{"id":16676,"date":"2019-10-24T03:30:03","date_gmt":"2019-10-24T11:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/10\/24\/news-10415\/"},"modified":"2019-10-24T03:30:03","modified_gmt":"2019-10-24T11:30:03","slug":"news-10415","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/10\/24\/news-10415\/","title":{"rendered":"Threat Intelligence Portal: We need to go deeper"},"content":{"rendered":"

Credit to Author: Eugene Kaspersky| Date: Thu, 24 Oct 2019 11:04:36 +0000<\/strong><\/p>\n

I understand perfectly well that for 95% of you this post will be of no use at all. But for the remaining 5%, it has the potential to greatly simplify your working week (and many working weekends). In other words, we’ve some great news for cybersecurity pros\u00a0\u2013 SOC teams, independent researchers, and inquisitive techies: the tools that our woodpeckers<\/a> and GReAT guys use on a daily basis to keep churning out the best cyberthreat research in the world<\/a> are now available to all of you, and free<\/strong> at that, with the lite version of our Threat Intelligence Portal<\/a>. It’s sometimes called TIP for short, and after I’ve said a few words about it here, immediate bookmarking will be mandatory!<\/p>\n

\"\"<\/a> <\/p>\n

The Threat Intelligence Portal solves two main problems for today’s overstretched cybersecurity expert. First: ‘Which of these several hundred suspicious files should I choose first?’; second: ‘Ok, my antivirus says the file’s clean\u00a0\u2013 what’s next?’<\/p>\n

\"A<\/a> <\/p>\n

Unlike the ‘classics’ \u2013 Endpoint Security<\/a>\u2013class products, which return a concise Clean\/Dangerous verdict, the analytic tools built into the Threat Intelligence Portal<\/a> give detailed information about how <\/em>suspicious a file is and in what specific aspects<\/em>. And not only files. Hashes, IP addresses, and URLs can be thrown in too for good measure. All these items are quickly analyzed by our cloud<\/a> and the results on each handed back on a silver platter: what’s bad about them (if anything), how rare an infection is, what known threats they even remotely<\/em> resemble, what tools were used to create it, and so on. On top of that, executable files are run in our patented<\/a> cloud sandbox, with the results made available in a couple of minutes.<\/p>\n

\"\"<\/a> \"\"<\/a> <\/p>\n

At this point I can hear the 5% screaming: ‘It’s just VirusTotal!’<\/p>\n

Yes\u00a0\u2013 and no.<\/p>\n

On the one hand, the aim is the same\u00a0\u2013 to give specialists additional tools for analyzing a concrete incident and making an informed decision. On the other, our approach is completely different.<\/p>\n

VirusTotal was conceived as a simple multiscanner\u00a0\u2013 it aggregates various antivirus engines and feeds them with user-uploaded files.\u00a0For that reason, the accusation ‘you don’t detect file X’ often gets hurled at all vendors, including us; but it’s more accurate to say that we don’t detect X with a traditional file scanner<\/em>. As it later transpires, we successfully detect it using other tools. But on VirusTotal you simply won’t see that. Sure, additional tools have appeared on VirusTotal, but the general focus remains on broad coverage of engines employing a very conservative technology that was created 30-plus years ago.<\/p>\n

As experts in deep<\/em> analysis of complex threats, we strive to make this very depth<\/em> available to the entire specialist community. The only engine that analyzes artifacts in the Threat Intelligence Portal belongs to the company that bears my name. And it happens to be the best in the world<\/a>. It combines dozens of advanced analysis technologies (see here<\/a>, here<\/a>, here<\/a>, and so on<\/a>) and then lets you take a look at the detailed results. Of course, in comparison with the part of our engine that resides on VirusTotal, TIP gives a very different detection level.<\/p>\n

In addition to that, it may be worthwhile to scan files with VirusTotal as well \u2013 a second, third, and fourth opinion is never a bad thing. But it’s vital to know how to properly weigh these opinions. Incidentally, if we ever decide to expand the Threat Intelligence Portal with information from a partnership with other vendors, our due diligence will be extra strict.<\/p>\n

Another difference between the Threat Intelligence Portal and VirusTotal is… how to describe it… \u2013 the limited distribution of information<\/em>. Files uploaded to VirusTotal are available to a wide range of subscribers, whereas with our Threat Intelligence Portal there are no subscribers with access to other people’s files.<\/p>\n

On the topic of subscriptions:<\/p>\n

There is a paid version<\/a> of the Threat Intelligence Portal, which is much richer \u2013 in part because of the detailed reports on detected cyberthreats written up by our top analysts it gives access to. And if it turns out that an uploaded file resembles, say, a known piece of financial malware, the freshest and most detailed info about how its cyber-villain developers attack victims, what tools they use, and so forth, is available right there in the full version of the service.<\/p>\n

https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Eugene Kaspersky| Date: Thu, 24 Oct 2019 11:04:36 +0000<\/strong><\/p>\n

We\u2019ve made a free version of our Threat Intelligence Portal for detailed analysis of potential threats.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[1001,12177,10427,18052,12321,12040],"class_list":["post-16676","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-business","tag-enterprise","tag-products","tag-sandbox","tag-smb","tag-threat-intelligence"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16676"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16676\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16676"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}