Kaspersky and Microsoft have partnered in a move that will see the former’s Threat Data Feeds being integrated with Microsoft Sentinel, a cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution.
This, the companies say, will help provide Sentinel users with actionable context for attack investigation and response, arming them with the latest insights to counter cyber attacks.
With this integration, enterprise security teams can extend cyber threat detection capabilities and increase the effectiveness of initial alert triage, threat hunting, or incident response, they add.
Actionable context in feeds includes threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity, or other search terms. With this data, security teams or SOC analysts can accelerate the initial alert triage by making informed decisions for investigation or escalation to an incident response team.
Kaspersky Threat Data Feeds are generated automatically in real-time and aggregate high-quality data from multiple reliable sources around the globe.
This includes the Kaspersky Security Network which covers millions of voluntary participants worldwide, Botnet Monitoring service, spam traps, plus Kaspersky experts from GReAT and R&D teams.
All the data is carefully inspected and refined with dedicated pre-processing techniques, the security giant says.
Microsoft Sentinel uses TAXII protocol and gets data feeds in STIX format so it allows configuring Kaspersky Threat Data Feeds as a TAXII Threat Intelligence source in the interface, Kaspersky explains. Once it is imported, cyber security teams can use out-of-the-box analytic rules to match threat indicators from feeds with logs.
Ivan Vassunov, VP corporate products at Kaspersky, says the partnership will help Microsoft Sentinel users access trusted threat intelligence from Kaspersky.
“Expanding integration with third party security controls makes it even easier for customers to operationalise our TI which is one of our key priorities. Threat intel from Kaspersky is designed to be tailored to the needs of any organisation since we collect data from a great number of different and diverse sources to cover organisations in specific industries, geolocations, and with specific threat landscapes,” he says.
Share