Customers can now integrate real-time Threat Data Feeds from Kaspersky Lab into their security operations by leveraging the Threat Intelligence App for Splunk. Kaspersky Threat Intelligence Data Feeds were launched earlier this year as part of Kaspersky Security Intelligence Services. Kaspersky Threat Intelligence Data Feeds provide customers with up-to-date information about cyber threats such as new malicious apps, botnet activity, phishing and malicious resources, as well as web hosts potentially linked with criminal activity. By leveraging the Splunk® platform, customers can enhance their security position through data analytics and real-time visibility in their security infrastructure, to gain actionable insights. Kaspersky Threat Feed App for Splunk is available to download on Splunkbase.
Mikhail Nagorny, Head of Security Services at Kaspersky Lab, said, “We strongly believe that future evolution of the security industry, as well as protection of businesses around the world, depends on intelligence sharing. Availability in the corporate world means being compatible with third-party intelligence, analytics and SIEM solutions widely embraced around the globe. Splunk software is one of those solutions and is why we make sure our data feeds fully leverage Splunk. We plan to further expand the availability of our Threat Data Feeds which help businesses respond to the latest threats from around the world as quickly as possible”.
Kaspersky Threat Data Feeds provide the following data to customers:
Malicious file hashes: Actionable data based on everything that is detected by Kaspersky Lab’s automated systems or a team of highly-skilled security experts. This intelligence is the cornerstone of the success of a company’s own consumer and corporate security solutions.
Botnet activity: Our intelligence systems analyze the activity of botnets around the world and this information gives businesses an edge to prepare themselves for any potential threat acts against them launched by botnet operators.
Kaspersky Lab tracks phishing web resources and malicious e-mail distributions, and this data gives customers an additional chance to block an attack before it reaches employees.
Potentially malicious hosts: This invaluable source of information helps companies to identify an active security breach. We supply not only the list of IPs that are potentially connected to criminal activity, but also the threat score that enables SIEM users to fine-tune their alerts to a preferred level.
Kaspersky Lab’s Threat Intelligence Data Feeds are based on threat intelligence that is constantly evolving, thanks to a large install base. Kaspersky Lab protects more than 400 million consumers and businesses around the world, providing us with the knowledge of a diverse range of threats, from generic threats that we detect at a rate of 315,000 a day on average, to APTs and targeted attacks. For enterprise customers, Data Feeds provide what they need the most: an ability to learn about new threats almost as soon as they appear and to adjust their protection systems accordingly. You can learn more about Threat Data Feeds and other solutions in the Security Intelligence Services range at our website.