The Kaspersky CyberTrace solution has been updated to include extended threat intelligence (TI) platform capabilities including alert triage, threat data analysis and incident investigation. The new paid edition integrates with all commonly used security information and event management (SIEM) solutions and security controls and provides graphical visualisation for efficient responses. The community version of CyberTrace remains available for free.
According to Kapersky, multiple threat intelligence sources constantly process vast amounts of information and generate millions of alerts. This level of fragmented and multi-format data makes effective alert prioritisation, triage, and validation incredibly difficult. That is why the ability to identify real threats remains one of the top challenges for IT security teams.
To help corporate security and incident response teams facilitate threat detection, investigation and response and raise the efficiency of IT security operations, Kaspersky has upgraded its CyberTrace threat intelligence fusion and analysis tool to a centralised TI Platform.
The new edition of the solution has been updated with advanced features that allow security teams to conduct complex searches across all indicator fields, analyse observables from previously checked events, measure the effectiveness of integrated feeds and a feed intersection matrix. It also offers a public API for integration with automated workflows. In addition, the platform now supports Multiuser and Multitenancy features to control operations that are managed by different users and handle events from different branches separately. The paid edition, which is suitable for large enterprises and MSSPs, supports all features and enables processing and downloading an unlimited number of EPS and IoCs.
Kaspersky CyberTrace remains free for users in its community edition. This version provides all the existing capabilities of the solution, as well as the new functions mentioned above, except for the ability to add multi-user and multi-tenancy accounts. It also limits the number of processed events per second (up to 250) and the number of indicators that can be downloaded (up to one million).
Unique integration approach
Kaspersky CyberTrace smoothly integrates with all commonly used SIEM solutions and security controls, supporting any threat intelligence feed in STIX 2.0/2.1/1.0/1.1, JSON, XML and CSV formats. By default, the solution includes native integration of a broad portfolio of Kaspersky Threat Data Feeds which are generated by hundreds of the company’s experts, including security analysts from across the globe and its leading-edge GReAT and R&D teams.
The platform solves the problem of ingesting many Indicators of Compromise (IoCs) to SIEMs which can lead to delays in the processing of incidents and missed detections. Kaspersky CyberTrace automatically extracts IoCs from logs coming to SIEMs and analyses them internally within the owned in-built machine engine. That enables faster processing of an unlimited number of IoCs without overloading the SIEM.