Kaspersky – Threat Intelligence Portal
Kaspersky has launched a platform with all knowledge acquired by Kaspersky about Cyberthreats and legitimate objects and their relationships. The goal is to provide security teams with as much data as possible, in order to prevent cyberattacks from impacting your organization. The Portal retrieves the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, statistical/behavioural data, WHOIS data, etc. The result is visibility of new and emerging threats globally, helping you to secure your organization and boost incident response.
The threat intelligence is aggregated from a wide variety of highly reliable sources. Then, in real time, all of the aggregated data is carefully inspected and refined using several preprocessing techniques and technologies, such as statistical systems, similarity tools, sandboxing, behavioral profiling, whitelist-based verification, and analyst validation.
Every submitted file is analyzed by a set of advanced threat detection technologies such as heuristic analysis, Urgent Detection System and Kaspersky Cloud Sandbox, to monitor its behavior and actions, including network connections and downloaded/dropped objects. The Sandbox is based on the company’s proprietary and patented technology, which is used internally and allows Kaspersky to detect more than 350,000 new malicious objects every day.
How it works
Files or Indicators of Compromise can be submitted through a web interface. Kaspersky Threat Intelligence Portal lets you submit and retrieve threat intelligence on the following objects:
- MD5, SHA-1, and SHA-256 hashes
- IP addresses (IPv4)
Kaspersky Threat Intelligence Portal shows whether an object is in the Good, Bad, or Not Categorized zone, while providing contextual data to help you respond to or investigate threats more effectively.
For more information about the Kaspersky Threat Intelligence Portal, please contact your account manager.