NicoElNino – stock.adobe.com
Microsoft and Kaspersky have agreed a collaboration to integrate Kasperskys threat data feeds into Microsofts cloud-native SIEM/SOAR service
- Alex Scroxton,Security Editor
Published: 22 Aug 2022 11: 08
The partners said the arrangement gives Sentinel users actionable context for incident or attack investigation, extending threat detection capabilities and increasing the potency of alert triage, threat hunting or incident response.
On the list of newly available data points will undoubtedly be threat names, timestamps, geolocation, resolved IP addresses of infected web resources, hashes, popularity along with other keyphrases.
With this particular data at hand, security teams or security operations centre (SOC) analysts could make better-informed decisions for investigation or escalation, accelerating enough time taken for an impactful cyber incident to go from aware of incident response.
We have been thrilled to partner with Microsoft and help Microsoft Sentinel users to obtain usage of the trusted and valuable threat intelligence from Kaspersky, said Ivan Vassunov, corporate products vice-president atKaspersky. Expanding integration with third-party security controls helps it be even easier for customers to operationalise our threat intelligence [TI], that is among our key priorities.
TI from Kaspersky was created to be tailored to the requirements of any organisation since we collect data from the large number of different and diverse sources to cover organisations in specific industries, geolocations sufficient reason for specific threat landscapes.
A lot more than 2 decades of threat research helps us accomplish that, while empowering global security teams with the info they might need at each step of the incident management cycle.
Rijuta Kapoor, senior programme manager atMicrosoft, added: Threat attacks are on a continuing rise like nothing you’ve seen prior also to remain protected, organisations need quick methods to detect these threats.
With the Kaspersky and Microsoft Sentinel integration, customers will will have a good way to import high-fidelity threat intelligence made by Kaspersky into Microsoft Sentinel utilizing the industry standard of Structured Threat Information Expression [Stix] and Trusted Authomated eXchange of Intelligence Information [Taxii] for detections, hunting, investigation and automation.
The usage of the Stix and Taxii open standards within Sentinel allows the configuration of Kasperskys data feed as a Taxii threat intel source in the interface, this means security teams may use out-of-the-box analytic rules to complement threat indicators with logs.
The info feeds themselves are automatically generated instantly, and aggregate data from multiple sources, including Kasperskys security network which compromises an incredible number of voluntary participants; its botnet monitoring service, spam traps, and expertise from Kasperskys Global Research and Analysis (GReAT) team; and its own research and development ops.