As the number of threat intelligence sources continues to grow, a third of CISOs feel they can not consume cybercrime intelligence easily or effectively which is why Kaspersky Lab has launched a new free threat intelligence and fusion analysis tool.
Kaspersky CyberTrace aggregates and evaluates disconnected data feeds to help identify what threats pose a danger to an organization so that security teams focus on the right areas.
Network security controls often become overloaded with a large number of Indicators of Compromise (IoC) and given that threat data is provided in different formats only makes the situation worse.
To that end, Kaspersky has launched its new tool to make it easier for enterprises to keep up to date with the latest threats. Kaspersky Cybertrace retrieves continuously updated threat data feeds from multiple threat intelligence sources including Kaspersky Lab, other vendors, open source intelligence and even custom sources to help offload the burden from SIEMs.
If IoC from threat intelligence feeds are discovered in any log source within an organization’s environment, Kaspersky Cybertrace automatically sends alerts to SIEMs for ongoing monitoring and validation to help reveal additional contextual evidence for the security incidents.
The new tool also integrates with a variety of SIEMs including IBM Qradar, Splunk, ArcSight ESM, LogRhythm, RSA NetWitness and McAfee ESM as well as with other security controls such as firewalls and gateways.
Kaspersky Cybertrace provides analysts with a set of instruments for conducting alert triage and response through categorization and validation of identified matches to help prioritize tasks. The tool also helps accelerate forensic and threat hunting activities by offering on-demand lookup of indicators or scanning of logs and files which enables advanced in-depth threat investigation.
Principal Security Researcher at Kaspersky Lab, David Emm explained why the company decided to release its new free threat intelligence tool, saying:
“Being aware of the most relevant zero-days, emerging threats and advanced attack vectors is key to an effective cybersecurity strategy. However, manually collecting, analysing and sharing threat data doesn’t provide the level of responsiveness required by an enterprise. There’s a need for a centralised point for accessible data sources and task automation. Kaspersky CyberTrace helps organisations better understand their risks, increase the productivityof their security teams and ensure a more robust protection against cyberthreats.”