Kaspersky Threat Lookup service goes globall

Kaspersky Lab has made Kaspersky Threat Lookup, a security intelligence service aimed at enhancing enterprise incident response and cybersecurity forensics capabilities, globally available. Kaspersky Threat Lookup allows security stakeholders to prioritise and act efficiently in the typical scenario of hundreds and thousands alerts received every day.

According to a survey of more than 4,000 business representatives worldwide, conducted by Kaspersky Lab and B2B International in 2016, time is the crucial factor in incident detection and response. The survey findings show that enterprises pay over 100% more in recovery fees if they are unable to detect a security breach in a short time. The average recovery cost of a breach that stays undetected for a week or more is over US$1 million, while instantly discovered incidents cost US$400,000 to mitigate. Detection and response are some of the most time-critical activities on the agenda of security operations centres (SOCs) in organisations around the world, and both require reliable security intelligence.

Kaspersky Threat Lookup provides access to several petabytes of global security intelligence data that is being updated almost in real-time. Once suspicious indicators such as IP address, URL or file hash have been identified by a corporate IT security officer, they can be entered into the service web interface. In return, users are provided with meaningful and structured information about a potential threat and offers global insights that help identify a targeted attack in progress.

Kaspersky Lab’s security intelligence is collected from various sources including Kaspersky Lab’s cloud security network, spam traps, botnet monitoring initiatives and web crawlers. That data is constantly being cross-checked by Kaspersky Lab’s own research team and automatically correlated. The solution offers corporate security officers contextual intelligence capabilities. It enables them to quickly investigate the source of the problem, distinguish between potentially malicious and benign actions, and obtain data for fast and efficient incident investigation.

Kaspersky Threat Lookup offers enterprises the same level of intelligence that Kaspersky Lab specialists use to analyse the most sophisticated threats, and includes indicators of compromise* for these new attacks. The solution makes it possible to match data obtained during an investigation due to vast knowledge of malicious objects, as well as access to one of the largest databases of clean objects, part of the Kaspersky Whitelist service.

One of the early adopters of Kaspersky Threat Lookup service is INTERPOL. Kaspersky Lab has been offering early access to the organisation’s threat intelligence according to an expertise-sharing agreement to help investigate cybercrime.

Veniamin Levtsov, VP, Enterprise Business at Kaspersky Lab, comments: “In 2016 we have rapidly expanded our range of Security Intelligence Services, including Threat Data Feeds, to provide businesses with the actionable intelligence required for faster detection. But in order to significantly reduce recovery costs, businesses need to improve detection together with response and forensic capabilities. That is, they need to understand the scope of the problem, identify the source of the security event and collect necessary intelligence to mitigate the threat. The Kaspersky Threat Lookup portal is an important addition to the family of Security Intelligence Services that directly addresses these challenges. It provides instant access to Kaspersky Lab’s threat intelligence directly from cloud sources and contains comprehensive information on requested file hash, URL or IP.”

*An indicator of compromise is a clue that hackers have successfully penetrated a network, similar to the way a shattered window coupled with missing jewellery might indicate that a burglary has occurred.