About Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal provides reliable, immediate intelligence about cyber threats, legitimate objects, their interconnections and indicators, enriched with actionable context to inform your business or clients about the associated risks and implications. Now you can mitigate and respond to threats more effectively, defending your system against attacks even before they are launched.

Kaspersky Threat Intelligence Portal delivers all the knowledge acquired by Kaspersky about cyber threats and their relationships, brought together into a single, powerful web service. The goal is to provide your security teams with as much data as possible in order to prevent cyber attacks that can impact your organization. The platform retrieves the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, statistical and behavioral data, WHOIS and DNS data, and so on. The result is global visibility of new and emerging threats, helping you secure your organization and boosting incident response.

Threat intelligence is aggregated from fused, heterogeneous, and highly reliable sources. Then, in real time, all the aggregated data is carefully inspected and refined using multiple preprocessing techniques, such as statistical criteria, Kaspersky expert systems, validation by analysts, and verification against white lists.

How it works

Indicators of compromise can be looked up through a web-based interface or the Kaspersky Threat Intelligence Portal API. Kaspersky Threat Intelligence Portal enables you to request threat intelligence about the following objects:

• MD5, SHA-1, and SHA-256 hashes
• IP addresses
• Domains
• URLs

Kaspersky Threat Intelligence Portal displays whether an object is in Good, Bad, or Not categorized zones, while providing a rich set of contextual data to answer the who, what, where, and when questions that help you respond to or investigate threats more effectively.

Key features

Following are the key features of Kaspersky Threat Intelligence Portal:

• APT Intelligence reports and Financial Threat Intelligence reports

  Increase your awareness and knowledge of high profile cyber-espionage campaigns with wide-ranging and practical advanced persistent threat (APT) reporting from Kaspersky. Download reports in any available format.

• Data feeds

  Security Threat Intelligence Services from Kaspersky gives you access to the intelligence you need to mitigate cyber threats, provided by our world-class team of researchers and analysts.

• Trusted threat intelligence

  The key benefit of threat intelligence is the reliability of data enriched with actionable context.

• Comprehensive and real-time coverage

  Threat intelligence is automatically generated in real time based on findings across the globe, providing high coverage and accuracy.

• Rich data

  Threat intelligence delivered by Kaspersky Threat Intelligence Portal includes a vast amount of different data types such as hashes, URLs, IP addresses, WHOIS, GeoIP, pDNS, file attributes, statistical and behavioral data, download chains, time stamps, and much more. Empowered with this data, you have access to a diverse landscape of security threats.

• Continuous availability

  Threat intelligence delivered by Kaspersky Threat Intelligence Portal is generated and monitored by a highly fault-tolerant infrastructure, ensuring continuous availability and consistent performance.

• Continuous review by security experts

  Hundreds of experts, including security analysts from across the globe, world-famous security experts from Global Research & Analysis Team (GReAT), and leading-edge R&D teams, contribute to generating valuable and real-life threat intelligence.

• Easy-to-use web portal or API

  Use the service in manual mode through a web portal or get access by means of a simple Kaspersky Threat Intelligence Portal API.

• SaaS solution

  With software as a service (SaaS), there is no need to integrate additional systems or services into your company’s infrastructure. Start using the service immediately.

Key benefits

By using Kaspersky Threat Intelligence Portal you can do the following:

• Improve and accelerate your incident response and forensic capabilities by providing security and SOC teams with meaningful information about threats and global insights into what lies behind targeted attacks. Diagnose and analyze security incidents on hosts and the network more efficiently and effectively. Prioritize signals from internal systems against various threats to minimize incident response time and disrupt the kill chain before critical systems and data are compromised.
• Conduct deep searches into threat indicators such as IP addresses, malicious URLs, or file hashes with human-validated threat context that allows prioritization of attacks, improves IT staff and resource allocation decisions, and supports you in focusing on mitigating threats that pose the most risk to your business.
• Use threat intelligence to detect malicious content hosted in your networks and data centers.
• Help to mitigate targeted attacks. Enhance your security infrastructure with tactical and strategic threat intelligence by adapting defensive strategies to counter specific threats your organization faces.