{"id":14201,"date":"2019-10-24T15:23:29","date_gmt":"2019-10-24T11:23:29","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/open-tip\/14201\/"},"modified":"2019-11-15T15:21:51","modified_gmt":"2019-11-15T11:21:51","slug":"open-tip","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/open-tip\/14201\/","title":{"rendered":"Threat Intelligence Portal: We need to go deeper"},"content":{"rendered":"<p>I understand perfectly well that for 95% of you this post will be of no use at all. But for the remaining 5%, it has the potential to greatly simplify your working week (and many working weekends). In other words, we\u2019ve some great news for cybersecurity pros\u00a0\u2013 SOC teams, independent researchers, and inquisitive techies: the tools that our <a href=\"https:\/\/eugene.kaspersky.com\/2011\/10\/28\/number-of-the-month-70k-per-day\/\" target=\"_blank\" rel=\"noopener noreferrer\">woodpeckers<\/a> and GReAT guys use on a daily basis to keep churning out the <a href=\"https:\/\/securelist.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">best cyberthreat research in the world<\/a> are now available to all of you, and <strong>free<\/strong> at that, with the lite version of our <a href=\"https:\/\/opentip.kaspersky.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Threat Intelligence Portal<\/a>. It\u2019s sometimes called TIP for short, and after I\u2019ve said a few words about it here, immediate bookmarking will be mandatory!<\/p>\n<p>The Threat Intelligence Portal solves two main problems for today\u2019s overstretched cybersecurity expert. First: \u2018Which of these several hundred suspicious files should I choose first?\u2019; second: \u2018Ok, my antivirus says the file\u2019s clean\u00a0\u2013 what\u2019s next?\u2019<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152424\/open-tip-screen1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14204\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152424\/open-tip-screen1.png\" alt=\"A free version of the Kaspersky Threat Intelligence Portal\" width=\"939\" height=\"499\"><\/a><\/p>\n<p>Unlike the \u2018classics\u2019 \u2013 <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Endpoint Security<\/a>\u2013class products, which return a concise Clean\/Dangerous verdict, the analytic tools built into the <a href=\"https:\/\/opentip.kaspersky.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Threat Intelligence Portal<\/a> give detailed information about <em>how <\/em>suspicious a file is and in <em>what specific aspects<\/em>. And not only files. Hashes, IP addresses, and URLs can be thrown in too for good measure. All these items are quickly analyzed by <a href=\"https:\/\/eugene.kaspersky.com\/2016\/12\/07\/a-billion-in-the-cloud\/\" target=\"_blank\" rel=\"noopener noreferrer\">our cloud<\/a> and the results on each handed back on a silver platter: what\u2019s bad about them (if anything), how rare an infection is, what known threats they <em>even remotely<\/em> resemble, what tools were used to create it, and so on. On top of that, executable files are run in our <a href=\"https:\/\/eugene.kaspersky.com\/2019\/08\/26\/a-honeytrap-for-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\">patented<\/a> cloud sandbox, with the results made available in a couple of minutes.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152458\/open-tip-screen2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14206\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152458\/open-tip-screen2.png\" alt=\"\" width=\"974\" height=\"650\"><\/a> <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152556\/open-tip-screen3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-14208\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/10\/24152556\/open-tip-screen3.png\" alt=\"\" width=\"924\" height=\"737\"><\/a><\/p>\n<p>At this point I can hear the 5% screaming: \u2018It\u2019s just VirusTotal!\u2019<\/p>\n<p>Yes\u00a0\u2013 and no.<\/p>\n<p>On the one hand, the aim is the same\u00a0\u2013 to give specialists additional tools for analyzing a concrete incident and making an informed decision. On the other, our approach is completely different.<\/p>\n<p>VirusTotal was conceived as a simple multiscanner\u00a0\u2013 it aggregates various antivirus engines and feeds them with user-uploaded files.\u00a0For that reason, the accusation \u2018you don\u2019t detect file X\u2019 often gets hurled at all vendors, including us; but it\u2019s more accurate to say that we don\u2019t detect X <em>with a traditional file scanner<\/em>. As it later transpires, we successfully detect it using other tools. But on VirusTotal you simply won\u2019t see that. Sure, additional tools have appeared on VirusTotal, but the general focus remains on broad coverage of engines employing a very conservative technology that was created 30-plus years ago.<\/p>\n<p>As experts in <em>deep<\/em> analysis of complex threats, we strive to make this very <em>depth<\/em> available to the entire specialist community. The only engine that analyzes artifacts in the Threat Intelligence Portal belongs to the company that bears my name. And it happens to be the <a href=\"https:\/\/kaspersky.com\/top3\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">best in the world<\/a>. It combines dozens of advanced analysis technologies (<a href=\"https:\/\/eugene.kaspersky.com\/2019\/08\/26\/a-honeytrap-for-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\">see here<\/a>, <a href=\"https:\/\/eugene.kaspersky.com\/2011\/09\/15\/features-youd-normally-never-hear-about\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>, <a href=\"https:\/\/eugene.kaspersky.com\/2012\/11\/15\/finding-the-needle-in-the-haystack-introducing-astraea\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>, <a href=\"https:\/\/eugene.kaspersky.com\/2019\/10\/16\/guess-which-company-made-the-top-100-global-innovators\/\" target=\"_blank\" rel=\"noopener noreferrer\">and so on<\/a>) and then lets you take a look at the detailed results. Of course, in comparison with the part of our engine that resides on VirusTotal, TIP gives a very different detection level.<\/p>\n<p>In addition to that, it may be worthwhile to scan files with VirusTotal as well \u2013 a second, third, and fourth opinion is never a bad thing. But it\u2019s vital to know how to properly weigh these opinions. Incidentally, if we ever decide to expand the Threat Intelligence Portal with information from a partnership with other vendors, our due diligence will be extra strict.<\/p>\n<p>Another difference between the Threat Intelligence Portal and VirusTotal is\u2026 how to describe it\u2026 \u2013 the <em>limited distribution of information<\/em>. Files uploaded to VirusTotal are available to a wide range of subscribers, whereas with our Threat Intelligence Portal there are no subscribers with access to other people\u2019s files.<\/p>\n<p>On the topic of subscriptions:<\/p>\n<p>There is a <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/threat-intelligence\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">paid version<\/a> of the Threat Intelligence Portal, which is much richer \u2013 in part because of the detailed reports on detected cyberthreats written up by our top analysts it gives access to. And if it turns out that an uploaded file resembles, say, a known piece of financial malware, the freshest and most detailed info about how its cyber-villain developers attack victims, what tools they use, and so forth, is available right there in the full version of the service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve made a free version of our Threat Intelligence Portal for detailed analysis of potential threats.<\/p>\n","protected":false},"author":13,"featured_media":14202,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[499,1735,1552],"class_list":{"0":"post-14201","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-products-2","11":"tag-sandbox","12":"tag-threat-intelligence"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/open-tip\/14201\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/open-tip\/16812\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/open-tip\/18800\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/open-tip\/16845\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/open-tip\/15594\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/open-tip\/19509\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/open-tip\/18160\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/open-tip\/23890\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/open-tip\/6571\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/open-tip\/29036\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/open-tip\/12460\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/open-tip\/12495\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/open-tip\/11359\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/open-tip\/21611\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/open-tip\/26031\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/open-tip\/24740\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/open-tip\/19266\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/open-tip\/23581\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/open-tip\/23428\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/threat-intelligence\/","name":"threat intelligence"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14201"}],"version-history":[{"count":5,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14201\/revisions"}],"predecessor-version":[{"id":14325,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14201\/revisions\/14325"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/14202"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}