Kaspersky Threat Data Feeds have been integrated with Microsoft Sentinel, a cloud native SIEM and SOAR solution, to provide actionable context for attack investigation and response. With this integration, enterprise security teams can improve the effectiveness of initial alert triage, threat hunting, and incident response by extending cyberthreat detection capabilities.
According to IDC, “Threat intelligence is a foundational component of a modern cybersecurity program… Threat intelligence programs provide both qualitative assessments of the field and actionable, automated solutions that bolster existing security defenses”. For businesses, it is also important to smoothly incorporate TI with their security operations for the most effective protection from cyberthreats.
“We are thrilled to partner with Microsoft and help Microsoft Sentinel users to get access to the trusted and valuable threat intelligence from Kaspersky. Expanding integration with third party security controls makes it even easier for customers to operationalize our TI which is one of our key priorities. TI from Kaspersky is designed to be tailored to the needs of any organization since we collect data from a great number of different and diverse sources to cover organizations in specific industries, geolocations and with specific threat landscapes. More than two decades of threat research helps us achieve this, while empowering global security teams with the information they require at each step of the incident management cycle”, comments Ivan Vassunov, VP Corporate Products, Kaspersky.
Access to Kaspersky TI via Microsoft Sentinel provides enterprises with the most up-to-date information to combat cyberattacks. Threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity, and other search terms are examples of actionable context in feeds. With this information, security teams or SOC analysts can expedite initial alert triage by making informed decisions about whether to investigate or escalate to an incident response team.
Kaspersky Threat Data Feeds are generated automatically in real time and aggregate high-quality data from multiple trustworthy sources worldwide. This includes the Kaspersky Security Network, which has millions of voluntary participants around the world, as well as the Botnet Monitoring service, spam traps, and world-renowned Kaspersky experts from the GReAT and R&D teams. With dedicated pre-processing techniques, all data is carefully inspected and refined.
Microsoft Sentinel employs the TAXII protocol and receives data feeds in STIX format, allowing it to configure Kaspersky Threat Data Feeds as a TAXII Threat Intelligence source in the interface. Once imported, cybersecurity teams can use out-of-the-box analytic rules to match threat indicators from feeds with logs.
“Threat attacks are on a continuous rise like never before and to remain protected, organizations need quick ways to detect these threats. With the Kaspersky and Microsoft Sentinel integration, customers will now have an easy way to import high fidelity threat intelligence produced by Kaspersky into Microsoft Sentinel using the industry standard of STIX/TAXII for detections, hunting, investigation, and automation,” says Rijuta Kapoor, Senior Program Manager, Microsoft.
