Kaspersky Threat Intelligence Portal

The main articles are:

• Antiviruses
• Firewall
• Fraud Detection System
• Security Information and Event Management (SIEM)
• How does a hacker act in a targeted attack and how to prevent him? Threat Intelligence Services Capabilities Overview

Kaspersky Threat Intelligence Portal is a service for online scanning of suspicious objects.

2023: Optimizing Threat Data Flows

Kaspersky Lab announced on March 9, 2023 that it had updated Kaspersky Threat Intelligence services.

The updated Kaspersky Threat Intelligence services have improved threat data streams. Thanks to this, information security specialists will be able to more effectively identify and analyze the behavior of attackers, their tactics, methods and nature of cyber attacks, regardless of their region, language or goals.

According to statistics from the Kaspersky Global Emergency Response Team, on average, attackers are able to remain unnoticed in the company's IT infrastructure for 94.5 days before they are discovered. To ensure that organizations can always be one step ahead of attackers and take preventive measures without waiting for damage, Kaspersky Threat Intelligence services have improved the ability to search for threats (Threat Hunting) and investigate incidents. Information security teams receive relevant context throughout the investigation process, which allows it to speed up and help make tactically correct decisions. At the same time, information is provided both in a form readable for a person and in a format readable by a machine.

New Fides. Kaspersky Threat Intelligence has additional Crimeware feeds cloud services and threats ON open source.. They will help companies detect or prevent, data breaches as well as reduce the risk of attacks on supply chains and the likelihood of using vulnerable, compromised and dangerous components. ON The Kaspersky Industrial OVAL Data Feed for data stream is also available: it Windows provides comprehensive information about vulnerabilities in popular systems SCADA and distributed control systems (DCS).

Capabilities in existing feeds. Existing feeds are enriched with additional valuable information about new threat categories, tactics and attack techniques in the MITRE ATT&CK classification, which will allow information security teams to detect attackers, investigate incidents and respond to threats more quickly and efficiently.

Improved integration with - SIEM resolutions via Kaspersky CyberTrace: added automated parsing of compromise indicators directly from email and. PDF At the same time, Kaspersky CyberTrace supports common formats for exporting compromise indicators. This allows you to seamlessly integrate filtered feeds into third-party security controls.

Expanded categorization by threat. Kaspersky Threat Intelligence has expanded IP address coverage and added categories such as DDoS, Intrusion, Brutforce, and network scanners. The updated threat search service supports filters that help you set certain criteria for data sources, sections, and periods for automated scheduled searches.

The Research Graph visualization tool has been updated. Now it also displays information about cyber groups and reports, which allows you to find additional links with indicators of compromise. This helps speed up the processes of finding and responding to threats by highlighting compromise indicators related to attacks described in reports and profiles of cyber groups.

Protecting brand reputation. The list of notifications from the Digital Footprint service has been expanded. In real time, information security specialists can receive notifications about targeted phishing, the appearance of fake accounts on social networks or malicious applications that exploit the name of the company. This function will help not only track the appearance of such activity of attackers, but also get relevant, accurate and detailed information about it.

The updated sandbox Kaspersky Cloud Research Sandbox now supports Android OS and MITRE ATT @ CK. Research Sandbox also provides network activity analysis across all protocols, including IP, UDP,, TCP, DNS(HTTP S),, FTP, SSL POP3, IRC. In this case, the user can now specify any command line values ​ ​ to run file with the required parameters.

We've been investigating and fighting cyber threats for more than 25 years. Thanks to the accumulated petabytes of data, advanced machine learning technologies and a team of experts, we provide customers with the latest threat analytics, relying on data from all over the world, and we help to resist, among other things, previously unknown types of attacks, "said Anatoly Simonenko, head of technology solutions development at Kaspersky Lab.

2022: Thermal threat map and additional categories for analyzed IP addresses

Kaspersky Lab On October 26, 2022, the company announced the expansion of the free Threat analysts Kaspersky Intelligence Portal service to help large organizations improve the speed and quality of analysis. In threats particular, the Threat Heatmap has appeared on the portal. It allows you to to visualize distribute different types cyber attacks and major threats to each geographic area in real time. time

With this map, analysts can quickly assess the scale and spread of threats such as ransomware, exploits, web threats, spam, network attacks, and others. For each type of threat, you can select a period of time and check the top 10 countries for certain malicious objects. You can also find the top 10 specific malware samples, the most active threats and the number of cases of detection of a particular threat for each country.

Another update of the portal services affected the Lookup tab ― additional categories for analyzed IP addresses, domains and URLs appeared in it. Among the categories for IP addresses are "Spam" and "Compromised." IP addresses marked with the status "Spam" are used to send spam. IP addresses, domains, or URLs in the Compromised category are usually legitimate, but infected or compromised at the time of the search. These can be well-known web pages, for example, with an embedded malicious script. Knowing this, analysts can check which of their organization's employees visited the compromised site and use this data to investigate incidents.

In addition, users who automate their investigation processes using the RESTful API can now check 10 times more objects, and their quota has been increased from 200 to 2,000 requests per day. Increasing the quota will allow analysts to automate the analysis of a continuous stream of web addresses, domains, IP addresses, hashes. By integrating threat data with their SIEM, SOAR, XDR, or other security management systems, they can accelerate investigation and response processes.

According to a recent study, Threat Intelligence ― the main element that companies use to manage vulnerabilities (68%), ensure security (66%) and respond to incidents (62%). Cybersecurity analysts and SOC groups use Threat Intelligence to make timely and informed decisions in the event of an attack. Kaspersky Threat Intelligence Portal, in turn, provides specialists with the latest threat data.

The company has updated the Threat Intelligence portal based on feedback from users. Kaspersky Lab continues to actively invest in free tools to support the cybersecurity expert community by providing them with access to the most up-to-date threat information. The innovations are designed to help them speed up incident investigations and response, commented Artyom Karasev, Head of Product Marketing at Kaspersky Lab.

2020: The ability to receive advanced information about files and URLs using the Kaspersky Cloud Sandbox

Kaspersky Lab on November 17, 2020 announced the expansion of the list of features available to registered users of the free version of the Kaspersky Threat Intelligence Portal.

Now they can connect their applications to this service through the API and receive extended information about files and URLs using the Kaspersky Cloud Sandbox. In addition, a special subscription mode has become available that allows you to conduct confidential file checks in order to keep the results secret from other community members.

With the API, registered users can connect their security systems to the service and receive information about files, hashes, IP addresses and links without the need to use a web interface, which allows you to automate requests for checking suspicious objects. Using the sandbox Kaspersky Cloud Sandbox makes it possible to get not only a verdict and basic information about suspicious files, but also an in-depth report on file activities and events occurring with a specific page, such as downloads, execution, etc JavaScript Adobe Flash.

Thanks to the private access regime, which allows you to hide the results of the analysis from other members of the community, organizations with strict privacy policies will be able to use access to the service.

Static analysis is also now available to obtain more detailed information about downloaded files, analyze data on the structure of executable files and extracted lines. The results of such a study allow cybersecurity specialists to recognize the functionality of an object and reveal its malicious potential, even if the malware was not previously known, and they can also be used to create compromise indicators, heuristics and detection rules.

The time spent responding to an incident is one of the main KPIs of employees of cybersecurity departments. The speed of response becomes even more important as the number of threats is growing. To help the cybersecurity community, we have expanded free integration into the global threat awareness system and automation of routine tasks. We also provided access to more detailed information that can help in resolving the incident, "comments Artyom Karasev, Senior Marketing Manager for Cybersecurity Services at Kaspersky Lab.

Users of the free version of the Kaspersky Threat Intelligence Portal can, if necessary, upgrade and purchase a commercial license for premium functionality. It helps to conduct investigations of complex cyber incidents, detect the authors of specific complex attacks, cyber espionage campaigns, and find out their motives, tactics, techniques, and procedures.

Links

Portal link