Kaspersky Lab introduced the comprehensive Kaspersky CyberTrace platform, which allows you to maintain a full cycle of work with information about threats (Threat Intelligence).
The solution makes it possible to identify indicators of compromise in the organization's infrastructure, conduct a comprehensive analysis and prioritize detected cyber incidents, determine the most effective response strategy for them, and exchange information about identified threats with trusted organizations (for example, CERT or partners).
The number of notifications from various information security systems (IS), which are processed daily by analysts in the centers for monitoring and responding to cyber incidents, is growing exponentially. By integrating machine-readable threat intelligence into existing cybersecurity management tools such as SIEM systems, events can be classified and prioritized for further analysis and response. However, the constant growth of these flows of information makes it difficult to identify sources that are relevant to a particular organization.
The data is provided in various formats and includes a large number of indicators of compromise, which significantly complicates their further processing by SIEM systems and other network security management tools. The comprehensive Threat Intelligence platform created by Kaspersky Lab allows you to work with any stream of analytical data in different formats (JSON, STIX, XML, MISP, and CSV) and integrate information about threats with various security systems for future use.
Kaspersky CyberTrace supports out-of-the-box integration with a large number of SIEM systems and log sources. The product carries out an internal process of analysis and comparison of incoming data, which significantly reduces the workload on the SIEM system. It generates its own alerts when threats are detected and, through an application programming interface (API), integrates with existing monitoring and response processes. In addition, the platform supports a multi-tenant architecture, thereby enabling use cases for security service providers (MSSPs) or large companies. The second is appropriate when there is a need to analyze the events of various organizations or subsidiaries.
The Kaspersky CyberTrace solution helps to get a visual representation of the data sources used to select suppliers that are most valuable in terms of the speed of incident detection. The comprehensive platform also supports integration with the SIEM solution Kaspersky Unified Monitoring and Analysis Platform (KUMA), including a unified web interface.
Are you ready to order Kaspersky solutions or want a consultation? Email us: info.AZ@softline.com
We will provide you with favorable conditions when purchasing licenses, offer additional discounts, and select the solution you need.