The new Kaspersky Digital Footprint Intelligence servicedelivers instant customer updates
on weak pointswithin an organization. It provides the customer withinformation on threats
revealed by numerous open sources andresources which usually have limited accessas well
as being enriched with results from Kaspersky threat research. Thanks to this, SOC and
CERT security analysts can be aware ofwhat cybercriminals are able to find out about
theirorganization, andany attack vectors they are likely to exploit, to better prepare their defense strategy.
According to the latest survey of IT Security leaders conducted by 451 Research and commissioned by Kaspersky, the majority of CISOs (64%) agreed that speed and quality of incident response handling are the main metrics to measure performance in the role. However, as a company has numerous assets exposed online, it becomes harder for security analysts to keep everything in sight and react to the most significant threats in time. To help security analysts discover whichcompany resources the malefactors are likely to leverage, Kaspersky unveils Kaspersky Digital Footprint Intelligence.
Instant alerts on the most relevant threats
Kaspersky Digital Footprint Intelligence helps companies to understand the ways in which cybercriminals can successfully attack them, identify what information is available to an attacker and find out if their infrastructure has already been compromised by offering analytics on threats aimed specifically against the organization.
The service is built on insights from Kaspersky experts who have pieced together a comprehensive picture of customers’ current attack status, identifying weaknesses in the network perimeter, threats from cybercriminals, malicious activity and data leaks.
The network inventory, whichuses non-intrusive methods, identifies critical components of
a customer’s network perimeter, such as remote management services, unintentionally
exposed and misconfigured services and network devices. A tailored analysis of available
services results invulnerability scoring and comprehensive risk evaluation based on a
number of multiple parameters, including CVSS base score, availability of public exploits,
the company’s penetration testing experience and other features.
Meanwhile, automated data gathering from online content hosting services, public forums,
social networks, instant messengers channels and groups, restricted underground online
forums and communities, provides the customer with details of any compromised employee
accounts, data leakages or attacks planned or discussed against their organization.
The reports in Kaspersky Digital Footprint Intelligence highlight cybercriminal activities not
only against the customer, but also against its clients, partners and supplier infrastructure
and offers сustomers an overview of the ongoing malware or APT attacks in this region and
industry.
With this information, a customer can look at its businessfrom a malefactor’s point of view
and understand what they can learn about the business’s IT infrastructure and employees while preparing for an attack.
The service is available in the Kaspersky Threat Intelligence Portal – a single point of access
to cyberattack data gathered by the company for more than 20 years and supported by real-time notifications as soon as a tailoredreport is updated. Via a special API, Kaspersky
Digital Footprint Intelligence can be integrated with third-party task management systems, which significantly cuts time required for workflow administration.
Keeping an eye on APT infrastructure
The Kaspersky Threat Intelligence Portal is also enhanced with the new APT C&C Tracking
Service that delivers the IP addresses of infrastructure connected to advanced threats. This helps security analysts working in CERTs, national SOCs and national security agencies to
monitor the deployment of new malicious infrastructures and take the required measures to mitigate ongoing as well as upcoming attacks.
The service is updateddaily with recent findings from the Kaspersky Global Research and
Analysis Team who have a proven track record in discovering APT campaigns across the world. For each IP, there is the name of an APT group, operation or malwareit is associated
with, internet service provider and autonomous system (collection of associated IPshosting information and when it was first and last seen. The addresses can downloaded in a
machine-readable format, so customers can upload it to existing security solutions to automate detection.
“Data is the lifeblood of business. It supports building strong relationships with
stakeholders, improving products to fit customer needs and exceeding competitors, and any incident affecting sensitive information. Whether a targeted cyberattack leading to theft of a customer database or leakage of trade secrets – this can negatively affect a
company’s reputation and result in financial losses. That’s why we have added a set of new services to the Kaspersky Threat Intelligence Portal so customers can keep up-to-date with the most relevant cyberthreats,” – commented Sergey Martsynkyan, head of B2B product
marketing at Kaspersky.
Kaspersky Digital Footprint Intelligence and Kaspersky APT C&C Tracking
Servicecomplement other Threat Intelligence services available at the Kaspersky Threat Intelligence Portal. These are Kaspersky Threat Data Feeds (regularly updated information
about dangerous objects), APT Intelligence Reporting, Kaspersky Financial Intelligence Reporting (reports about threats targeting financial institutions), Kaspersky Threat Lookup
(search for historical threat intelligence), and Kaspersky Cloud Sandbox.