.
Kaspersky Threat Intelligence Portal has extended the capabilities of its free services to help companies accelerate and improve threat analysis. A newly added worldwide Threat Heatmap visualizes the distribution of different types of cyberattacks and shows the top threats for each geographic area in real-time.
Updated Lookup tab now provides more data for IP addresses, domains and URL parsing. Users who automate their workflows through the RESTful API can now scan 10 times more objects, with the quota increased from 200 to 2000 requests per day.
According to recent investigations, threat intelligence is the main element companies use in vulnerability management (68%), security operations (66%), and incident response (62%). Cybersecurity analysts and SOC teams use it to make timely and informed decisions in the event of an attack, and the Kaspersky Threat Intelligence Portal is dedicated to empowering experts with the most up-to-date threat data.
With Threat Heatmap, security analysts can quickly assess the scale and distribution of threats across the world, including ransomware, exploits, web threats, spam, network attacks, etc. For each type, they can also choose a period and check the top 10 countries for malicious objects and the top 10 for specific samples, as well as the most active threats and the number of detections for each country on the map.
Search capabilities have been extended to support additional categories, for analysis of IP addresses, domains, and URLs to give experts more details about suspicious communications. For IP addresses, there are new categories – Spam and Compromised. The IPs marked with the status “Spam” are the ones that have been used to send spam emails.
IP addresses, domains or URLs in the “Compromised” category are normally legitimate but are infected or compromised at the time of the search request. These could be popular web pages with, for example, an injected malware script. With this insight, security analysts can verify which person within their organization visited the compromised site and use the data for incident investigation.
Increasing Threat Lookup quota for RESTful API allows cybersecurity analysts to automate the analysis of a solid stream of web addresses, domains, IP addresses, hashes. By integrating threat data with your SIEM, SOAR, XDR or other security management system, they can accelerate your investigation and response processes.
“We made these updates following the feedback we received from users of the Kaspersky Threat Intelligence Portal. We continue to actively invest in free tools to support the community of security experts and threat analysts by giving them access to the latest threat intelligence information. This should help them to speed up the investigation and incident response, executing it in the most effective way.”
Artem Karasev, Product Marketing Lead at Kaspersky.
To try free tools within the Kaspersky Threat Intelligence Portal, visit this website: https://opentip.kaspersky.com/.
Other interesting articles:
.
