News

Kaspersky Threat Intelligence Portal extends its free services with Threat Heatmap and more data for analysts

Kaspersky Threat Intelligence Portal extended the functionality of its free services to help enterprises speed up and improve threat analysis. A newly-added worldwide Threat Heatmap visualizes the distribution of different cyberattack types and shows top threats for each geographical area in real-time. The updated Lookup tab now provides more data for IP addresses, domains and URL analysis. Users who automate their workflows through RESTful API can now check 10 times more objects, with the quota extended from 200 to 2000 requests per day.
According to recent research, threat intelligence is the core element enterprises use in vulnerability management (68%), security operations (66%), and incident response (62%). Cybersecurity analysts and SOC teams use it to make timely and informed decisions in case of an attack, and Kaspersky Threat Intelligence Portal is dedicated to empowering specialists with the most up to date threat data.
With the Threat Heatmap, security analysts can quickly evaluate the scale and distribution of threats worldwide including ransomware, exploits, web threats, spam, network attacks and so on. For each type, they can also choose a time-period and check the top 10 countries for malicious objects and top 10 specific samples, as well as the most active threats and number of detections for each country on the map.
The lookup capabilities have been extended to support additional categories, for IP addresses, domains, and URLs analysis to give experts more details on suspicious communications. For IP addresses, there are new categories – Spam and Compromised. IPs marked with the “Spam” status are the ones that have been used to send spam emails.
IP addresses, domains or URLs in the “Compromised” category are usually legitimate but are infected or compromised at the moment of the lookup request. These could be popular web pages with, for example, an injected malware script. Having this insight, security analysts can check which person within their organization visited the compromised web site and use the data for incident investigation.
The increase in Threat Lookup quota for RESTful API allows cybersecurity analysts to automate the analysis of a solid flow of web addresses, domains, IP addresses, hashes. Integrating the threat data with their SIEM, SOAR, XDR or other security management system, they can accelerate their investigation and response processes.
“We made these updates following the feedback we received from Kaspersky Threat Intelligence Portal users. We continue actively investing in free tools to support the community of security experts and threat analysts by giving them the access to the latest threat intelligence. This should help them accelerate incident investigation and response, performing it in the most effective way”, comments Artem Karasev, Product Marketing Lead at Kaspersky.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button