Kaspersky And Microsoft Partner Up For Threat Intelligence Improvement

Kaspersky establishes partnership with Microsoft (photo: Kaspersky)

JAKARTA - Kaspersky Threat Data Feeds have now been integrated with Microsoft Sentinel, a cloud-native SIEM and SOAR solution to help Microsoft Sentinel users with actionable context for attack investigation and response.

Through this integration, enterprise security teams can expand cyberthreat detection capabilities and increase the effectiveness of early warning triage, threat hunting, and incident response.

“We are excited to partner with Microsoft and help Microsoft Sentinel users gain access to Kaspersky's trusted and useful threat intelligence,” said Ivan Vassunov, VP Corporate Products, at Kaspersky, in a statement received in Jakarta, Wednesday, August 24.

According to IDC, Threat intelligence is a fundamental component of modern cybersecurity programs. Threat intelligence programs provide qualitative on-the-ground assessments and actionable automated solutions that support existing security defences.

Access to Kaspersky Threat Intelligence through Microsoft Sentinel empowers enterprises with the latest insights to counter cyberattacks. Actionable context in feeds includes threat name, timestamp, geolocation, resolved IP address of the infected web resource, hash, popularity, or other search terms.

With this data, security teams or SOC (Security Operations Center) analysts can speed up early warning triage by making informed decisions for investigation or escalation to the incident response team.

Kaspersky Threat Data Feeds are automatically generated in real time and combine high-quality data from trusted sources around the world, coupled with the insights of world-renowned Kaspersky experts from the Global Research & Analysis (GReAT) and R&D teams.

Microsoft Sentinel uses the TAXII protocol and gets data feeds in STIX format allowing configuration of Kaspersky Threat Data Feeds as Intelligence sources

TAXII threat in the interface. Once imported, the cybersecurity team can use ready-made analytical rules to match threat indicators from feeds with logs.

Vassunov said that expanding integration with third-party security controls will make it easier for customers to operationalize their threat intelligence, which is one of Kaspersky's top priorities.

“Kaspersky's threat intelligence is designed to suit the needs of any organization as we collect data from a large number of different and diverse sources to cover organizations in specific industries, geolocations and with specific threat landscapes," he added.

On the other hand, Rijuta Kapoor, Senior Program Manager at Microsoft said that in order to stay protected, organizations need a fast way to detect these threats.

"With the integration of Kaspersky and Microsoft Sentinel, customers now have an easy way to import Kaspersky-generated high-fidelity threat intelligence into Microsoft Sentinel using industry standard STIX/TAXII for detection, hunting, investigation and automation," said Kapoor.