Kaspersky Threat
Data Feeds are now integrated with Microsoft Sentinel, a cloud-native SIEM and
SOAR solution to help Microsoft Sentinel users with actionable context for
attack investigation and response. With this integration, enterprise security
teams can extend cyberthreat detection capabilities and increase the
effectiveness of initial alert triage, threat hunting or incident response.
According to IDC,
"Threat intelligence is a foundational component of a modern cybersecurity
program... Threat intelligence programs provide both qualitative assessments of
the field and actionable, automated solutions that bolster existing security
defenses." For businesses, it is also important to smoothly incorporate TI
with their security operations for the most effective protection from
cyberthreats.
Access to Kaspersky TI through Microsoft Sentinel empowers
enterprises with the latest insights to counter cyberattacks. Actionable
context in feeds includes threat names, timestamps, geolocation, resolved IP
addresses of infected web resources, hashes, popularity or other search terms.
With this data, security teams or SOC analysts can accelerate the initial alert
triage by making informed decisions for investigation or escalation to an
incident response team.
Kaspersky Threat Data Feeds are generated automatically in
real time and aggregate high-quality data from multiple reliable sources around
the world. This includes the Kaspersky Security Network covering millions of
voluntary participants globally[1],
Botnet Monitoring service, spam traps, plus world-renowned Kaspersky experts
from GReAT and R&D teams. All the data is carefully inspected and refined
with dedicated pre-processing techniques.
Microsoft Sentinel uses TAXII protocol and gets data feeds
in STIX format so it allows configuring Kaspersky Threat Data Feeds as a TAXII
Threat Intelligence source in the interface. Once it is imported, cybersecurity
teams can use out-of-the-box analytic rules to match threat indicators from
feeds with logs.
"We are thrilled to partner with Microsoft and help
Microsoft Sentinel users to get access to the trusted and valuable threat
intelligence from Kaspersky," said Ivan Vassunov, VP corporate products,
Kaspersky. "Expanding integration with third party security controls makes it
even easier for customers to operationalize our TI which is one of our key
priorities. TI from Kaspersky is designed to be tailored to the needs of any
organization since we collect data from a great number of different and diverse
sources to cover organizations in specific industries, geolocations and with
specific threat landscapes. More than two decades of threat research helps us
achieve this, while empowering global security teams with the information they
require at each step of the incident management cycle."
"Threat attacks are on a continuous rise like never
before and to remain protected, organizations need quick ways to detect these
threats," said Rijuta Kapoor, senior program manager, Microsoft. "With the
Kaspersky and Microsoft Sentinel integration, customers will now have an easy
way to import high fidelity threat intelligence produced by Kaspersky into
Microsoft Sentinel using the industry standard of STIX/TAXII for detections,
hunting, investigation, and automation."
More information about Kaspersky Threat Data Feeds
integration with Microsoft Sentinel can be found here.