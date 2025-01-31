Managing security operations workload can be a daunting task for cybersecurity teams. According to Enterprise Strategy Group’s XDR and SOC Modernisation Report, 22% of organisations want security personnel to focus on more strategic security initiatives rather than spend time on routine security operations task. To meet this demand, Kaspersky enhanced its Threat Lookup service and automated its OSINT search enabling cybersecurity teams to save their resources during research and investigation processes.

The Kaspersky Threat Lookup service consolidates all the information gathered by Kaspersky on cyberthreats and their connections, presented in a unified interface of the Kaspersky Threat Intelligence Portal. This service offers up-to-date and extensive intelligence on threats including URLs, domains, IP addresses, file hashes, threat names, statistical and behavioural data, WHOIS and DNS information, file attributes, geolocation data, download chains, timestamps, and more. This comprehensive data allows for global visibility of both existing and emerging threats, enabling security teams to enhance incident response and proactively prevent cyberattacks before they harm the organisation.

Previously limited to hash lookups with only source links, the OSINT Threat Lookup now supports a wider range of indicators and includes short summaries generated by an AI-powered system developed at Kaspersky AI Research Center. The improved search functionality now covers IP addresses, domains, URLs, and strings that follow standard host naming conventions, in addition to file hashes like MD5, SHA1, and SHA256.

Users can now access AI-driven insights for a growing number of indicators, providing information on threat actors, affected regions, industries, and associated software. This reduces the need to manually review numerous articles. Powered by Kaspersky advanced infrastructure, this update enhances the lookup experience by delivering streamlined, actionable intelligence for faster and more effective threat assessments.

“We aim to provide companies with extensive data to protect them from cyberattacks and mitigate potential negative consequences. Since the effectiveness of this effort is frequently contingent on the amount of time cybersecurity teams dedicate to research, it is important to automate routine tasks to enable them to focus on more intricate issues. Our AI-powered OSINT search capabilities will assist them with this endeavour and save time when seeking contextual information for their investigations,” comments Anatoly Simonenko, Senior Product Manager at Kaspersky.