Connect with us

Hi, what are you looking for?

Biz Solutions

Kaspersky launches centralized Threat Intelligence Platform for TI management

To help corporate security and incident response teams facilitate threat detection, investigation and response and raise the efficiency of IT security operations, Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralized Threat Intelligence Platform.

The Kaspersky CyberTrace solution has been updated to include extended threat intelligence platform capabilities including alert triage, threat data analysis and incident investigation. The new paid edition integrates with all commonly used security information and event management (SIEM) solutions and security controls and provides graphical visualization for efficient responses. The community version of CyberTrace remains available for free.  

Multiple threat intelligence sources constantly process vast amounts of information and generate millions of alerts. This level of fragmented and multi-format data makes effective alert prioritization, triage, and validation incredibly difficult. That is why the ability to identify real threats remains one of the top challenges for IT security teams.

To help corporate security and incident response teams facilitate threat detection, investigation and response and raise the efficiency of IT security operations, Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralized Threat Intelligence Platform.

The new edition of the solution has been updated with advanced features that allow security teams to conduct complex searches across all indicator fields, analyze observables from previously checked events, measure the effectiveness of integrated feeds and a feed intersection matrix. 

Advertisement. Scroll to continue reading.

It also offers a public API for integration with automated workflows. In addition, the platform now supports Multiuser and Multitenancy features to control operations that are managed by different users and handle events from different branches separately. The paid edition, which is suitable for large enterprises and MSSPs, supports all features and enables processing and downloading an unlimited number of EPS and IoCs.

Kaspersky CyberTrace remains free for users in its community edition. This version provides all the existing capabilities of the solution, as well as the new functions mentioned above, except for the ability to add multi-user and multi-tenancy accounts. It also limits the number of processed events per second (up to 250) and the number of indicators that can be downloaded (up to one million). 

Unique integration approach

Kaspersky CyberTrace smoothly integrates with all commonly used SIEM solutions and security controls, supporting any threat intelligence feed in STIX 2.0/2.1/1.0/1.1, JSON, XML and CSV formats. By default, the solution includes native integration of a broad portfolio of Kaspersky Threat Data Feeds which are generated by hundreds of the company’s experts, including security analysts from across the globe and its leading-edge GReAT and R&D teams.

The platform solves the problem of ingesting many Indicators of Compromise (IoCs) to SIEMs which can lead to delays in the processing of incidents and missed detections. Kaspersky CyberTrace automatically extracts IoCs from logs coming to SIEMs and analyzes them internally within the owned in-built machine engine. That enables faster processing of an unlimited number of IoCs without overloading the SIEM.

Advertisement. Scroll to continue reading.

Easy management 

A dashboard with statistical detection data broken down by TI source helps users to identify and measure which streams of threat intelligence are most relevant for their organization, while the multi-tenancy feature facilitates knowledge sharing and reporting for decision-makers on threat intelligence practices, allowing users to handle events from different branches (tenants). 

The ability to tag IoCs helps users to evaluate the importance of an incident. IoCs can also be automatically sorted and filtered based on these tags and their weights. This feature simplifies the management of groups of IoCs and their relevance.  

Convenient tools for threat investigation

To obtain the full overview of an incident and understand its magnitude, the service now includes the Research Graph. This tool helps analysts study the relationships between indicators and develop an incident perimeter in a graphical visualization for more efficient responses. Relationships are built depending on the feeds ingested to Kaspersky CyberTrace, enrichments from Threat Intelligence Portal, and manually added indicators. 

Advertisement. Scroll to continue reading.

A REST API allows analysts to look up and manage threat intelligence or easily integrate the platform into complex environments for automation and orchestration.

“Today, given the growing complexity of the cyberthreat landscape, we see that organizations need comprehensive solutions for faster, high-quality threat detection, investigation and response. Kaspersky’s expanded CyberTrace for enterprises and MSSPs, combines rich out-of-the-box functionality with the flexibility to customize and tune in to individual alerts, triage and evaluate them based on various TI sources, allowing security teams to focus on the most relevant notifications effectively,” comments Ariel Jungheit, Senior Security Researcher at Kaspersky.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement