Kaspersky Lab’s automated technologies have detected a new exploited vulnerability in Microsoft Windows, believed to have been used in targeted attacks by at least two threat actors, including the recently discovered SandCat.Learn more >
With the number of available threat intelligence sources continuing to grow, a third of CISOs feel under pressure as they cannot consume cybercrime intelligence easily or effectively. To help large companies overcome this challenge, Kaspersky Lab has launched Kaspersky CyberTrace – a free threat intelligence fusion and analysis tool. It aggregates and evaluates disconnected data feeds to help identify what threats pose a danger to the organization and ensure security teams focus on the right areas.
The variety of threat intelligence sources available on the market doesn’t always translate into protection from cyberattacks, as organizations struggle to decide which are relevant and most important for them. SIEMs or network security controls get overloaded with a large number of Indicators of Compromise (IoC), and the fact that threat data is provided in different formats only worsens the situation.
To make it easier for enterprises to keep up to date with the latest threats, Kaspersky CyberTrace retrieves continuously updated threat data feeds from multiple threat intelligence sources – including Kaspersky Lab, other vendors, open source intelligence or even custom sources – and automatically and rapidly matches them with incoming security events, offloading SIEMs from this high-load operation.
If IoC from threat intelligence feeds are found in any log source within an organization’s environment, Kaspersky CyberTrace automatically sends alerts to SIEMs for ongoing monitoring and validation to reveal additional contextual evidence for the security incidents. The tool integrates smoothly with a variety of SIEMs, including IBM QRadar, Splunk, ArcSight ESM, LogRhythm, RSA NetWitness, and McAfee ESM, as well as other security controls such as firewalls and gateways.
Kaspersky CyberTrace helps prioritize tasks by giving analysts a set of instruments for conducting alert triage and response through categorization and validation of identified matches. On-demand lookup of indicators or scanning of logs and files enables advanced in-depth threat investigation, which accelerates forensic and threat hunting activities. The tool also provides feed usage statistics to measure the effectiveness of feeds and their relevance for a certain environment.
“Being aware of the most relevant zero-days, emerging threats and advanced attack vectors is key to an effective cybersecurity strategy. However, manually collecting, analyzing and sharing threat data doesn’t provide the level of responsiveness required by an enterprise. There’s a need for a centralized point for accessible data sources and task automation. Kaspersky CyberTrace helps organizations better understand their risks, increase the productivity of their security teams and ensure a more robust protection against cyberthreats,” – comments Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky Lab.
Articles related to Press Releases
New Kaspersky Endpoint Security for Business provides security teams with greater control and automatic anomaly detection
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business.Learn more >
Kaspersky Lab provides early availability of the next generation of Kaspersky EDR for customers of its integrated Endpoint Security solution
Cyberthreats are constantly evolving, with adversaries coming up with new tools and techniques for successful attacks all the time. To combat this, the cybersecurity tools used by organizations also need to evolve and provide access to the most advanced technologies.Learn more >