The Kaspersky CyberTrace solution has been updated to include extended Threat Intelligence Platform (TI) functionality, including alert triage, threat data analysis and incident investigation. The new paid edition integrates with all commonly used security information and event management (SIEM) solutions and security controls and provides a graphical visualization for effective responses. The community version of CyberTrace remains available free of charge.
According to Kapersky, multiple sources of threat intelligence are constantly process large amounts of information and generate millions of alerts. This level of fragmented, multi-format data makes it incredibly difficult to effectively prioritize, sort, and validate alerts. Therefore, the ability to identify real threats remains one of the main challenges for IT security teams.
To help enterprise security and incident response teams make it easier to detect, investigate and respond to threats and increase the efficiency of IT security operations, Kaspersky has upgraded its merger tool and analysis of CyberTrace threat information to a centralized IT platform.
The new edition of the solution has been updated with advanced features that allow security teams to perform complex research in all indicator fields, analyze the observables of previously verified events, measure the efficiency of integrated flows and a matrix of intersection of flows. It also offers a public API for integration with automated workflows. In addition, the platform now supports multi-user and multi-tenant functionality to control operations managed by different users and separately handle events from different branches. The paid edition, which is suitable for large enterprises and MSSPs, supports all features and allows processing and downloading of an unlimited number of EPS and IoCs.
Kaspersky CyberTrace remains free for users in its community edition. This version provides all the existing functionality of the solution, as well as the new functions mentioned above, except the ability to add multi-user and multi-tenant accounts. It also limits the number of events processed per second (up to 250) and the number of downloadable indicators (up to one million).
Unique integration approach
Kaspersky CyberTrace integrates smoothly with all commonly used SIEM solutions and security controls, supporting any threat intelligence feed in STIX 2.0 / 2.1 / 1.0 / 1.1, JSON, XML and CSV formats. By default, the solution includes native integration of a large portfolio of Kaspersky Threat data feeds that are generated by hundreds of company experts, including security analysts around the world and its top GReAT teams. and R&D.
The platform addresses the issue of ingesting many Indicators of Compromise (IoCs) to SIEMs, which can lead to delays in incident handling and missed detections. Kaspersky CyberTrace automatically extracts IoCs from logs sent to SIEMs and analyzes them internally in the integrated machine engine. This allows faster processing of an unlimited number of IoCs without overloading SIEM.
Click below to share this article