Connect with us

Hi, what are you looking for?

Biz Solutions

Kaspersky launches centralized Threat Intelligence Platform for TI management

To help corporate security and incident response teams facilitate threat detection, investigation and response and raise the efficiency of IT security operations, Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralized Threat Intelligence Platform.

The Kaspersky CyberTrace solution has been updated to include extended threat intelligence platform capabilities including alert triage, threat data analysis and incident investigation. The new paid edition integrates with all commonly used security information and event management (SIEM) solutions and security controls and provides graphical visualization for efficient responses. The community version of CyberTrace remains available for free.  

Multiple threat intelligence sources constantly process vast amounts of information and generate millions of alerts. This level of fragmented and multi-format data makes effective alert prioritization, triage, and validation incredibly difficult. That is why the ability to identify real threats remains one of the top challenges for IT security teams.

To help corporate security and incident response teams facilitate threat detection, investigation and response and raise the efficiency of IT security operations, Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralized Threat Intelligence Platform.

The new edition of the solution has been updated with advanced features that allow security teams to conduct complex searches across all indicator fields, analyze observables from previously checked events, measure the effectiveness of integrated feeds and a feed intersection matrix. 

It also offers a public API for integration with automated workflows. In addition, the platform now supports Multiuser and Multitenancy features to control operations that are managed by different users and handle events from different branches separately. The paid edition, which is suitable for large enterprises and MSSPs, supports all features and enables processing and downloading an unlimited number of EPS and IoCs.

Kaspersky CyberTrace remains free for users in its community edition. This version provides all the existing capabilities of the solution, as well as the new functions mentioned above, except for the ability to add multi-user and multi-tenancy accounts. It also limits the number of processed events per second (up to 250) and the number of indicators that can be downloaded (up to one million). 

Advertisement. Scroll to continue reading.

Unique integration approach

Kaspersky CyberTrace smoothly integrates with all commonly used SIEM solutions and security controls, supporting any threat intelligence feed in STIX 2.0/2.1/1.0/1.1, JSON, XML and CSV formats. By default, the solution includes native integration of a broad portfolio of Kaspersky Threat Data Feeds which are generated by hundreds of the company’s experts, including security analysts from across the globe and its leading-edge GReAT and R&D teams.

The platform solves the problem of ingesting many Indicators of Compromise (IoCs) to SIEMs which can lead to delays in the processing of incidents and missed detections. Kaspersky CyberTrace automatically extracts IoCs from logs coming to SIEMs and analyzes them internally within the owned in-built machine engine. That enables faster processing of an unlimited number of IoCs without overloading the SIEM.

Easy management 

A dashboard with statistical detection data broken down by TI source helps users to identify and measure which streams of threat intelligence are most relevant for their organization, while the multi-tenancy feature facilitates knowledge sharing and reporting for decision-makers on threat intelligence practices, allowing users to handle events from different branches (tenants). 

The ability to tag IoCs helps users to evaluate the importance of an incident. IoCs can also be automatically sorted and filtered based on these tags and their weights. This feature simplifies the management of groups of IoCs and their relevance.  

Convenient tools for threat investigation

Advertisement. Scroll to continue reading.

To obtain the full overview of an incident and understand its magnitude, the service now includes the Research Graph. This tool helps analysts study the relationships between indicators and develop an incident perimeter in a graphical visualization for more efficient responses. Relationships are built depending on the feeds ingested to Kaspersky CyberTrace, enrichments from Threat Intelligence Portal, and manually added indicators. 

A REST API allows analysts to look up and manage threat intelligence or easily integrate the platform into complex environments for automation and orchestration.

“Today, given the growing complexity of the cyberthreat landscape, we see that organizations need comprehensive solutions for faster, high-quality threat detection, investigation and response. Kaspersky’s expanded CyberTrace for enterprises and MSSPs, combines rich out-of-the-box functionality with the flexibility to customize and tune in to individual alerts, triage and evaluate them based on various TI sources, allowing security teams to focus on the most relevant notifications effectively,” comments Ariel Jungheit, Senior Security Researcher at Kaspersky.

Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

As organizations worldwide slow down for the holidays as well as find themselves in work environment transitions - with many returning to pre-pandemic in-office...

HEADLINES

The sales season attracts the attention of shoppers and retailers; however, it is also a favorite of cybercriminals who do not hesitate to cash...

HEADLINES

The spyware presents itself as an update app with a generic icon and name, such as “App Updates.” Sophos researchers believe the attackers distribute...

HEADLINES

From October 21 to November 20, Smart has blocked an average of 400 to 500 mobile numbers daily that have been found to be...

HEADLINES

The changes in the world in 2021 have a direct effect on the development of sophisticated attacks in the coming year.

HEADLINES

The “Women in IT” podcast was launched on October 26, 2021, with the first two episodes featuring Genie Gan, Head of Public Affairs for...

HEADLINES

A new global survey, commissioned by Kaspersky, explores the role of healthy digital habits in the family, as well as the effect of parents’...

White Papers

The report, written by SophosLabs security researchers, Sophos Managed Threat Response threat hunters and rapid responders, and the Sophos AI team, provides a unique...

Advertisement