Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal delivers all of the knowledge acquired by Kaspersky about cyberthreats and legitimate objects, and their relationships, which are brought together into a single, powerful web service. The goal is to provide your security teams with as much data as possible in order to prevent cyberattacks from impacting your organization. The portal retrieves the latest detailed threat intelligence about web addresses, domains, IP addresses, file hashes, statistical/behavioral data, WHOIS data, etc. The result is visibility of new and emerging threats globally, thus helping you to secure your organization and boost incident response.

Kaspersky Threat Intelligence Portal is available for desktops, tablets, and mobile devices.

Threat intelligence is aggregated from a wide variety of highly reliable sources. Then, in real time, all of the aggregated data is carefully inspected and refined by using several preprocessing techniques and technologies, such as statistical systems, similarity tools, sandboxing, behavioral profiling, allowlist-based verification, and analyst validation.

Every submitted file is analyzed by a set of advanced threat detection technologies, such as reputational services, behavior detection technologies, heuristic analysis, Urgent Detection System, and Kaspersky Cloud Sandbox, to monitor its behavior and actions, including network connections and downloaded/dropped objects. The Sandbox is based on the company’s proprietary and patented technology, which is used internally and allows Kaspersky to detect more than 350,000 new malicious objects every day.

Besides advanced threat detection technologies, information about submitted files, web addresses, IP addresses, and hashes is enriched with the most recent threat intelligence aggregated from fused, heterogeneous, and highly reliable sources, such as:

• Kaspersky Security Network
• Botnet Tracking service
• Proprietary web crawlers
• Spam traps
• APT research findings (thanks to our GReAT team)
• Security partners information
• Technical Intelligence (passive DNS, WHOIS)
• OSINT

Finally, the service analyzes the data for malicious and suspicious activity, and then returns a status report for the submitted objects (files, web addresses, IP addresses, or hashes).

How it works

Files or Indicators of Compromise can be submitted through a web interface or RESTful API. Kaspersky Threat Intelligence Portal lets you submit and retrieve threat intelligence on the following objects:

• Files
• MD5, SHA1, and SHA256 hashes
• IP addresses (IPv4)
• Domains
• Web addresses

Kaspersky Threat Intelligence Portal shows whether an object is in the Good, Bad, or Not Categorized zone, while providing contextual data to help you respond to or investigate objects more effectively.

For users with Premium Access, additional functionality includes access to detailed Threat Lookup and Kaspersky Cloud Sandbox reports, APT Intelligence, Crimeware, and Industrial Threat Intelligence, as well as Digital Footprint Reporting.

Page top