SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky brings threat intelligence to greater number of organisations
Wed, 4th Nov 2020
FYI, this story is more than a year old

Kaspersky has introduced a range of new features and functionality to its Threat Intelligence Portal.

Free access to the portal, which includes the company's actionable insights on threats, offers new privileged features for registered users through community access.

In particular, users will be able to connect their applications with the service via API, and receive a limited number of full reports on either a file's or URL's behaviour using Kaspersky Cloud Sandbox, Kaspersky states.

Furthermore, to increase privacy, Kaspersky has introduced a special submission mode that enables file checking in a way that results are not available to others.

Backed by the stats

Kaspersky's recent research of the state of IT security within organisations revealed that Threat Intelligence (TI) is considered among the main investments being made in response to a data breach.

This is the case for 41% of enterprises and 39% of SMBs. However, high costs of commercial TI offerings may be a barrier for adoption, the company states.

To help overcome this obstacle and make threat research available to a wider number of organisations, Kaspersky continues to develop new functions to enable free access to the Kaspersky Threat Intelligence Portal.

A new API

Affter registering, users receive a special API that allows them to interconnect the service with custom projects and solutions.

Because of this, they can submit and receive information about files, hashes, IP addresses and URLs from the Kaspersky Threat Intelligence Portal via their own applications without visiting the web service.

This facilitates automated requests for the checking of suspicious objects.

Full reports on suspicious activity

Furthermore, all registered users will be able to execute a limited number of suspicious files and URLs in Kaspersky Cloud Sandbox, which incorporates advanced anti-evasion techniques.

It means that they will not only receive the final decision and basic information on risky objects, but an in-depth report on the full file's activities, and events happening on a certain web page, such as downloads, JavaScript, Adobe Flash execution and so on, the company states.

The community access is available free of charge for any interested person.

Introducing private submission mode

With this update, the Kaspersky Threat Intelligence Portal also introduces a private submission mode, which ensures the analysis results of shared samples will be not available to anyone except Kaspersky, including other community members.

Therefore, the service's functionality becomes available for organisations with strict privacy policies.

For community members, the full history of their searches (both private and public) is available, while others will have access only to the list of public requests.

Access to more detailed information

For more detailed information on submitted files, free access to the Kaspersky Threat Intelligence Portal can now perform static analysis.

It provides data on the Portable Executable (PE) files structure and extracted strings.

The PE format relates to files running on Windows and contains information on how the OS should execute their code, Kaspersky states.

Based on the results of the analysis, security researchers can identify the object's functionality and, as long as it has non-typical artifacts, reveal its harmful potential, even if the malware was previously unknown.

The results can also be used to create indicators of compromise, detection heuristics and rules.

In addition to malware sandboxing, heuristic analysis, emulation and reputational services, free access to the Kaspersky Threat Intelligence Portal now leverages behaviour detection technologies.

It increases detection rates and helps to identify advanced threats and APTs.

A comment from the team

Kaspersky senior product marketing manager Cybersecurity Services, Artem Karasev, says, “The time taken to respond to an incident is one of the main KPIs for IT security teams. And now, as they experience high pressure due to a growing number of threats, the speed of response has become even more important.

"To help the cybersecurity community in this difficult time, we have expanded our capabilities to integrate TI to their processes for free, so that they can automate routine tasks.

"We also provided access to more extensive information that can help when handling an incident.

Users can upgrade to a commercial license of the Kaspersky Threat Intelligence Portal by requesting access to it from a free service.