To provide businesses with an all-encompassing view of the threats targeting their organizations, Kaspersky added new Threat Landscape section to its Threat Intelligence Portal. Now customers can access the most comprehensive and up-to-date information regarding potential malicious actors, their techniques, tactics, procedures and malware to identify likely attack vectors and build a robust cybersecurity strategy.
With the rapid growth of sophisticated cyberattack methods, it is becoming increasingly important for information security teams to prioritize threats effectively and respond to them quickly. According to Enterprise Strategy Group’s XDR and SOC Modernization Report, one in four companies states that reacting to new information about cybersecurity threats “in the wild” is their primary security operations goal[1]. Therefore, having the latest, most comprehensive threat intelligence plays an important role in developing an effective cybersecurity strategy, allowing companies to identify security risks before attackers can exploit them.
The Kaspersky Threat Intelligence portfolio provides a comprehensive view of the organization’s security posture and includes Threat Analysis, Threat Lookup, Threat Data Feeds, Threat Intelligence Reporting, Digital Footprint Intelligence, and Threat Infrastructure Tracking, all provided via the Kaspersky Threat Intelligence Portal, a single access point where security services work interconnectedly and deliver actionable insights to help organizations protect themselves against cyber threats.
Threat Landscape is a new section of Kaspersky Threat Intelligence Portal that is specifically designed to leverage MITRE ATT&CK, gathering detailed data about threats and attackers that target a specific industry and region from Kaspersky’s Threat Intelligence data worldwide. It provides information on the threats associated with:
- Geography;
- Industry;
- Platforms;
- Actor Profiles;
- Software Profiles;
- Techniques, tactics and detailed procedures (TTPs);
- Mitigations;
- Detection rules associated with each TTP (Sigma, Suricata);
- Indicators of compromise (IoCs).
After applying these and other filters, Kaspersky Threat Intelligence Portal users can create their own unique threat landscape. By obtaining the heat map based on the MITRE ATT&CK framework, the most up-to-date information about threat actors and their potential adversaries, reports with detailed descriptions of the attacks, and specific recommendations, the organization can prevent potential attackers from successfully executing a specific technique.
All the information about cyber threats, actors and their TTPs is being collected in real time, with the help of expert systems that Kaspersky has been using to fight cybercrime for over 25 years. These systems regularly process millions of files, including data from KSN, web crawlers, bot farms, spam traps, honeypots, sensors, passive DNS, open and dark web sources. Then the obtained data is analyzed on a stream by different automatic systems such as Kaspersky Sandbox, the Kaspersky Threat attribution engine, and other solutions. This constant monitoring and research help create the industry’s most extensive repository of actor and software profiles linked to malicious files and their TTPs, providing companies with detailed and up-to-date information about threats specifically relevant to them.
“Our company possesses in-depth knowledge and extensive experience in the realm of cyberthreat research and we are happy to share it with our customers. By understanding their own threat landscape, they will be able to take strategically informed steps to proactively protect all of their assets and IT infrastructure. The new feature of our Threat Intelligence Portal will help them build an effective cybersecurity strategy and identify security gaps before attackers can exploit them,” says Anatoly Simonenko, Head of Technology Solutions Product line at Kaspersky.