Well now the \u2018and more\u2019\u00a0includes our new service \u2013 KTL (Kaspersky\u00a0Threat\u00a0Lookup)<\/strong><\/a>\u00a0\u2013 the smart microscope for dissecting suspicious objects and uncovering the sources\/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.<\/p>\n Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.<\/p>\n To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS\/DNS data, file attributes, download chains, and others.<\/p>\n Yep, it\u2019s kinda like a search engine but with the searching being solely for cyberthreats. Dedicated staff need only enter details of a certain suspicious object into it and KTL will return the full low-down on it, including historical, geographical and other aspects, plus connections with other events and objects. All in real-time, 24\/7.<\/p>\n The results, suspicious objects, and other IoC<\/a> can be exported in machine-readable sharing formats (STIX, OpenIOC, JSON, Yara, Snort, CSV\u2026) for integration with corporate SIEM<\/a>s.<\/p>\n \u00a0<\/p>\n So where does KTL get its data from? There are several sources.<\/p>\n First, there\u2019s our cloud-based KSN<\/a>, which contains anonymized signals about the epidemiological situation from hundreds of millions of users all around the world. In using it, customers not only look after themselves (participation in KSN automatically increases quality of protection), but also help fulfill an important humanitarian mission: to look after others too, and in doing so reducing the overall cyberthreat level across the Internet.<\/p>\n Second, there\u2019s our technology that analyzes network activity, including spam traps, botnet monitoring<\/a>, web crawlers, various network sensors, and smart robots powered by machine learning<\/a>. And of course there are the results of investigations of complex targeted attacks by the GReAT<\/a> cyber-ninjas.<\/p>\n Third, there are our partner software developers. Incidentally, the role of these will grow over time, to eventually become predominant. Yep, we have big plans for the future, but I\u2019ll not go into details here just yet. For now \u2013 a bit on our near-future plans\u2026<\/p>\n We\u2019re currently working on adding to KTL functions of analysis of suspicious objects in a secure environment \u2013 a cloud sandbox<\/em>.<\/p>\n For example, a file is placed in the sandbox and run on a special virtual machine (with a patented logging system). The virtual machines are fully isolated from each other and from internal networks, and have limited external connectivity too. The virtual machines are identical to physical computers so that the objects feel safe to do as they would in the real world. The machines then note down all the actions performed by an run object (much like our KATA<\/a> protection from targeted attacks). All results are compiled in a detailed report; here is shown how the file would have acted if it was in a real-world situation, and a review of the full scope of the threat behavior is given too.<\/p>\n Also in the pipeline are Next Gen tools for working with metadata files and URLs. In upcoming versions there\u2019ll be added the ability to extract different metadata and make customized searches in this metadata. Thus, it will be possible to conduct deep investigations of malware based on similarities across various parameters so as to understand the overall picture of sophisticated attacks. For example, with the help of this tool it will be possible to ask it to: \u2018find me files that when launched do this or that\u2019, or \u2018find me all files with such a name\u2019, or \u2018find me files that are detected under this or that verdict of an AV engine\u2019, or \u2018find me files whose code contains this or that line\u2019.<\/p>\n So, as you can see, we\u2019ve got a multi-function cyber-X-ray in development, but some of its functionality can already be used right now (so you could recommend new useful features:).<\/p>\n![\"+1](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020608\/ktl-1-2-1024x648.jpg\")
<\/p>\n![\"+1](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020608\/ktl-2.jpg\")
<\/p>\n![\"+1](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020607\/ktl-3.jpg\")
<\/p>\n
\n![\"+1](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/03\/06020607\/ktl-4-1024x542.jpg\")
<\/p>\n