Kaspersky Threat Intelligence Portal introduces API integration for community members
By Staff Writer 11 November 2020 | Categories: newsNewly announced by Kaspersky is free access to the Kaspersky Threat Intelligence Portal, which gathers together all of the company’s actionable insights on threats, offers new privileged features for registered users through community access.
In particular, they will be able to connect their applications with the service via API and receive a limited number of full reports on either a file’s or URL’s behaviour using Kaspersky Cloud Sandbox. To increase privacy, a special submission mode that enables file checking in a way that the results are not available to others, has also been introduced.
Kaspersky’s recent research of the state of IT security within organisations revealed that Threat Intelligence (TI) is considered among the main investments being made in response to a data breach. This is the case for 41% of enterprises and 39% of SMBs. However, high costs of commercial TI offerings may be a barrier for adoption. To help overcome this obstacle and make threat research available to a wider number of organisations, Kaspersky explained that it continues to develop new functions to enable free access to the Kaspersky Threat Intelligence Portal.
Premium features for community members
After registering, users receive a special API that allows them to interconnect the service with custom projects and solutions. With this, they can easily submit and receive information about files, hashes, IP addresses and URLs from the Kaspersky Threat Intelligence Portal via their own applications without visiting the web service. This facilitates automated requests for the checking of suspicious objects.
All registered users will be able to execute a limited number of suspicious files and URLs in Kaspersky Cloud Sandbox, which incorporates advanced anti-evasion techniques. This means that they will not only receive the final decision and basic information on risky objects, but an in-depth report on the full file’s activities, and events happening on a certain web page, such as downloads, JavaScript, Adobe Flash execution and so on.
The community access is available free of charge for any interested person.
More privacy and detailed information on threats
With this update, the Kaspersky Threat Intelligence Portal introduces a private submission mode. It ensures that the analysis results of shared samples will be not available to anyone, except Kaspersky, even other community members. Thus, the service’s functionality becomes available for organisations with strict privacy policies.
For community members, the full history of their searches (both private and public) is available, while others will have access only to the list of public requests.
For more detailed information on submitted files, free access to the Kaspersky Threat Intelligence Portal now can perform static analysis. It provides data on the Portable Executable (PE) files structure and extracted strings.
The PE format relates to files running on Windows and contains information on how the OS should execute their code. Based on the results of the analysis, security researchers can identify the object’s functionality and, as long as it has non-typical artifacts, reveal its harmful potential, even if the malware was previously unknown. The results can also be used to create indicators of compromise, detection heuristics and rules.
In addition to malware sandboxing, heuristic analysis, emulation and reputational services, free access to the Kaspersky Threat Intelligence Portal now leverages behaviour detection technologies. It increases detection rates and helps to identify advanced threats and APTs.
“The time taken to respond to an incident is one of the main KPIs for IT security teams. And now, as they experience high pressure due to a growing number of threats, the speed of response has become even more important. To help the cybersecurity community in this difficult time, we have expanded our capabilities to integrate TI to their processes for free, so that they can automate routine tasks. We also provided access to more extensive information that can help when handling an incident,” commented Artem Karasev, Senior Product Marketing Manager, Cybersecurity Services, at Kaspersky.
Users can upgrade to a commercial license of the Kaspersky Threat Intelligence Portal by requesting access to it from a free service. This version helps to conduct complex incident investigations by revealing specific APT actors, campaigns, their motivation and tactics, techniques and procedures.
The Kaspersky Threat Intelligence Portal is a single point of access for the company’s threat intelligence. Free access to the service’s curated features is available on https://opentip.kaspersky.com/.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?