Kaspersky Lab announced completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range. Machine-Readable Threat Intelligence provides Threat Data Feeds and tools to integrate with the world’s most popular SIEM platforms. This combination gives enterprises an unprecedent view of the threat landscape and supplies their Security Operations Centers with Indicators of Compromise needed to identify and block a multitude of cyber attacks as fast as possible. Within the Threat Data Feeds package of malware indicators for desktops and mobiles, malicious URLs has been amended with IP Reputation – a new data stream that helps customers bring their threat intelligence to a new level.
According to Kaspersky Lab’s “Measuring the Financial Impact of IT Security on Businesses“ report, the fast discovery of security breaches has a direct and measurable impact on recovery costs. Based on feedback from 4,000+ company representatives from 25 countries, we estimated that every day a security breach goes undetected costs large businesses US$100K on average. The overall recovery bill for a security breach that remained undetected for a week can be as high as US$1.1 million, while an average cost of recovery from a breach detected within hours is less than US$400K. This monetary proof calls for an efficient detection strategy of active security breaches based on the modern concept of the Security Operations Center.
The optimum solution to the problem of fast incident discovery is actionable security intelligence. This means being able to spot an attack at any point using a variety of methods. While typical prevention tools focus on analyzing activitity on endpoints, an additional layer of security has to be in place. In case endpoint protection is circumvented for some reason, a security system has to be able to spot an attack on other levels.
Veniamin Levtsov, Kaspersky Lab’s Vice President, Enterprise Business said, “Threat intelligence gathering is the very nature of our business. In some cases it becomes much easier to integrate Kaspersky Threat Data Feeds into customer’s SIEM, than run migration to change existing anti-malware products. These feeds allow our customers to be protected by Kaspersky Lab without any significant changes to their enterprise security system. Threat Intelligence is more than just prevention: we provide machine-readable data which empowers enterprise SOCs with the ability to identify and remediate even the most sophisticated and targeted attacks. Finally, with the completion of support for three world-leading SIEM systems, our Threat Intelligence Platform can be deployed swiftly within the majority of enterprises.”