Kaspersky CyberTrace needs to help businesses respond more quickly to cyber-attacks

Kaspersky has unveiled a new threat intelligence service to help security management better understand threat intelligence. This is CyberTrace, which brings together data feeds to help organisations identify threats. This should allow them to focus on what is most important for their specific organisation.

The information is collected from various sources, reports IT Pro. These include Kaspersky’s own labs, as well as third parties, open source repositories and proprietary intelligence databases.

If a potential threat is detected, it sends an alarm to supported security information and event management (SIEM) systems, such as IBM QRadar, Splunk, ArcSight ESM, LogRythm, RSA NetWitness and McAfee ESM, to validate the threat. It also translates the threat to the organisation. Threats are categorized and stored to make it easier for SIEMs to look them up when needed and to provide a contextual response.

Research

Companies can also look up log files and other data related to incidents in order to carry out an in-depth threat assessment. In addition, CyberTrace provides feed usage statistics to measure how effective a feed has been in detecting threats and identifying those that are most relevant to specific environments.

“Being aware of the most relevant zero-days, emerging threats and advanced attackers is important for an effective digital security strategy. But manual threat data collection, analysis and sharing does not provide the level of responsiveness required for an enterprise,” said David Emm, principal security researcher at Kaspersky Lab UK.

“There is a demand for a centralized point for accessible data sources and automation of tasks. Kaspersky CyberTrace helps organizations better understand their risks, increase the productivity of their security teams, and ensure more robust protection against digital threats.”