Looking through attackers’ eyes: The importance of keeping customers updated with the most relevant cyberthreats
May 2020 by Kaspersky
According to the latest survey of IT Security leaders, conducted by 451 Research and commissioned by Kaspersky, the majority of CISOs (64%) agreed that speed and quality of incident response handling are the main metrics to measure performance in the role.
Once a company has the misfortune of having numerous assets exposed online, it becomes harder for security analysts to keep everything in sight and react to the most significant threats in time. To help analysts discover which company resources malefactors are likely to leverage, Kaspersky has today unveiled Digital Footprint Intelligence.
The new Kaspersky Digital Footprint Intelligence service delivers instant customer updates on weak points within an organisation. It provides the customer with information on threats revealed by numerous open sources and resources, which usually have limited access, as well as being enriched with results from Kaspersky threat research. Thanks to this, SOC and CERT security analysts can be aware of what cybercriminals are able to find out about their organisation, and any attack vectors they are likely to exploit, to better prepare their defense strategy.
Instant alerts on the most relevant threats
Digital Footprint Intelligence enables companies to understand the ways in which cybercriminals can successfully attack them, identify what information is available to an attacker and find out if their infrastructure has already been compromised by offering analytics on threats aimed specifically against the organisation.
The service is built on insights from Kaspersky experts who have pieced together a comprehensive picture of customers’ current attack status, identifying weaknesses in the network perimeter, threats from cybercriminals, malicious activity and data leaks.
The network inventory, which uses non-intrusive methods, identifies critical components of a customer’s network perimeter, such as remote management services, unintentionally exposed and misconfigured services and network devices. A tailored analysis of available services results in vulnerability scoring and a comprehensive risk evaluation, based on a number of multiple parameters, including CVSS base score, availability of public exploits, the company’s penetration testing experience and other features. Meanwhile, automated data gathering from online content hosting services, public forums, social networks, instant messenger channels and groups, restricted underground online forums and communities, provides the customer with details of any compromised employee accounts, data leakages or attacks planned or discussed against their organisation.
The reports in Kaspersky Digital Footprint Intelligence highlight cybercriminal activities not only against the customer, but also against its clients, partners and supplier infrastructure, and offers сustomers an overview of the ongoing malware or APT attacks in this region and industry.
With this information, a customer can look at its business from a malefactor’s point of view and understand what they can learn about the business’s IT infrastructure and employees while preparing for an attack.
The service is available in the Kaspersky Threat Intelligence Portal - a single point of access to cyberattack data gathered by the company for more than 20 years and supported by real-time notifications as soon as a tailored report is updated. Via a special API, Kaspersky Digital Footprint Intelligence can be integrated with third-party task management systems, which significantly cuts time required for workflow administration.
Keeping an eye on APT infrastructure
The Kaspersky Threat Intelligence Portal is also enhanced with the new APT C&C Tracking Service that delivers the IP addresses of infrastructure connected to advanced threats. This helps security analysts working in CERTs, national SOCs and national security agencies to monitor the deployment of new malicious infrastructures and take the required measures to mitigate ongoing as well as upcoming attacks.
The service is updated daily with recent findings from the Kaspersky Global Research and Analysis Team who have a proven track record in discovering APT campaigns across the world. For each IP, there is the name of an APT group, operation or malware it is associated with, internet service provider and autonomous system (collection of associated IPs hosting information and when it was first and last seen. The addresses can be downloaded in a machine-readable format, so customers can upload it to existing security solutions to automate detection.
“Data is the lifeblood of business. It supports building strong relationships with stakeholders, improving products to fit customer needs and exceeding competitors, and any incident affecting sensitive information. Whether it’s a targeted cyberattack leading to the theft of a customer database or the leakage of trade secrets – this can negatively affect a company’s reputation and result in financial losses. That’s why we have added a set of new services to the Kaspersky Threat Intelligence Portal so customers can keep up to date with the most relevant cyberthreats,” commented Sergey Martsynkyan, head of B2B product marketing at Kaspersky.
Kaspersky Digital Footprint Intelligence and Kaspersky APT C&C Tracking Service complement other Threat Intelligence services available at the Kaspersky Threat Intelligence Portal. These are Kaspersky Threat Data Feeds (regularly updated information about dangerous objects), APT Intelligence Reporting, Kaspersky Financial Intelligence Reporting (reports about threats targeting financial institutions), Kaspersky Threat Lookup (search for historical threat intelligence), and Kaspersky Cloud Sandbox.