Skip to main content

Kaspersky CyberTrace

A Threat Intelligence Platform

Enabling effective threat intelligence management

The number of security alerts processed by information security analysts every day is growing exponentially. By integrating up-to-the-minute machine-readable threat intelligence into existing security controls, like SIEM systems, security teams can automate the initial alert triage and investigation processes. Kaspersky CyberTrace helps them leverage that intelligence in their existing security operations workflows more effectively.

A rich toolset for analysis

CyberTrace aggregates, deduplicates, normalizes and stores incoming data and detection events. It lets you analyze observables from previously checked events using the latest feeds to find previously uncovered threats (retroscan). Security analysts are able to export and share threat data as well as measure the effectiveness and relevancy of the integrated feeds - and much more.

data matching

CyberTrace uses an internalized process of parsing and matching incoming data. It parses incoming logs and events, rapidly matches the resulting data to feeds, and generates its own contextualized alerts on threat detection. It helps security analysts to make fully informed decisions by providing them with complete situational awareness.

Enhanced integrations

CyberTrace enables seamless integration of threat data feeds. It integrates with any threat intelligence feed in JSON, STIX, XML and CSV formats (threat intelligence feeds from Kaspersky, other vendors, OSINT or your custom feeds). It also supports out-of-the-box integration with numerous SIEM solutions and log sources.

Multitenancy support

Multitenancy supports MSSPs or large enterprise use cases when a service provider (central office) needs to handle events from different branches (tenants) separately. This allows a single Kaspersky CyberTrace instance to be connected with different SIEM solutions from different tenants, and you can configure which feeds are to be used for each tenant.

Suitable for

This solution is particularly well suited to addressing the security requirements, concerns and constraints of these enterprise sectors.

In Use

  • Manage threat intelligence feeds effectively

    • An internalized mechanism for matching and analysis of incoming data allows effective discovery of even obfuscated threat indicators
    • Out-of-the-box integration with SIEM systems as well as direct integration with other IT security controls and log sources
    • Integration of an unlimited number of threat intelligence feeds with no negative impact on the SIEM’s performance
    • Feed usage statistics for measuring the effectiveness of the integrated feeds and the feeds intersection matrix help with choosing the most valuable threat intelligence suppliers
  • Optimize your threat intelligence workflows

    • A database of indicators and detection events with full text search and the ability to search using advanced search queries
    • Summarized, detailed and deduplicated information about each indicator on a single page
    • A Research Graph to visually explore data and detections and discover threat relationships
    • The ability to discuss and share information about related threats in comments
    • Export of indicators to other security controls
    • Retro-matching using the latest threat intelligence feeds to find previously missed threats
  • Build a proactive intelligence-driven defense

    • Although Kaspersky CyberTrace and Kaspersky Threat Data Feeds can be used separately, when used together, they significantly strengthen your threat detection capabilities, empowering your security operations with global visibility into cyberthreats. With Kaspersky CyberTrace and Kaspersky Threat Data Feeds, organizations can:
      • Effectively distill and prioritize security alerts
      • Immediately identify critical alerts and make better informed decisions about which should be escalated to incident response teams
      • Reduce analyst workload and prevent burnout

Related to this Service