Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/16/2021
06:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kaspersky Launches Threat Hunting Services Enabling Timely Detection of Adversarial Activity

Woburn, MA – March 16, 2021 – Today, Kaspersky announces a brand new service, Kaspersky Threat Hunting, that enables the timely detection of adversarial activities. This new service allows for a more effective response, saving security teams’ resources for threat analysis, investigation and response.

Detecting and responding to sophisticated attacks requires specific expertise, while internal training or hiring additional experts may not always fit into the cybersecurity budget. A lack of resources can lead to untimely responses to incidents and, as a result, increase the losses of the organization. According to a Kaspersky report, for enterprises, the average cost of a data breach rises by more than $400k depending on whether a breach is discovered almost instantly or beyond seven days.

Targeted towards such organizations, Kaspersky Threat Hunting provides major benefits of an outsourced security operations center (SOC) and does not require specialized threat hunting and incident analysis skills from internal teams. The service is complemented by detection technologies as well as extensive expertise in threat hunting and incident response from professional units including the Global Research & Analysis Team (GReAT).

It is also empowered with an AI analyst that enables automatic alert resolution and allows Kaspersky SOC analysts to concentrate on the most important alerts. The combination of technologies and expertise gives customers protection form threats that evade detection, for example, by mimicking legitimate programs. IT security experts can see the protection status of all assets and threat detections in real time, receive ready-made response recommendations or authorize managed response scenarios. 

The service integrates several components. Kaspersky products send their telemetry to the Kaspersky Security Network[1] and this telemetry is then analyzed in the internal Kaspersky Security Operations Center using more than 700 constantly updated proprietary TTP-based ‘hunts’[2] tailored to the customer's environment along with various detection engines. Since alerts are collected from all endpoints, this allows the system to detect links of one attack chain on various machines. All detections are further validated and prioritized by Kaspersky’s threat hunting team to ensure a timely response.

After investigation, customers receive incident alerts and a comprehensive guide to incident response in the dedicated threat hunting portal. Response options can then be initiated through an EDR agent. Customers can also combine Threat Hunting with Kaspersky’s Incident Response retainer to completely outsource incident investigation, forensics and elimination.

“For many customers, one of their biggest challenges is being able to answer the question of whether or not they are under attack,” said Ori Ammar, head of presales for Kaspersky. “Kaspersky Threat Hunting allows cybersecurity professionals to strengthen their company’s resiliency to cybersecurity threats, while still optimizing their existing resources. This offering allows for scalable, turnkey deployment that enables an instantly matured IT security function without the need to invest in additional staff or expertise. The peace of mind our customers feel once that have deployed Kaspersky Threat Hunting is a significant achievement for our brand.”

Effective threat protection is always a set of measures that must be well coordinated with each other, easy to manage and meet the needs of customers, explains Dmitry Aleshin, vice president of product marketing at Kaspersky. “Another advantage is that, unlike one specific solution, threat hunting offers a cybersecurity roadmap for the company, assuring the transition from one IT security maturity level to another when the time comes. Thus, in the case of Threat Hunting, at a more basic level of information security development, a company can receive a fully automated service. When the expertise of its specialists grows, switch to the expert level and get involved in the threat hunting and investigation.”

For more information about Kaspersky Threat Hunting, please visit the webpage.



[1] Kaspersky Security Network (KSN) is a distributed infrastructure that works with various anti-malware protection components. The statistics consist of depersonalized metadata which is voluntarily provided by KSN participants among Kaspersky’s customers.

[2] Hunt is a rule containing the description of a suspicious activity in the system that could be a sign of an attack.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.