跳到主体内容

Kaspersky Lab Announces Completion of its Machine-Readable Threat Intelligence Platform

2016年9月20日

Kaspersky Lab is proud to announce completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range

Kaspersky Lab is proud to announce completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range. Machine-Readable Threat Intelligence provides Threat Data Feeds and tools to integrate with the world’s most popular SIEM platforms. This combination gives enterprises an unprecedent view of the threat landscape and supplies their Security Operations Centers with Indicators of Compromise needed to identify and block a multitude of cyber attacks as fast as possible. Within the Threat Data Feeds package of malware indicators for desktops and mobiles, malicious URLs has been amended with IP Reputationa new data stream that helps customers bring their threat intelligence to a new level.

According to Kaspersky Lab’s “Measuring the Financial Impact of IT Security on Businesses“ report, the fast discovery of security breaches has a direct and measurable impact on recovery costs. Based on feedback from 4,000+ company representatives from 25 countries, we estimated that every day a security breach goes undetected costs large businesses US$100K on average. The overall recovery bill for a security breach that remained undetected for a week can be as high as US$1.1 million, while an average cost of recovery from a breach detected within hours is less than US$400K. This monetary proof calls for an efficient detection strategy of active security breaches based on the modern concept of the Security Operations Center.

Threat Data Feeds: expanded and running at full power

The optimum solution to the problem of fast incident discovery is actionable security intelligence. This means being able to spot an attack at any point using a variety of methods. While typical prevention tools focus on analyzing activitity on endpoints, an additional layer of security has to be in place. In case endpoint protection is circumvented for some reason, a security system has to be able to spot an attack on other levels. This is exactly what Kaspersky Threat Data Feeds provide:

  • Indicators of malicious programs (Malware hashes). Regular updates of this feed provide enterprises with the right insight into the threat landscape in almost real time.
  • Malicious URLs, Phishing and Command & Control URLs. This data stream may serve as the first clue to discern regular activity from a well-hidden cyber attack. Includes data about URLs associated with malware, phishing and botnet operation targeting PCs and mobile devices.
  • Mobile Threats. A special package aimed at the telecoms industry with information about the latest malicious programs for mobile devices.
  • (New, Available from August 2016): IP Reputation data. The IP Reputation feed is invaluable in identifying active breaches thanks to our worldwide, constantly updated data on command and control servers and sources of cyber attacks.

All feeds include additional contextual data that helps enterprises to fine-tune their threat detection algorithms, define priorities of their Security Operation Centers and speed up incident response. These include timestamps of a recorded event, the list of the most affected countries, related IPs for URLs and domains and other information.

Integration: Support for three major SIEM solutions

Veniamin Levtsov, Kaspersky Lab’s Vice President, Enterprise Business: “Threat intelligence gathering is the very nature of our business. In some cases it becomes much easier to integrate Kaspersky Threat Data Feeds into customer’s SIEM, than run migration to change existing anti-malware products. These feeds allow our customers to be protected by Kaspersky Lab without any significant changes to their enterprise security system. Threat Intelligence is more than just prevention: we provide machine-readable data which empowers enterprise SOCs with the ability to identify and remediate even the most sophisticated and targeted attacks. Finally, with the completion of support for three world-leading SIEM systems, our Threat Intelligence Platform can be deployed swiftly within the majority of enterprises.”

In addition to previously announced support for Splunk, Threat Data Feeds can now be integrated with IBM QRadar and HP ARCsight SIEM systems. Kaspersky Lab is working to expand the availability of its Machine-Readable Threat Intelligence on more enterprise platforms to help businesses enhance the capabilities of their Security Operations Centers.

Availability and pricing: Threat Data Feeds, part of Security Intelligence Services, is available worldwide. More details and contact information are available at Kaspersky Lab’s website.

Kaspersky Lab Announces Completion of its Machine-Readable Threat Intelligence Platform

Kaspersky Lab is proud to announce completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻