mopdf.com

REPORT REPRINTKaspersky highlights its threatintelligence portfolioMAY 18 2020By Scott CrawfordThe company’s investment in threat research has long supported its growth as a worldwide contenderin endpoint security. That research has helped build Kaspersky’s threat intelligence portfolio intoan important contributor to its enterprise strategy, with a set of offerings that seek to augmentcapabilities for security teams.THIS REPORT, LICENSED TO KASPERSKY, DEVELOPED AND AS PROVIDED BY 451 RESEARCH,LLC, WAS PUBLISHED AS PART OF OUR SYNDICATED MARKET INSIGHT SUBSCRIPTION SERVICE. IT SHALL BE OWNED IN ITS ENTIRETY BY 451 RESEARCH, LLC. THIS REPORT IS SOLELYINTENDED FOR USE BY THE RECIPIENT AND MAY NOT BE REPRODUCED OR RE-POSTED, INWHOLE OR IN PART, BY THE RECIPIENT WITHOUT EXPRESS PERMISSION FROM 451 RESEARCH. 2020 451 Research, LLC W W W. 4 5 1 R E S E A R C H . C O M

REPORT REPRINTIntroductionKaspersky has long been known as a provider of cybersecurity technologies and a recognizedinternational contender in domains such as anti-malware and endpoint security for many years. Fuelingits success in these domains, however, has been an investment in research that has built a significantbody of threat intelligence for the company. Today, as Kaspersky broadened its emphasis in enterprisemarkets from hybrid cloud to industrial cybersecurity and the Internet of Things, it highlights its threatintelligence capability as a primary enabler of its strategy.451 TAKEThreat intelligence is a valued capability among enterprises, with 42% of respondentsto 451 Research’s 2019 Voice of the Enterprise: Information Security, Workloads & KeyProjects survey reporting it as already in use, with another 15% reporting projects in pilotor proof of concept and a further 25% planning to deploy over the ensuing 24 months.Kaspersky has achieved significant penetration of global markets, which informs itsvisibility into geopolitical concerns as well as cybercrime – visibility that can add valuableperspective to threat intelligence, especially when other researchers often speakprimarily from North America or western Europe.With multiple offerings for access to intelligence reports and findings, analysis ofsamples and exposure of an organization’s digital footprint, Kaspersky seeks to putthis intelligence more directly to work in security operations. Recent offerings such asCyberTrace highlight this strategy to correlate internal security monitoring and alertingwith external threat intelligence, to arm more responsive defense with the insightneeded to detect malicious activity, respond to attacks and prioritize risks in light of realworld threats. We would expect Kaspersky to press even further into optimizing securityoperations, enhancing visibility and action through its combination of widely adoptedtechnologies in multiple environments and its threat intelligence capabilities.ContextFounded by Eugene Kaspersky and colleagues in 1997, Kaspersky began as an antivirus vendorfocused, like many at that time, on the endpoint, and has since grown to become a significant globalvendor of security software, operating in 200 countries and territories on six continents. Today, thecompany’s portfolio embraces multiple aspects of security for enterprises as well as SMBs, across awide range of IT and operational technology (OT) and the Internet of Things.Established in Russia, the company is now administered through a holding company in the UK, withprocess and storage of data for North American customers now based in Switzerland. It currentlyemploys more than 4,000 in 34 regional offices worldwide. Privately held with no outside investors,Kaspersky reported audited 2018 revenue of 706m (adjusted for foreign exchange) through bothdirect sales and a number of OEM relationships.

REPORT REPRINTThreat intelligence gathering and analysisA provider with a significant presence in endpoint security such as Kaspersky has many advantagesothers don’t. Its agents often number in the millions, deployed on systems around the world invirtually any scenario, from the datacenter to end-user devices. They encounter attack tools andtactics such as malware and exploit techniques on a daily basis. They examine samples to understandthreat behavior and activity, and their technology may respond with a combination of heuristics andbehavioral analysis to recognize malicious patterns when previously unencountered threats emerge.Substantial as it is, Kaspersky’s endpoint presence represents only a part of its global intelligencegathering capabilities. Web crawlers, spam traps and ‘bot farms’ (networks of hosts that interact inhoneypot fashion with malicious automated functionality or ‘bots’) collect data available from attacktechniques. Open source intelligence (OSINT) further contributes to inputs. The Kaspersky CloudInfrastructure supports the gathering and analysis of all this information by human experts and AI.Human analysis is spearheaded by the company’s Anti-Malware Research organization and by itsGlobal Research and Analysis Team (GReAT), an elite group of more than 40 experienced researchersin 20 countries tracking more than 200 threat actor groups. Customers and partners can alsoparticipate in threat research through the Kaspersky Security Network, a cooperative initiative thatallows participants to voluntarily submit contributions and depersonalized data for analysis and obtainfindings such as threat detection and reputational analysis deployable in operations.For the integration of its threat intelligence output with security tools and operations, Kasperskyhas partnerships with several IT security and operational technology (OT) providers, including majorsecurity information and event management (SIEM) vendors, threat intelligence platforms (TIPs) andnetwork security technologies.Threat intelligence offeringsKaspersky’s threat intelligence output includes actionable data ranging from machine-readableinformation to in-depth human analysis and reports. IP reputation, malicious file and content hashes,malicious URLs, vulnerability data, passive DNS findings, command-and-control (C&C or C2) serverdata, structured indicators of compromise (IoCs) and a widely embraced approve list of legitimatesoftware are among the many types of vetted data Kaspersky provides through its threat intelligencefeeds. Additional insights available to premium subscribers include detailed reports on maliciousfile activities and behaviors, other domains and URLs associated with suspicious files or sites andDNS resolution of suspicious IP addresses. These feeds can be consumed directly by security and ITinfrastructure and endpoints, as well as by security operations platforms such as SIEMs.For enterprise security analysts, the Kaspersky Threat Intelligence Portal is a primary point of accessto Kaspersky threat intelligence. With over 20 petabytes of data under management, the portaldelivers access to feeds as well as reports that help organizations correlate threat intelligencefindings across data sets, answer questions of relevance of findings to their organization, accessdetailed analysis of threat actors and tactics, understand their exposure to specific threats and act onconclusions and recommendations. Premium subscribers have access to additional details such as thefunctionality of specific attack tools and the relationships evidence has to other threat intelligencefindings. APT Intelligence Reporting details include analysis of methods and tools used in an attack orcampaign, technical detail on C&C functionality, IoCs and YARA rules for mitigating attacks. Countryand industry-specific reporting is also available.Functionality supported by the Kaspersky Threat Intelligence Portal includes the Kaspersky CloudSandbox, which enables customers to upload suspicious content for analysis via a web interface.Findings reveal sample behavior and actions initiated by an attack, such as opening additionalconnections or initiating C&C channels and identifying possible threat actors associated. Premium