The variety of threat intelligence sources available on the market doesn’t always translate into protection from cyber attacks, as organizations struggle to decide which are relevant and most important for them. SIEMs or network security controls get overloaded with a large number of Indicators of Compromise (IoC), and the fact that threat data is provided in different formats only worsens the situation.
To make it easier for enterprises to keep up to date with the latest threats, Kaspersky CyberTrace retrieves continuously updated threat data feeds from multiple threat intelligence sources – including Kaspersky Lab, other vendors, open source intelligence or even custom sources – and automatically and rapidly matches them with incoming security events, offloading SIEMs from this high-load operation.
If IoC from threat intelligence feeds
Kaspersky CyberTrace helps prioritise tasks by giving analysts a set of instruments for conducting alert triage and response through categorisation and validation of identified matches. On-demand lookup of indicators or scanning of logs and files enables advanced in-depth threat investigation, which accelerates forensic and threat hunting activities. The tool also provides feed usage statistics to measure the effectiveness of feeds and their relevance for a certain environment.
“Being aware of the most relevant zero-days, emerging threats and advanced attack vectors is key to an effective cybersecurity strategy. However, manually collecting, analysing and sharing threat data doesn’t provide the level of responsiveness required by an enterprise. There’s a need for a centralised point for