New Technology World

Kaspersky Threat Data Feeds are now integrated with Microsoft Sentinel, a cloud-native SIEM and SOAR solution, providing Microsoft Sentinel users with actionable context for attack investigation and response.

The integration will allow enterprise security teams to expand their cyberthreat detection capabilities and increase the effectiveness of initial alert triage, threat hunting, or incident response, the company said.

According to IDC, “Threat intelligence is a fundamental component of any modern cybersecurity program. […] Our Threat Intelligence Program provides both qualitative assessments in the field and actionable, automated solutions that strengthen your existing security defenses. ”

For companies, Kaspersky said, it’s also important to integrate TI seamlessly into their security operations in order to most effectively protect against cyberthreats.

Accessing Kaspersky TI through Microsoft Sentinel gives businesses the latest insights to combat cyberattacks. Actionable context in the feed includes threat names, timestamps, geolocations, resolved IP addresses of infected web resources, hashes, popularity, or other search terms.

Using this data, security teams or SOC analysts can accelerate initial alert triage by making informed decisions about investigation or escalation to incident response teams.

Kaspersky Threat Data Feeds are automatically generated in real-time and aggregate high-quality data from multiple trusted sources around the world. This includes his Kaspersky Security Network, which covers millions of willing participants worldwide, botnet monitoring services, spam traps, plus his Kaspersky experts in his GReAT and R&D teams. increase.

All data are carefully inspected and adjusted using proprietary preprocessing techniques.

Microsoft Sentinel uses the TAXII protocol and retrieves data feeds in STIX format, so Kaspersky Threat Data Feeds can be configured as a TAXII threat intelligence source in the interface. Once imported, cybersecurity teams can use out-of-the-box analysis rules to match threat indicators from the feed with logs.

Ivan Vassunov, Vice President of Enterprise Products at Kaspersky Lab, said: Expanding integration with third-party security controls will make it easier for customers to operate his TI, one of TI’s key priorities.

“Kaspersky’s TI is designed to be tailored to the needs of any organization. It collects data from sources, with over 20 years of threat research to help us achieve this while providing our global security teams with the information they need at each stage of the incident management cycle.”

Rijuta Kapoor, senior program manager at Microsoft, commented:

“The Kaspersky and Microsoft Sentinel integration enables customers to easily bring high-fidelity threat intelligence generated by Kaspersky into Microsoft Sentinel using the STIX/TAXII industry standards for detection, hunting, investigation, and automation. can be imported into.”

.