Kaspersky is targeting under pressure CISOs with its threat intelligence service, helping top-level IT security management better understand threat intelligence.
CyberTrace pools together data feeds to help organisations identify threats to their business and ensures they can focus on the most important for their specific organisation.
Kaspersky’s attempt to overturn US government ban thrown out of court Kaspersky offers hackers $100,000 for spotting bugs
The information is collated from various sources, including Kaspersky own labs, third-party vendors, open source repositories and custom intelligence databases.
When CyberTrace detects a potential threat, it will send out an alert to supported security information and event management (SIEM) systems, such as IBM QRadar, Splunk, ArcSight ESM, LogRhythm, RSA NetWitness, and McAfee ESM to validate the threat and helps them translate the threat to the organisation. The threats are categorised and filed to make it easier for SIEMs to look them up if needed and provide a contextual response.
Businesses can also look up log files and other data related to incidents for an in-depth threat investigation.
CyberTrace will also provide feed usage statistics to measure how effective a feed has been to detect threats and identify which are the most relevant for particular environments.
"Being aware of the most relevant zero-days, emerging threats and advanced attack vectors is key to an effective cybersecurity strategy. However, manually collecting, analysing and sharing threat data doesn't provide the level of responsiveness required by an enterprise," said David Emm, principal security researcher at Kaspersky Lab UK.
"There's a need for a centralised point for accessible data sources and task automation. Kaspersky CyberTrace helps organisations better understand their risks, increase the productivity of their security teams and ensure a more robust protection against cyber threats."
