In this way, Sentinel users will have access to actionable context for attack investigation and response. With this integration, enterprise security teams can extend cyber threat detection capabilities and increase the effectiveness of initial alert triage, threat hunting, or incident response.
According to IDC, “Threat intelligence is a fundamental component of a modern cybersecurity program… Threat intelligence programs provide qualitative assessments from the field and actionable automated solutions that bolster existing security defenses.” In a statement, Kaspersky and Microsoft stress that it is also important for businesses to be able to easily integrate threat intelligence with their security operations to get the most effective protection against cyber threats.
“Access to Kaspersky threat intelligence through Microsoft Sentinel gives businesses the latest insights to counter cyberattacks. Actionable context in feeds includes threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity, or other search terms. With this data, security teams or SOC analysts can expedite the initial triage of alerts by making informed decisions to investigate or escalate to an incident response team,” the joint statement said.
Kaspersky Threat Data Feeds are automatically generated in real time and aggregate high-quality data from a variety of trusted sources around the world. This includes Kaspersky Security Network (the Kaspersky Security Network) containing millions of volunteer participants around the world1, botnet monitoring service, spam traps, as well as world-renowned Kaspersky experts from the GReAT and R+ teams. d All data is carefully inspected and refined with dedicated pre-processing techniques.
Microsoft Sentinel uses the TAXII protocol and obtains data feeds in the STIX format, thus allowing Kaspersky Threat Data Feeds to be configured as a TAXII threat intelligence feed in the interface. Once imported, cybersecurity teams can employ out-of-the-box analytic rules and match logs to threat indicators from sources.
“We are pleased to partner with Microsoft and help Microsoft Sentinel users gain access to Kaspersky’s valuable and trusted threat intelligence. Expanding integration with third-party security controls makes it even easier for customers to put our threat intelligence to work, which is one of our key priorities. Kaspersky Threat Intelligence is designed to fit the needs of any organization as we collect data from a large number of different and diverse sources to cover organizations in specific industries, geolocations and with specific threat landscapes. More than two decades of threat research help us achieve this, while empowering global security teams with the information they need at every step of the incident management cycle,” said Ivan Vassunov, vice president of corporate products at Kaspersky.
“Cyber attacks are on the rise like never before and to stay protected, organizations need fast ways to detect these threats. With the integration of Kaspersky and Microsoft Sentinel, customers will now have an easy way to import high-fidelity threat intelligence produced by Kaspersky using the STIX/TAXII industry standard for detections, search, investigation and automation into Microsoft Sentinel.” says Rijuta Kapoor, senior program manager at Microsoft.
How to apply for the 2022 Innovation Awards?
diarioti.com
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.