August 2022: Kaspersky Threat Data Feeds are now integrated with Microsoft Sentinel, a cloud native SIEM and SOAR solution to help Microsoft Sentinel users with actionable context for attack investigation and response. With this integration, enterprise security teams can extend cyberthreat detection capabilities and increase the effectiveness of initial alert triage, threat hunting or incident response.
According to IDC, “Threat intelligence is a foundational component of a modern cybersecurity program… Threat intelligence programs provide both qualitative assessments of the field and actionable, automated solutions that bolster existing security defences”. For businesses, it is also important to smoothly incorporate TI with their security operations for the most effective protection from cyberthreats.
Access to Kaspersky TI through Microsoft Sentinel empowers enterprises with the latest insights to counter cyberattacks. Actionable context in feeds includes threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity or other search terms. With this data, security teams or SOC analysts can accelerate the initial alert triage by making informed decisions for investigation or escalation to an incident response team.
Kaspersky Threat Data Feeds are generated automatically in real time and aggregate high-quality data from multiple reliable sources around the world This includes the Kaspersky Security Network covering millions of voluntary participants globally[1], Botnet Monitoring service, spam traps, plus world-renowned Kaspersky experts from GReAT and R&D teams. All the data is carefully inspected and refined with dedicated pre-processing techniques.
Microsoft Sentinel uses TAXII protocol and gets data feeds in STIX format so it allows configuring Kaspersky Threat Data Feeds as a TAXII Threat Intelligence source in the interface. Once it is imported, cybersecurity teams can use out-of-the-box analytic rules to match threat indicators from feeds with logs.
“We are thrilled to partner with Microsoft and help Microsoft Sentinel users to get access to the trusted and valuable threat intelligence from Kaspersky. Expanding integration with third party security controls makes it even easier for customers to operationalise our TI which is one of our key priorities. TI from Kaspersky is designed to be tailored to the needs of any organisation since we collect data from a great number of different and diverse sources to cover organisations in specific industries, geolocations and with specific threat landscapes. More than two decades of threat research helps us achieve this, while empowering global security teams with the information they require at each step of the incident management cycle”, comments Ivan Vassunov, VP Corporate Products, Kaspersky.
“Threat attacks are on a continuous rise like never before and to remain protected, organisations need quick ways to detect these threats. With the Kaspersky and Microsoft Sentinel integration, customers will now have an easy way to import high fidelity threat intelligence produced by Kaspersky into Microsoft Sentinel using the industry standard of STIX/TAXII for detections, hunting, investigation, and automation”, says Rijuta Kapoor, Senior Program Manager, Microsoft.
More information about Kaspersky Threat Data Feeds integration with Microsoft Sentinel can be found here.
To learn more about other offerings within Kaspersky Threat Intelligence portfolio please follow this link.
[1] Kaspersky Security Network (KSN) is a complex cloud infrastructure that works with various anti-malware protection components. The statistics consist of depersonalised metadata voluntarily provided by KSN participants among Kaspersky customers.