Skip to main content

KASPERSKY VULNERABILITY DATA FEED

Kaspersky Vulnerability Data Feed accelerates security operations by providing data about security vulnerabilities and related cyber threat intelligence to reduce cyber risks and streamline investigation and response.

The vulnerability management market is growing because more security professionals understand that knowledge of vulnerable applications in their environment addresses their top challenges. Visibility, priority, and context are now key differentiators in the market. Legacy vulnerability-scanning technology becomes outdated and less effective. Vendors that can provide risk-aware intelligence, superior remediation capabilities, and clear, meaningful reporting position themselves to take the lead.

Most adversaries exploit known vulnerabilities to conduct attacks. With the number of vulnerabilities announced and discovered on the rise, organizations can’t patch every vulnerability fast enough that opens cyber risks for them. The challenge is focusing resources on addressing the known security weaknesses in environments that cyber criminals are using in their campaigns to compromise organizations.

To address the increased need for protection from vulnerabilities, Kaspersky has released a new intelligence data feed – the one specifically collecting the data about security vulnerabilities and related cyber threat intelligence.

Kaspersky Vulnerability Data Feed can be used in multiple ways. For example, one customer may want to match hashes of exploits and generate high priority alerts, while another may want to match hashes of exploits and vulnerable applications but generate low priority alerts. Other customers may want to use a special vulnerability scanner to scan their network for unpatched and high-risk applications.

Feed Contents

The feed contains the following information for each threat:

  • kla_id: Kaspersky ID of a threat that can be eliminated by patching the system with patches indicated in the record (it can cover several CVE).
  • detection_date: the date when the KLA was discovered.
  • severity: level of vulnerability severity (Warning, High, Critical).
  • description: Description of vulnerabilities caused by this threat.
  • vendors: a list of vendors of vulnerable applications.
  • affected_products: a list of vulnerable applications with their versions.
  • solution_description: description of a solution to mitigate the threat.
  • solution_urls: links to updated applications with patched vulnerabilities.
  • advisory_urls: a list of links to blogs, advisory, statements of vendors where the vulnerabilities are mentioned.
  • impacts: possible direct results of vulnerability exploitation.
  • cve: a list of CVE related to the threat (KLA).
  • patches: a list of patches to fix the threat (KLA).
  • vulnerable_files: a list of hashes (MD5, SHA1 and SHA265) of vulnerable applications (TOP100 for the last 90 days).
  • exploits: a list of hashes (MD5, SHA1, SHA265 and threat name) of files that exploit the vulnerabilities (TOP100 for the last 90 days).

These features make Kaspersky Vulnerability Data Feed a perfect choice for not just cybersecurity service providers, but also companies that wish to reduce cyber risks and streamline investigation and response. It will also be a valuable part of all-around Threat Intelligence solutions.