Intelligent Tech Channels Issue 47 - Page 13

Kaspersky launches centralised Threat Intelligence Platform for TI management

The Kaspersky CyberTrace solution has been updated to include extended threat intelligence ( TI ) platform capabilities including alert triage , threat data analysis and incident investigation . The new paid edition integrates with all commonly used security information and event management ( SIEM ) solutions and security controls and provides graphical visualisation for efficient responses . The community version of CyberTrace remains available for free .

According to Kapersky , multiple threat intelligence sources constantly process vast amounts of information and generate millions of alerts . This level of fragmented and multi-format data makes effective alert prioritisation , triage , and validation incredibly difficult . That is why the ability to identify real threats remains one of the top challenges for IT security teams .
To help corporate security and incident response teams facilitate threat detection , investigation and response and raise the efficiency of IT security operations , Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralised TI Platform .
The new edition of the solution has been updated with advanced features that allow security teams to conduct complex searches across all indicator fields , analyse observables from previously checked events , measure the effectiveness of integrated feeds and a feed intersection matrix . It also offers a public API for integration with automated workflows . In addition , the platform now supports Multiuser and Multitenancy features to control operations that are managed by different users and handle events from different branches separately . The paid edition , which is suitable for large enterprises and MSSPs , supports all features and enables processing and downloading an unlimited number of EPS and IoCs .
Kaspersky CyberTrace remains free for users in its community edition . This version provides all the existing capabilities of the solution , as well as the new functions mentioned above , except for the ability to add multi-user and multi-tenancy accounts . It also limits the number of processed events per second ( up to 250 ) and the number of indicators that can be downloaded ( up to one million ).
Unique integration approach
Kaspersky CyberTrace smoothly integrates with all commonly used SIEM solutions and security controls , supporting any threat intelligence feed in STIX 2.0 / 2.1 / 1.0 / 1.1 , JSON , XML and CSV formats . By default , the solution includes native integration of a broad portfolio of Kaspersky Threat Data Feeds which are generated by hundreds of the company ’ s experts , including security analysts from across the globe and its leading-edge GReAT and R & D teams .
The platform solves the problem of ingesting many Indicators of Compromise ( IoCs ) to SIEMs which can lead to delays in the processing of incidents and missed detections . Kaspersky CyberTrace automatically extracts IoCs from logs coming to SIEMs and analyses them internally within the owned in-built machine engine . That enables faster processing of an unlimited number of IoCs without overloading the SIEM . •