Kaspersky opens threat intelligence portal to public
- 24 October, 2019 22:00
Kaspersky has opened its threat intelligence portal to the general public with the intention of targeting incident responders and security operation centre (SOC) analysts, working in-house and at managed security service providers (MSSPs).
The portal is the cyber security provider access point for threat intelligence that provides cyber attack data and insights gathered by Kaspersky.
It was previously only available for enterprise customers and as a premium service only. The vendor revealed today it had decided to make basic functions of its portal available to non-customers.
Every user of the threat intelligence portal can upload any number of files to check with lookups for URL, hash or IP limited to 100 requests per day to prevent abuse.
“From what we see, sometimes the main barrier is companies are not ready to pay for commercial threat intelligence,” said Artem Karasev, senior product marketing manager, B2B product marketing at Kaspersky. “This is because they don’t have the opportunity to test threat intelligence, understand how it works and what opportunities for investigation and defence it provides.”
According to Karasev, a broader audience that includes SMBs may also benefit from the access to the threat intelligence portal as it allows for quick checks and confirmation if an object of interest is malicious or otherwise.
Every submitted file is analysed by a set of advanced threat detection technologies such as heuristic analysis and Kaspersky Cloud Sandbox, to monitor its behaviour and actions. It then informs users if the analysed object is malicious and provide basic information including how widespread it is, names it was previously detected by, the name of an organisation which registered a web resource, the time when the domain was created or file was seen for the first and last time and more elements which in turn will help ensure a timely response.
The portal combines information from reliable sources including the Kaspersky Security Network which is made up of the company’s own web crawlers, spam traps, research findings, partner information and more.
Some functions, however, will remain available only to premium customers, including detailed relationship data for indicators and legitimate objects, access to the detailed cloud sandbox reports, APT and financial threat intelligence reports as well as an URL sandbox.
The company plans to integrate the service into some products as of next year.