Kaspersky Threat Intelligence Portal introduces API integration for community members

Woburn, MA – November 2, 2020 – Free access to the Kaspersky Threat Intelligence Portal, that gathers together all of the company’s actionable insights on threats, now offers new privileged features for registered users through community access. In particular, they will be able to connect their applications with the service via API and receive a limited number of full reports on either a file’s or URL’s behavior using Kaspersky Cloud Sandbox. To increase privacy, a special submission mode that enables file checking in a way that the results are not available to others has also been introduced.

Kaspersky’s recent research of the state of IT security within organizations revealed that Threat Intelligence (TI) is considered among the main investments being made in response to a data breach. This is the case for 41% of enterprises and 39% of SMBs. However, high costs of commercial TI offerings may be a barrier for adoption. To help overcome this obstacle and make threat research available to a wider number of organizations, Kaspersky continues to develop new functions to enable free access to the Kaspersky Threat Intelligence Portal.

Premium features for community members

After registering, users receive a special API that allows them to interconnect the service with custom projects and solutions. As a result, they can easily submit and receive information about files, hashes, IP addresses and URLs from the Kaspersky Threat Intelligence Portal via their own applications without visiting the web service. This facilitates automated requests for the checking of suspicious objects.

All registered users will be able to execute a limited number of suspicious files and URLs in Kaspersky Cloud Sandbox, which incorporates advanced anti-evasion techniques. This means that they will not only receive the final decision and basic information on risky objects, but an in-depth report on the full file’s activities and events happening on a certain web page such as downloads, JavaScript, Adobe Flash execution, etc.

The community access is available free of charge for any interested person.

More privacy and detailed information on threats

With this update, the Kaspersky Threat Intelligence Portal introduces a private submission mode. It ensures that the analysis results of shared samples will be not available to anyone, except Kaspersky. Thus, the service’s functionality becomes available for organizations with strict privacy policies. For community members, the full history of their searches (both private and public) is available, while others will have access only to the list of public requests.

For more detailed information on submitted files, free access to the Kaspersky Threat Intelligence Portal now can perform static analysis. It provides data on the Portable Executable (PE) files structure and extracted strings. The PE format relates to files running on Windows and contains information on how the OS should execute their code. Based on the results of the analysis, security researchers can identify the object’s functionality and, as long as it has non-typical artifacts, reveal its harmful potential, even if the malware was previously unknown. The results can also be used to create indicators of compromise, detection heuristics and rules.

In addition to malware sandboxing, heuristic analysis, emulation and reputational services, free access to the Kaspersky Threat Intelligence Portal now leverages behavior detection technologies. It increases detection rates and helps to identify advanced threats and APTs.

“The time taken to respond to an incident is one of the main KPIs for IT security teams, and now as they experience high pressure due to a growing number of threats, the speed of response has become even more important,” said Artem Karasev, senior product marketing manager for Cybersecurity Services, at Kaspersky. “To help the cybersecurity community in this difficult time, we have expanded our capabilities to integrate TI to their processes for free, so that they can automate routine tasks. We also provided access to more extensive information that can help when handling an incident.”

Users can upgrade to a commercial license of the Kaspersky Threat Intelligence Portal by requesting access to it from a free service. This version helps to conduct complex incident investigations by revealing specific APT actors, campaigns, their motivation and tactics, techniques and procedures.

The Kaspersky Threat Intelligence Portal is a single point of access for the company’s threat intelligence. Free access to the service’s curated features is available on https://opentip.kaspersky.com/.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.