Kaspersky Threat Intelligence enhances its threat data feeds, threat analysis and protection capabilities

Woburn, MA – February 1, 2023 – Kaspersky today announces an enhanced version of Kaspersky Threat Intelligence[1]. The new version of this offering includes a range of improved feeds that contribute to a deeper understanding of cyberattackers’ behavior, tactics, techniques and procedures regardless of region or language. It also includes new integrated elements allowing for the protection of companies’ brands on social networks and in marketplaces.

Cybercriminals can remain undetected in companies’ networks and thus obtain sensitive information resulting in financial loss, reputational damage, and long-lasting system failures. According to statistics, the average duration of a prolonged attack is 94.5 days before it is detected by InfoSec specialist. To protect businesses from hidden threats, companies should provide their security teams with reliable solutions that help them stay one step ahead of cybercriminals and eliminate cyber risks before they can do harm.

To implement this strategy, Kaspersky updated its Threat Intelligence with new Threat Hunting and Incident Investigation capabilities that will now provide information in human- and machine-readable formats, the solution supports security teams with meaningful context throughout the incident management cycle, boosts incident investigations and informs strategic decision-making.

Advanced Threat Data Feeds for better protection

The latest release of Kaspersky Threat Intelligence contains new feeds on crimeware, cloud services and threats to open-source software[2]. These feeds will help customers detect or prevent confidential data leakage and mitigate risks of supply chain attacks and vulnerable or politically compromised software components. It also introduces Industrial Vulnerability data feed in OVAL format allowing customers to find vulnerable ICS software easily on Windows hosts in their networks by using popular vulnerability scanners.

The existing feeds are enriched with additional valuable and actionable information such as new threat categories, attack tactics and techniques in MITRE ATT&CK classification, which will help customers identify their adversary, investigate and respond to the threats faster and more efficiently.

Integration with Security information and event management (SIEM) solutions via Kaspersky CyberTrace[3] is also enhanced with the automated parsing of indicators of compromise (IoCs) directly from e-mails and PDFs. Moreover, CyberTrace now supports flexible export format of IoCs, allowing seamless integration of filtered Threat Data Feeds into third party security controls.

Better visibility for in-depth investigation

Based on customer demand, Kaspersky Threat Intelligence extended its coverage to IP addresses and added new categories such as DDoS, Intrusion, Brute-force and Net scanners. The updated solution also supports filters that can help users specify criteria sources, sections and periods for automated schedule searches.

The Research Graph, a graphic visualization tool, was also updated to support two new nodes: actors and reports. Users can apply them to find additional connections with IoCs. This option accelerates threat response and threat hunting activities by highlighting IoCs from high profile attacks described in APT, crimeware and industrial reports as well as in Actor profiles.

Reliable brand protection on social networks and marketplaces

The brand protection capability of Threat Intelligence was improved by adding new notifications to the Digital Footprint Intelligence service. It now supports real time alerts for Targeted Phishing, faked Social Networks accounts or applications in Mobile Marketplace.

The update also tracks the appearance of the phishing website targeting their brand company name, online services or trademarks and provide with relevant, accurate and detailed information about phishing activities. Further, it monitors and detects malicious mobile applications impersonating the customer’s brand and fake organization profiles on social networks.

Improved threat analysis tools

The updated Kaspersky Cloud Research Sandbox now supports Android OS and MITRE ATT&CK mapping, related metrics will be displayed on a dashboard of the Cloud Sandbox. It also provides all network activities across all protocols, including IP, UDP, TCP, DNS, HTTP(S), SSL, FTP, POP3, IRC. The user can now specify command lines and file parameters to launch the emulation in a tailored way.

“Understanding that threats are growing in quantity and complexity, Kaspersky continues regularly update our Kaspersky Threat Intelligence offering to reflect the need in the threat intelligence landscape,” said Anatoly Simonenko, head of technology solutions product management at Kaspersky. “With petabytes of rich threat data, advanced machine learning technologies and a unique pool of global experts we work to support customers with the latest threat intelligence from all over the world, helping them to defend themselves even from previously unseen cyberattacks.”

Click here to learn more about Kaspersky Threat Intelligence.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelli-gence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact:

Cassandra Faro

Cassandra.Faro@Kaspersky.com

781-503-1812