Threat Intelligence & Incident Response

Kaspersky’s Threat Intelligence Portal extends free services functions

Kaspersky’s Threat Intelligence Portal has extended the functionality of its free services to help enterprises speed up and improve threat analysis. A newly-added worldwide Threat Heatmap visualizes the distribution of different cyberattack types and shows top threats for each geographical area in real-time. The updated “Lookup” tab now provides more data for IP addresses, domains and URL analysis. Users who automate their workflows through RESTful API can now check 10 times more objects, with quotas ranging from 200 to 2000 requests per day.

According to recent research, threat intelligence is the core element enterprises use in vulnerability management (68%), security operations (66%), and incident response (62%). Cybersecurity analysts and SOC teams use it to make timely and informed decisions in case of an attack, and Kaspersky Threat Intelligence Portal is dedicated to empowering specialists with the most up to date threat data.

With the Threat Heatmap, security analysts can quickly evaluate the scale and distribution of threats worldwide including ransomware, exploits, web threats, spam, network attacks, etc. For each type, they can also choose a time-period and check the top 10 countries for malicious objects and top 10 specific samples, as well as the most active threats and number of detections for each country on the map.

Lookup capabilities have been extended to support additional categories including IP addresses, domains, and URLs analysis to give experts more details on suspicious communications. For IP addresses, there are two new categories: spam and compromised. IPs marked with the “spam” status are the ones that have been used to send spam emails.

IP addresses, domains or URLs in the “compromised” category are usually legitimate but are infected or compromised at the moment of the lookup request. These could be popular web pages with, for example, an injected malware script. Having this insight, security analysts can check which person within their organization visited the compromised web site and use the data for incident investigation.

The increase in Threat Lookup quota for RESTful API allows cybersecurity analysts to automate the analysis of a solid flow of web addresses, domains, IP addresses, hashes. Integrating the threat data with their SIEM, SOAR, XDR or other security management system, they can accelerate their investigation and response processes.

We made these updates following the feedback we received from Kaspersky Threat Intelligence Portal users,” said Artem Karasev, product marketing lead at Kaspersky. “We continue actively investing in free tools to support the community of security experts and threat analysts by giving them the access to the latest threat intelligence. This should help them accelerate incident investigation and response, performing it in the most effective way.

To try free tools within Kaspersky Threat Intelligence Portal please visit this web site: https://opentip.kaspersky.com/.

More information about the full range of Kaspersky Threat Intelligence services is available here.

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

CardinalOps Recognized in Two Gartner Hype Cycle Reports

PR Newswire

Illumio Announces Incident Response Partner Program

GlobeNewswire

McAfee launched AI-powered Scam Protection

Business Wire