Thanks to the latest version of Kaspersky Threat Intelligence service, the behavior, tactics and techniques of cyber attackers can be better understood. Cybercriminals can remain undetected on companies' networks for long periods of time, obtaining sensitive information, causing financial losses, reputational damage, and long-term system downtime. According to statistics provided by the Kaspersky Global Emergency Response Team, the average time until a long-term attack is detected by the InfoSec specialist is 94,5 days.
In order to protect businesses from such hidden threats, it is necessary to offer reliable solutions to their security teams that will help them eliminate cyber risks before they cause harm. To achieve this goal, Kaspersky has updated its Threat Intelligence service with new Threat Hunting and Incident Investigation features. Providing information in human and machine readable formats, the solution supports security teams with meaningful context throughout the incident management cycle. It speeds up case studies and accelerates strategic decision-making.
The latest version of Kaspersky Threat Intelligence includes new capabilities on threats to crimeware, cloud services and open source software. These capabilities help customers detect and prevent confidential data leaks and mitigate the risks of supply chain attacks and compromised software. It also offers its customers the Industrial Vulnerability data stream in OVAL format. This allows customers to find vulnerable ICS software on Windows hosts on their network using popular vulnerability scanners.
Available feeds are enriched with additional valuable and actionable information such as new threat categories, attack tactics and techniques in the MITER ATT&CK classification; this will help customers identify their enemies, investigate and respond to threats faster and more efficiently.
“Better visibility for deep scanning”
Kaspersky Threat Intelligence has expanded its scope to include IP addresses and added new categories such as DDoS, Intrusion, Brute-force and Net scanners, as customers have done many searches for such threats before. The updated solution also supports filters that can help users identify criteria sources, departments, and periods for their automated searches.
Research Graph, a graph visualization tool, has also been updated to support two new nodes: Actors and Reports. Users can apply them to find additional links to IoCs, and this option highlights IoCs, accelerating threat response and threat hunting for high-profile attacks exposed by offensive actors in their profiles, as well as APT, crimeware, and industrial reports.
“Reliable brand protection on social networks and in stores”
The Threat Intelligence service's brand protection capability has been enhanced by adding new notifications to the Digital Footprint Intelligence service and supports real-time alerts for targeted phishing, fake social network accounts, or apps in mobile stores.
Threat Intelligence helps monitor scams targeting brands, company names or online services and provides relevant, accurate and detailed information about phishing activities. The updated solution also monitors and detects malicious mobile apps that impersonate the customer's brand, and fake organization profiles on social networks.
“Advanced threat analysis tools”
The updated Kaspersky Cloud Research Sandbox now supports Android OS and MITER ATT&CK mapping, while the corresponding metrics can be viewed in the Cloud Sandbox's dashboard. It also covers network activities across all protocols, including IP, UDP, TCP, DNS, HTTP(S), SSL, FTP, POP3, IRC. Users can now specify command lines and file parameters to start emulation as needed.