Kaspersky today announced that the latest version of its solution (Kaspersky Threat Intelligence) includes enhanced summaries that provide insights into the activities of attackers on global networks and the methods, techniques and procedures they use, regardless of the region or language they are in.
The Russian information security company added that the release also includes new built-in features that ensure the protection of corporate brands on social networks and marketplaces.
Criminals can hide and become untraceable on corporate networks, which means they can access sensitive information, which can lead to financial loss, reputational damage, and even system crashes in the long run. According to statistics from Kaspersky's Global Incident Response Team, the average duration of a long-term attack was 94.5 days before information security professionals could detect it.
To protect organizations from these hidden threats, they must provide their security teams with trusted solutions that help them stay ahead of cybercriminals and eliminate cyber risks before they harm business.
To achieve this, Kaspersky Lab has updated threat intelligence with new features that help monitor threats and investigate incidents. By presenting and formatting information in a human- and machine-readable manner, the new solution provides security teams with meaningful context throughout the incident management lifecycle, improving investigation of incidents as soon as they occur and guiding strategic decision-making.
Provides advanced threat intelligence to ensure better protection
The latest version of Kaspersky Threat Intelligence includes new information about criminal software, cloud services, and open source software threats, designed to help customers detect or completely prevent breaches of confidential data and systematically respond to attacks and vulnerabilities in the supply chain to reduce them. Software components have some risks.
It also provides a summary of industry vulnerability data in OVAL format. It allows customers to easily find vulnerable ICS software in tools that Windows hosts on their network using popular vulnerability scanners.
Existing summaries are supplemented by additional, more valuable and actionable information, such as new threat classes, attack methods and techniques (MITER ATT & CK). This allows customers to identify attackers, investigate threats, and then respond faster and more effectively.
In addition to the previous improvements, integration with SIEM (Information and Event Management) solutions via Kaspersky CyberTrace has been improved. This is accomplished by automatically scanning IoCs directly from emails and PDFs. CyberTrace also now supports flexible export formats for these metrics, allowing seamless integration of filtered threat intelligence feeds with third-party security controls.
Better visibility for in-depth investigations
Kaspersky Threat Intelligence expands its coverage to IP (Internet Protocol) addresses and adds new categories such as DDoS, Intrusion, Brute Force and Network Scanner. This is the case according to many searches from customers related to this type of threat. The updated solution supports filters that allow users to specify default sources, services, and time periods for automatically scheduled searches.
The search schema has been updated to support two new nodes: Actors and Reports. Users can rest assured of finding additional connections with automatic IoC scanning. This option helps speed up response to threats and phishing activities as it is enabled by automated analysis that highlights high-level attacks described in APTs, forensic software, industry reports, and attacker profiles. Social networks and marketplaces
Brand protection in Threat Intelligence has been improved with new alerts added in Digital Footprint Intelligence. The service is now able to support real-time alerts to warn of phishing scams, fake social media accounts, or apps in the mobile marketplace.
The service also monitors the appearance of phishing sites targeting a company name, online service or brand and provides relevant, accurate and detailed information about phishing campaigns. The updated version of the solution also monitors and detects malicious mobile apps, particularly those that impersonate customers' brands and spoof corporate social media profiles.
Enhanced threat analysis tools
The Kaspersky Cloud Research Sandbox update now supports Android OS detection and MITER ATT & CK while displaying relevant metrics on the Cloud Sandbox dashboard. The same tool provides all network activities on all protocols including: (IP), (UDP), (TCP), (DNS), HTTP (S), (SSL), (FTP), and (POP3). ) and (IRC). This means that users can now specify command line windows and files to launch company simulations.
“For more than two decades, our work at Kaspersky has focused on threat research,” said Anatoly Simonenko, Head of Product Management at Kaspersky Technology Solutions. “With this comprehensive threat intelligence, machine learning capabilities, and unique global network of experts, we make sure our customers use In supporting the latest threat intelligence we collect from around the world, even to help them defend against cyberattacks that were previously difficult to detect.