully inspected and refined using several preprocessing techniques and technologies, such as statistical systems, similarity tools, sandboxing, behavioral profiling, whitelisting verification, and analyst validation.
“IT security teams in enterprises deal with numerous alerts every day. To find out which requires detailed investigation or immediate response, specialists need context such as how widespread the suspicious object is or where it originates. Therefore, having access to up-to-date information is essential to protect companies from cyber threats. To meet our mission of building a safer world, we are happy to announce that the Kaspersky Threat Intelligence Portal will make relevant and insightful data available to a wide range of companies,” – commented Artem Karasev, Senior Product Marketing Manager, Cybersecurity Services, at Kaspersky.
Every user of the Threat Intelligence Portal can upload any number of files to check with lookups for URL, hash, or IP limited by 100 requests per day. For users with a full commercial license, additional premium functionality, including access to detailed Threat Lookup and Cloud Sandbox reports, APT Intelligence and Financial Threat Intelligence Reporting, and Sandbox for URLs, is available.
This level of access to Kaspersky Threat Intelligence joins the range of Kaspersky’s open-access products for businesses such as Kaspersky CyberTrace, intended for integration of different threat intelligence feeds with various security controls and Kaspersky Anti Ransomware Tool for Business.
Kaspersky is further developing the Threat Intelligence Portal features and capabilities that are available for all analysts. It plans to introduce advanced APT detection, static analysis, and other features at a later date.
Kaspersky Threat Intelligence Portal is now available to all information security analysts on the website.
[1] Kaspersky Corporate IT Security Risks Survey 2019 – Brand13. “What is your organization’s adoption of, or plans to adopt each in the next 12 months? – Threat of intelligence.”
