Today,
Kaspersky Lab has launched Kaspersky
CyberTrace - a free threat intelligence fusion and analysis tool that makes
consuming threat intelligence easier and more effective for security teams. The
tool aggregates and evaluates disconnected data feeds to help security teams
monitor, detect and identify what threats pose a danger to the organization to
improved incident response in security operation workflows.
With
the amount of available threat intelligence sources continuing to increase, a
third of CISOs feel under pressure as they struggle to easily consume
threat intelligence. As
organizations struggle to determine which information is relevant and most
important for them, they also face challenges with connecting this data with
security information and event management (SIEMs) as well as network
security controls, and finding a way to unify the threat data formats. These
issues directly affect the organization's efficiency and response time to
cyberthreats.
To
make it easier for enterprises to keep up-to-date with the latest threats,
Kaspersky CyberTrace retrieves continuously updated threat data feeds from
multiple threat intelligence sources - including Kaspersky Lab, other vendors,
open source intelligence or even custom sources - and automatically and rapidly
matches them with incoming security events.
Some
of the key benefits of the new free tool include:
- If Indicators of Compromise (IoC) from
threat intelligence feeds are found in any log source within an
organization's environment, Kaspersky CyberTrace automatically sends
alerts to SIEMs for ongoing monitoring and validation to reveal additional
contextual evidence for the security incidents.
- The tool integrates smoothly with a
variety of SIEMs, including IBM QRadar, Splunk, ArcSight ESM, LogRhythm,
RSA NetWitness, and McAfee ESM, as well as other security controls such as
firewalls and gateways.
- It helps prioritize tasks by giving
analysts a set of instruments for conducting alert triage and response
through categorization and validation of identified matches. On-demand
lookup of indicators or scanning of logs and files enables advanced
in-depth threat investigation, which accelerates forensic and threat
hunting activities.
- It also provides feed usage statistics
to measure the effectiveness of feeds and their relevance for a certain
environment.
"Being
aware of the most relevant zero-days, emerging threats and advanced attack vectors is key to an
effective cybersecurity strategy," said Sergey
Martsynkyan, head of B2B product marketing at Kaspersky Lab. "However, manually collecting, analyzing and sharing threat data
doesn't provide the level of responsiveness
required by an enterprise. There's a need for a centralized point for
accessible data sources and task automation. Kaspersky CyberTrace helps organizations better understand their risks,
increase the productivity of their security teams and
ensure a more robust protection against cyberthreats."
Kaspersky CyberTrace is available for customers for free globally and
can be downloaded
here. To learn more
about the tool, please visit our
official
website.