Tracking, analyzing, interpreting, and mitigating constantly evolving IT security threats is a massive undertaking. Companies in every sector lack of the up-to-the-minute, relevant data they need to manage the risks associated with IT security threats. To help these companies access the most relevant threat information, and to support their ongoing struggles against complex cybercrime, Kaspersky offers premium access through our Kaspersky Threat Intelligence Portal—the ultimate web service to help researchers and Security Operation Center analysts work more efficiently while managing thousands of security alerts.
Premium Kaspersky Threat Intelligence Portal services include:
APT Intelligence Reporting
Subscribers to Kaspersky APT Intelligence Reporting receive unique ongoing access to our investigations and discoveries, including threat actor profiles, their TTPs mapped to MITRE ATT&CK, and full technical data provided in a range of formats on every APT as it's discovered, including all the threats that are never made public. The information in these reports helps you to respond quickly to various threats and vulnerabilities—blocking attacks via known vectors, reducing the damage caused by advanced attacks, and enhancing your overall security strategy.
Crimeware Threat Intelligence Reporting
Enables financial institutions to inform their defensive strategies by providing timely information on attacks targeting banks, payment processing companies, insurance companies, etc. Reports include detailed insights into attacks on specific infrastructures, like ATMs and Point-of-Sale devices, and information on tools tailored to attack financial networks, which are used, developed, and sold by cybercriminals on the dark web.
Digital Footprint Intelligence
A digital risk monitoring solution that provides detailed information on attack vectors associated with an organization's entire digital footprint. These include items such as compromised credentials, information leakages, vulnerable services on the network perimeter, and insider threats. By revealing signs of any past, present, or planned attacks, and identifying weak spots vulnerable to exploitation, the solution helps companies to focus their defensive strategy on prime cyberattack targets.
Threat Data Feeds
By integrating up-to-the-minute Threat Data Feeds containing information on not trusted and dangerous IP addresses, web addresses, and file hashes into existing security controls like SIEM systems, security teams can automate the initial alert triage process while providing their triage specialists with enough context to immediately identify alerts to be investigated or escalated to incident response teams for further investigation and response.
CyberTrace
Kaspersky CyberTrace is a threat intelligence fusion and analysis tool that enables seamless integration of any threat intelligence feed you might want to use (in JSON, STIX™, XML, and CSV formats) with SIEM solutions and other log sources to help analysts more effectively leverage threat intelligence in their existing security operations workflow. The tool uses an internal process of parsing and matching incoming data, which significantly reduces SIEM workload. By automatically parsing incoming logs and events, and matching them against threat intelligence feeds, Kaspersky CyberTrace provides real-time situational awareness, which helps security analysts make swift, well-informed decisions.
Threat Lookup
Kaspersky Threat Lookup delivers all of the knowledge acquired by Kaspersky about cyberthreats, and legitimate objects and their relationships, brought together into a single, powerful web service. The goal is to provide security teams with as much data as possible in order to prevent cyberattacks from impacting your organization. Threat Lookup retrieves the latest detailed threat intelligence about web addresses, domains, IP addresses, file hashes, detected object names, statistical/behavior data, WHOIS/DNS data, file attributes, geolocation data, download chains, timestamps, etc. The result is visibility into new and emerging threats globally, helping you secure your organization and boost incident response and improve threat-hunting missions.
Basic access to Kaspersky Threat Lookup is available to all users.
Cloud Sandbox
Making an intelligent decision based on a file's behavior, while simultaneously analyzing the process memory, network activity, etc. is the best way to understand current sophisticated targeted and tailored threats. Based on our proprietary and patented technologies, Kaspersky Cloud Sandbox provides detailed reports on the behavior of probably infected files.
It incorporates all of the knowledge about malware behaviors acquired by Kaspersky over 20 years of continuous threat research, which allows us to detect more than 350,000 new malicious objects each day. While Threat Lookup retrieves the latest and historical threat intelligence, Kaspersky Cloud Sandbox allows that knowledge to be linked to the IOCs generated by the analyzed sample, revealing the full scope of an attack and helping you plan effective response measures.
Sandboxing of web addresses is also available.
Basic summary reports are available to all users.
Industrial Threat Intelligence Reporting
The Kaspersky Industrial Threat Intelligence Reporting Service provides the customer with in-depth intelligence and greater awareness of malicious campaigns targeting industrial organizations, as well as information on vulnerabilities found in the most popular industrial control systems and underlying technologies.
These premium services enable companies to run highly effective and complex incident investigations—gaining an immediate understanding of the nature of threats, connecting the dots as you drill down to reveal interrelated threat indicators, and linking incidents to specific APT actors, campaigns, their motivation, and TTPs.
For more information, please visit https://www.kaspersky.com/enterprise-security/threat-intelligence and https://www.kaspersky.com/enterprise-security/apt-intelligence-reporting.
Page top