Kaspersky Lab has announced the completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range. Machine-Readable Threat Intelligence provides Threat Data Feeds and tools to integrate with the world’s most popular SIEM platforms.
This combination gives enterprises an unprecedent view of the threat landscape and supplies their Security Operations Centers with Indicators of Compromise needed to identify and block a multitude of cyber attacks as fast as possible. Within the Threat Data Feeds package of malware indicators for desktops and mobiles, malicious URLs has been amended with IP Reputation – a new data stream that helps customers bring their threat intelligence to a new level.
According to Kaspersky Lab’s “Measuring the Financial Impact of IT Security on Businesses” report, the fast discovery of security breaches has a direct and measurable impact on recovery costs. Based on feedback from more than 4,000 company representatives from 25 countries, Kaspersky Lab estimated that every day a security breach goes undetected costs large businesses US$100K on average. The overall recovery bill for a security breach that remained undetected for a week can be as high as $1,1-million, while an average cost of recovery from a breach detected within hours is less than $400 000. This monetary proof calls for an efficient detection strategy of active security breaches based on the modern concept of the Security Operations Center.
“Threat intelligence gathering is the very nature of our business. In some cases it becomes much easier to integrate Kaspersky Threat Data Feeds into customer’s SIEM, than run migration to change existing anti-malware products,” says Veniamin Levtsov, Kaspersky Lab’s vice-president: enterprise business. “These feeds allow our customers to be protected by Kaspersky Lab without any significant changes to their enterprise security system.
“Threat Intelligence is more than just prevention: we provide machine-readable data which empowers enterprise SOCs with the ability to identify and remediate even the most sophisticated and targeted attacks. Finally, with the completion of support for three world-leading SIEM systems, our Threat Intelligence Platform can be deployed swiftly within the majority of enterprises.”
The optimum solution to the problem of fast incident discovery is actionable security intelligence. This means being able to spot an attack at any point using a variety of methods. While typical prevention tools focus on analysing activitity on endpoints, an additional layer of security has to be in place. In case endpoint protection is circumvented for some reason, a security system has to be able to spot an attack on other levels. This is exactly what Kaspersky Threat Data Feeds provide:
• Indicators of malicious programmes (Malware hashes). Regular updates of this feed provide enterprises with the right insight into the threat landscape in almost real time.
• Malicious URLs, Phishing and Command & Control URLs. This data stream may serve as the first clue to discern regular activity from a well-hidden cyber attack. Includes data about URLs associated with malware, phishing and botnet operation targeting PCs and mobile devices.
• Mobile Threats. A special package aimed at the telecoms industry with information about the latest malicious programmes for mobile devices.
• IP Reputation data. This is a new feature available from August 2016. The IP Reputation feed is invaluable in identifying active breaches thanks to Kaspersky Lab’s worldwide, constantly updated data on command and control servers and sources of cyber attacks.
All feeds include additional contextual data that helps enterprises to fine-tune their threat detection algorithms, define priorities of their Security Operation Centers and speed up incident response. These include timestamps of a recorded event, the list of the most affected countries, related IPs for URLs and domains and other information.
In addition to previously announced support for Splunk, Threat Data Feeds can now be integrated with IBM QRadar and HP ARCsight SIEM systems. Kaspersky Lab is working to expand the availability of its Machine-Readable Threat Intelligence on more enterprise platforms to help businesses enhance the capabilities of their Security Operations Centers.