The number of security alerts processed by information security analysts every day is growing exponentially. By integrating up-to-the-minute machine-readable threat intelligence into existing security controls, like SIEM systems, security teams can automate the initial alert triage and investigation processes. Kaspersky CyberTrace helps them leverage that intelligence in their existing security operations workflows more effectively.
CyberTrace aggregates, deduplicates, normalizes and stores incoming data and detection events. It lets you analyze observables from previously checked events using the latest feeds to find previously uncovered threats (retroscan). Security analysts are able to export and share threat data as well as measure the effectiveness and relevancy of the integrated feeds - and much more.
CyberTrace uses an internalized process of parsing and matching incoming data. It parses incoming logs and events, rapidly matches the resulting data to feeds, and generates its own contextualized alerts on threat detection. It helps security analysts to make fully informed decisions by providing them with complete situational awareness.
CyberTrace enables seamless integration of threat data feeds. It integrates with any threat intelligence feed in JSON, STIX, XML and CSV formats (threat intelligence feeds from Kaspersky, other vendors, OSINT or your custom feeds). It also supports out-of-the-box integration with numerous SIEM solutions and log sources.
Multitenancy supports MSSPs or large enterprise use cases when a service provider (central office) needs to handle events from different branches (tenants) separately. This allows a single Kaspersky CyberTrace instance to be connected with different SIEM solutions from different tenants, and you can configure which feeds are to be used for each tenant.
This solution is particularly well suited to addressing the security requirements, concerns and constraints of these enterprise sectors.
Learn more, with thought leadership from our globally renowned cybersecurity experts
Let’s start the conversation! To talk to one of our experts about how True Cybersecurity could inform your corporate security strategy, please get in touch.