Organisations can now use Kaspersky’s Threat Intelligence Portal for free, allowing them to quickly analyse cybersecurity threats.
Most organisations are swamped by cybersecurity threats, so it’s important they respond to them in a highly efficient, targeted way.
A key way of doing this is to use a threat intelligence service to determine which threats are critical. Yet little more than a third of enterprises use such a service, according to a survey by cybersecurity company Kaspersky. The main reason they cited was cost.
Kaspersky has seized on that opportunity by offering a free version of its Kaspersky Threat Intelligence Portal. Anyone can now access the portal, where they’ll find analysis tools and information to help them work out which threats are the most critical.
You can submit files, file hashes, IP addresses and URLs to the portal and it will determine whether they are malicious and give you additional context. For example, the portal will tell you how widespread a threat is and list any organisations that have registered a suspicious web resource.
You can upload as many files as you want to the free portal each day, and you are limited to 100 hash and IP lookups a day.
The portal uses an array of analysis methods, including heuristic analysis and the Kaspersky Cloud Sandbox, which allows monitoring of threat behaviour.
Those technologies are useful for examining advanced threats that might not trigger basic cybersecurity measures – such as documents that don’t deliver their payload until the user scrolls to the last page.
The portal also uses information from Kaspersky’s web crawlers, spam traps, researchers, partners and other sources. And it uses whitelists, analysts and other methods to refine that information,
Free vs premium
Kaspersky also offers a premium version of the portal, which allows you to drill down into more detail about suspicious objects. For example, you can learn about other files an object has relationships with.
You can also use the premium version of the Kaspersky Cloud Sandbox to learn more about what a suspicious object does. It provides detailed reports about suspicious activities, screenshots and other information. You can also use an API to upload objects to the sandbox and integrate it with your workflows.
These tools are intended for use by security analysts, such as those working in Security Operations Centres or Managed Security Services Providers. Though you could also make use of the free portal if you work in a small to medium business, says Artem Karasev, Senior Product Marketing Manager, Cybersecurity Services, at Kaspersky.
“A broader audience, which includes SMBs, may also benefit from the new type of access to the Threat Intelligence Portal, as it allows for quick checks and confirmation if an object of interest is malicious or otherwise,” Karasev says.
By taking advantage of these tools you’ll be in a better position to respond when a cyber-attack happens – rather than simply complying with regulations. And the sooner you respond to threats, the faster you can limit damage to your business operations and reputation.
Article sponsored by Kaspersky.