Woburn, MA – September 19, 2016 – Today, Kaspersky Lab is proud to announce the availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range. Machine-Readable Threat Intelligence provides customers with Threat Data Feeds and tools to integrate with the world’s most popular SIEM platforms.
This combination gives enterprises an unprecedented view of the threat landscape and supplies their Security Operations Centers with Indicators of Compromise needed to identify and block a multitude of cyber attacks as fast as possible. Within the Threat Data Feeds package of malware indicators for desktops and mobiles, malicious URLs has been amended with IP Reputation – a new data stream that helps customers bring their threat intelligence to a new level.
According to Kaspersky Lab’s "Measuring the Financial Impact of IT Security on Businesses" report, the fast discovery of security breaches has a direct and measurable impact on recovery costs. Based on feedback from more than 4,000 business representatives across 25 countries, the research shows that every day a security breach goes undetected, it can costs large businesses $100,000 on average.
The overall recovery bill for a security breach that remains undetected for a week can be as high as $1.1 million, while an average cost of recovery from a breach detected within hours is less than $400,000. This monetary proof calls for an efficient detection strategy of active security breaches based on the modern concept of the Security Operations Center.
Threat Data Feeds: expanded and running at full power
The optimum solution to the problem of fast incident discovery is actionable security intelligence. This means being able to spot an attack at any point using a variety of methods. While typical prevention tools focus on analyzing activity on endpoints, an additional layer of security has to be in place. In case endpoint protection is circumvented for some reason, a security system has to be able to spot an attack on other levels.
Kaspersky Threat Data Feeds provide:
- Indicators of malicious programs (malware hashes) – Regular updates of this feed provide enterprises with the right insight into the threat landscape in almost real time.
- Malicious URLs, Phishing and Command & Control URLs. This data stream may serve as the first clue to discern regular activity from a well-hidden cyber-attack. Includes data about URLs associated with malware, phishing and botnet operation targeting PCs and mobile devices.
- Mobile Threats – A special package aimed at the telecoms industry with information about the latest malicious programs for mobile devices.
- IP Reputation data – (New, Available from August 2016) The IP Reputation feed is invaluable in identifying active breaches thanks to our worldwide, constantly updated data on command and control servers and sources of cyber attacks.
All feeds include additional contextual data that helps enterprises to fine-tune their threat detection algorithms, define priorities of their Security Operation Centers and speed up incident response. These include timestamps of a recorded event, the list of the most affected countries, related IPs for URLs and domains and other information.
Integration: Support for three major SIEM solutions
"Threat intelligence gathering is the very nature of our business. In some cases it becomes much easier to integrate Kaspersky Threat Data Feeds into customer’s SIEM, than run migration to change existing anti-malware products," said Veniamin Levtsov, Kaspersky Lab’s Vice President, Enterprise Business. "These feeds allow our customers to be protected by Kaspersky Lab without any significant changes to their enterprise security system. Threat Intelligence is more than just prevention: we provide machine-readable data which empowers enterprise SOCs with the ability to identify and remediate even the most sophisticated and targeted attacks. Finally, with the completion of support for three world-leading SIEM systems, our Threat Intelligence Platform can be deployed swiftly within the majority of enterprises."
In addition to previously announced support for Splunk, Threat Data Feeds can now be integrated with IBM QRadar and HP ARCsight SIEM systems. Kaspersky Lab is working to expand the availability of its Machine-Readable Threat Intelligence on more enterprise platforms to help businesses enhance the capabilities of their Security Operations Centers.
Availability and pricing: Threat Data Feeds, part of the Security Intelligence Services offering for businesses, is available worldwide. More details and contact information are available at Kaspersky Lab’s website.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit: Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter