Kaspersky claims that with the Threat Heatmap, security analysts can evaluate the scale and distribution of threats worldwide including ransomware, exploits, web threats, spam, network attacks and so on. For each type, they can also choose a time-period and check the top 10 countries for malicious objects and top 10 specific samples, as well as the most active threats and number of detections for each country on the map.
Updated Lookup tab
The updated Lookup tab now provides more data for IP addresses, domains and URL analysis. Users who automate their workflows through RESTful API can now check 10 times more objects, with the quota extended from 200 to 2000 requests per day.
The lookup capabilities have been extended to support additional categories for IP addresses, domains, and URLs analysis to give experts more details on suspicious communications. For IP addresses, there are new categories – Spam and Compromised. IPs marked with the “Spam” status are the ones that have been used to send spam emails.
IP addresses, domains or URLs in the “Compromised” category are usually legitimate but are infected or compromised at the moment of the lookup request. These could be popular web pages with, for example, an injected malware script. Having this insight, security analysts can check which person within their organization visited the compromised web site and use the data for incident investigation.
The increase in Threat Lookup quota for RESTful API allows cybersecurity analysts to automate the analysis of a solid flow of web addresses, domains, IP addresses, hashes. Integrating the threat data with their SIEM, SOAR, XDR or other security management system, they can accelerate their investigation and response processes, says Kaspersky.