Kaspersky Lab presents Kaspersky Threat Hunting, a new suite of servicesdesigned to enhance the efficiency of protecting against targeted attacks. The suite includes two unique expert services – Kaspersky Managed Protection and Targeted Attack Discovery. These are designed toequip IT security teams with world-class expertise for detecting and analyzing advanced threats, in particular,the file less threats and non-malware attacks frequentlyemployed by cybercriminals.
According to the Kaspersky Lab Global IT Security Risks Survey 2017, failing to detect an incident within a week can more than doublea company’s financial losses from $451,000 to $1.2 million. Ensuring the quickdetection of a threat requires considerable resources and excellent professional skills, something only experienced SOC teams possess. The toolkits used by cybercriminals are alsobecoming more sophisticated and now include non-malware attacksperformed with the help of legitimate operating system tools, fileless threats andspecialist tools to hamper investigations,as well as advanced distributed attackswheredetection requires a complex analysis of events at the corporate network level.
To help companies detect and analyze advanced threats that have already penetrated the corporate infrastructure, Kaspersky Lab has introduced Kaspersky Threat Hunting, the expert service suite that provides large companies with 24/7 access to the expertise of the Kaspersky Lab threat hunters team.For companies not yet ready to hire computer forensicsspecialists,the suite provides an opportunity to outsource the proactive search and analysis of suspicious activity, while those who already have established SOC teams obtain additional resources and expertise for detecting complex attacks. To date, Kaspersky Lab’s experts have trackedmore than 100 APTs (advanced persistent threats) and operations. In 2016 alone, Kaspersky Lab specialists prepared more than 200 reportson complex threats. These reports are available to corporate clientsvia a subscription.
Kaspersky Managed Protection is an expert service for the proactive detection of complex threats in a company’s infrastructure. The service is a subscription offering based on the installed Kaspersky Endpoint Security for Business and Kaspersky Anti Targeted Attack Platform solutions. After an initial analysis of metadata collected within the corporate network, Kaspersky Lab experts thoroughly analyze any anomalies: examine the event logsin the operating system and study any suspicious behavior detected by security tools. The multilevel analysis of metadata helps the team of analysts investigate incidents even if cybercriminals have removed their traces using specialist tools to hamper computer forensics.
A salient fact for businesses faced with stringent data processing regulations will be that our expert teams, the Kaspersky Managed Protection infrastructure and Kaspersky Lab data centers are located both in Russia and Europe, and are therefore ready to provide service support in any country.
Targeted Attack Discovery is a one-time analytical service aimed at detecting traces of targeted attacks in a customer’s infrastructure in real time or after the attack has taken place. Kaspersky Lab experts study the correlation between data collected in the corporate network anddata on targeted threats in open and private databases. Gathering and analyzing the obtained information makes it possible to detect suspicious activity, discover potential sources of incidents and compromised devices. The service also suggests a plan of action to recover froman incident and offers recommendations for the enterprise’sinformation security. Targeted Attack Discovery can be deployed by any company,regardless of the software infrastructure platform used.
“We shouldn’t forget that IT security is, first and foremost, a process of detecting, investigating and responding to cybercriminal activity. Kaspersky Threat Hunting allows IT security teams to maximize the efficiency of this process, providing their companies with Kaspersky Lab’sworld-class expertise on the latest attacks. This approach makes it possible not only to discover malicious activity that hasn’t been detected by security solutions, but also to increase the effectiveness of incident response before criminals can benefit from their activities,” Sergey Soldatov, head of the Security Operations Center at Kaspersky Lab, commented on the launch of the new services.
Kaspersky Threat Hunting services extend the enterprise security portfolio of Kaspersky Lab, which was named among the best offerings in theindustry according to a recent Forrester survey of IT security vendors.