Customers can now integrate real-time Threat Data Feeds from Kaspersky Lab into their security operations by leveraging the Threat Intelligence App for Splunk.
Kaspersky Threat Intelligence Data Feeds were launched earlier this year as part of Kaspersky Security Intelligence Services. Kaspersky Threat Intelligence Data Feeds provide customers with up-to-date information about cyber threats such as new malicious apps, botnet activity, phishing and malicious resources, as well as web hosts potentially linked with criminal activity.
By leveraging the Splunk platform, customers can enhance their security position through data analytics and real-time visibility in their security infrastructure, to gain actionable insights.
Mikhail Nagorny, Head of Security Services at Kaspersky Lab, commented, “We strongly believe that future evolution of the security industry, as well as protection of businesses around the world, depends on intelligence sharing. Availability in the corporate world means being compatible with third-party intelligence, analytics and SIEM solutions widely embraced around the globe. Splunk software is one of those solutions and is why we make sure our data feeds fully leverage Splunk. We plan to further expand the availability of our Threat Data Feeds which help businesses respond to the latest threats from around the world as quickly as possible”.
Kaspersky Threat Data Feeds provide the following data to customers:
- Malicious file hashes. Actionable data based on everything that is detected by Kaspersky Lab’s automated systems or a team of highly-skilled security experts. This intelligence is the cornerstone of the success of a company’s own consumer and corporate security solutions.
- Botnet activity. Our intelligence systems analyze the activity of botnets around the world and this information gives businesses an edge to prepare themselves for any potential threat acts against them launched by botnet operators.
- Kaspersky Lab tracks phishing web resources and malicious e-mail distributions, and this data gives customers an additional chance to block an attack before it reaches employees.
- Potentially malicious hosts. This invaluable source of information helps companies to identify an active security breach. We supply not only the list of IPs that are potentially connected to criminal activity, but also the threat score that enables SIEM users to fine-tune their alerts to a preferred level.