A threat intelligence fusion and analysis tool that makes threat intelligence easier and more effective for security teams just released.
The tool aggregates and evaluates disconnected data feeds to help security teams monitor, detect and identify what threats pose a danger to the organization to improved incident response in security operation workflows, said officials at Kaspersky Lab.
To make it easier for enterprises to keep up-to-date with the latest threats, Kaspersky CyberTrace retrieves continuously updated threat data feeds from multiple threat intelligence sources – including Kaspersky Lab, other vendors, open source intelligence or even custom sources – and automatically and rapidly matches them with incoming security events.
With the amount of available threat intelligence sources continuing to increase, a third of CISOs feel under pressure as they struggle to easily consume threat intelligence. As organizations struggle to determine which information is relevant and most important for them, they also face challenges with connecting this data with security information and event management (SIEMs) as well as network security controls, and finding a way to unify the threat data formats, Kaspersky officials said. These issues directly affect the organization’s efficiency and response time to cyberthreats.
Some of the key benefits of the tool:
• If Indicators of Compromise (IoC) from threat intelligence feeds are found in any log source within an organization’s environment, Kaspersky CyberTrace automatically sends alerts to SIEMs for ongoing monitoring and validation to reveal additional contextual evidence for the security incidents.
• The tool integrates with a variety of SIEMs, including IBM QRadar, Splunk, ArcSight ESM, LogRhythm, RSA NetWitness, and McAfee ESM, as well as other security controls such as firewalls and gateways.
• It helps prioritize tasks by giving analysts a set of instruments for conducting alert triage and response through categorization and validation of identified matches. On-demand lookup of indicators or scanning of logs and files enables advanced in-depth threat investigation, which accelerates forensic and threat hunting activities.
• It also provides feed usage statistics to measure the effectiveness of feeds and their relevance for a certain environment.
“Being aware of the most relevant Zero Days, emerging threats and advanced attack vectors is key to an effective cybersecurity strategy,” said Sergey Martsynkyan, head of B2B product marketing at Kaspersky Lab. “However, manually collecting, analyzing and sharing threat data doesn’t provide the level of responsiveness required by an enterprise. There’s a need for a centralized point for accessible data sources and task automation. Kaspersky CyberTrace helps organizations better understand their risks, increase the productivity of their security teams and ensure a more robust protection against cyberthreats.”
Kaspersky CyberTrace is available for customers free on a global basis.