Kaspersky Lab has just introduced Kaspersky Threat Hunting, a new suite of services designed to enhance the efficiency of protecting against targeted attacks. The suite includes two unique expert services – Kaspersky Managed Protection and Targeted Attack Discovery. These are designed to equip IT security teams with world-class expertise for detecting and analyzing advanced threats, in particular, the fileless threats and non-malware attacks frequently employed by cybercriminals.
According to the Kaspersky Lab Global IT Security Risks Survey 2017, failing to detect an incident within a week can more than double a company’s financial losses from $451,000 to $1.2 million. Ensuring the quick detection of a threat requires considerable resources and excellent professional skills, something only experienced SOC teams possess. The toolkits used by cybercriminals are also becoming more sophisticated and now include non-malware attacks performed with the help of legitimate operating system tools, fileless threats and specialist tools to hamper investigations, as well as advanced distributed attacks where detection requires a complex analysis of events at the corporate network level.
To help companies detect and analyze advanced threats that have already penetrated the corporate infrastructure, Kaspersky Lab has introduced Kaspersky Threat Hunting, the expert service suite that provides large companies with 24/7 access to the expertise of the Kaspersky Lab threat hunters team. For companies not yet ready to hire computer forensics specialists, the suite provides an opportunity to outsource the proactive search and analysis of suspicious activity, while those who already have established SOC teams obtain additional resources and expertise for detecting complex attacks. To date, Kaspersky Lab’s experts have tracked more than 100 APTs (advanced persistent threats) and operations. In 2016 alone, Kaspersky Lab specialists prepared more than 200 reports on complex threats. These reports are available to corporate clients via a subscription.
Kaspersky Managed Protection is an expert service for the proactive detection of complex threats in a company’s infrastructure. The service is a subscription offering based on the installed Kaspersky Endpoint Security for Business and Kaspersky Anti Targeted Attack Platform solutions. After an initial analysis of metadata collected within the corporate network, Kaspersky Lab experts thoroughly analyze any anomalies: examine the event logs in the operating system and study any suspicious behavior detected by security tools. The multilevel analysis of metadata helps the team of analysts investigate incidents even if cybercriminals have removed their traces using specialist tools to hamper computer forensics.
A salient fact for businesses faced with stringent data processing regulations will be that our expert teams, the Kaspersky Managed Protection infrastructure and Kaspersky Lab data centers are located both in Russia and Europe, and are therefore ready to provide service support in any country.
Targeted Attack Discovery is a one-time analytical service aimed at detecting traces of targeted attacks in a customer’s infrastructure in real time or after the attack has taken place. Kaspersky Lab experts study the correlation between data collected in the corporate network and data on targeted threats in open and private databases. Gathering and analyzing the obtained information makes it possible to detect suspicious activity, discover potential sources of incidents and compromised devices. The service also suggests a plan of action to recover from an incident and offers recommendations for the enterprise’s information security. Targeted Attack Discovery can be deployed by any company, regardless of the software infrastructure platform used.
“We shouldn’t forget that IT security is, first and foremost, a process of detecting, investigating and responding to cybercriminal activity. Kaspersky Threat Hunting allows IT security teams to maximize the efficiency of this process, providing their companies with Kaspersky Lab’s world-class expertise on the latest attacks. This approach makes it possible not only to discover malicious activity that hasn’t been detected by security solutions, but also to increase the effectiveness of incident response before criminals can benefit from their activities,” Sergey Soldatov, head of the Security Operations Center at Kaspersky Lab, commented on the launch of the new services.