A recently added database of Indicators of Attack (IoAs), maintained and fed by Kaspersky’s expert threat hunters, helps to deliver additional context during investigation of cybercriminal activities.
In addition, IoAs are now mapped to the MITRE ATT&CK knowledge base for further analysis of adversaries’ tactics, techniques, and procedures. These key improvements help enterprises investigate complex incidents faster.
Cyber-incidents relating to complex threats can have a significant impact on business. The cost of response and process recovery, the need to invest in new systems or processes, the effect on availability, and the damage to reputation all add up. Today, organisations need to consider the growing number of widespread malicious programmes, and the increase in complex advanced threats that are targeting them. In 2018, 41% of enterprises1 admitted that they suffered a targeted attack. Clearly, companies need protection from the more sophisticated threats that would otherwise evade detection. Kaspersky helps to solve this issue with the next generation of Kaspersky EDR and Kaspersky Anti Targeted Attack platform.
Using Indicators of Attack to boost the investigation process
Kaspersky EDR and Kaspersky Anti Targeted Attack include functionality to check for Indicators of Compromise (IoCs), such as hash, file name, path, IP address, and URL, which show that an attacker has struck. In addition to search for IoC, new capabilities with IoAs provide an opportunity to identify the intruders’ tactics and techniques, regardless of the malware or legitimate software used in the attack. To simplify the investigation process when examining telemetry from multiple endpoints, events are correlated with a customised set of IoAs from Kaspersky. Matched IoAs show up in the user interface with detailed descriptions and recommendations on the best way to respond to the attack.
Customers can produce their own set of IoAs based on their internal experience, knowledge of the most significant threats, and their specific IT environment. All new events are automatically mapped in real time with the internal database of custom IoAs, enabling the immediate creation of informed response actions and long-term detection scenarios, according the specifics of the protected infrastructure.
Mapping to the MITRE ATT&CK knowledge base
Together, Kaspersky EDR, Kaspersky Anti Targeted Attack and MITRE ATT&CK – a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations – enable companies to validate and investigate incoming incidents more efficiently. Discovered threats are automatically mapped to the knowledge base, immediately contextualising the new events with external intelligence and attack technique data. Having a deeper understanding into an attack reduces future risks and helps security teams cut the time taken to analyse and respond to threats.
The enhanced functionality is also available for organisations that offer cybersecurity monitoring and management. The new multi-tenancy architecture allows Managed Security Services Providers (MSSPs) to protect the infrastructure of multiple clients at the same time.
Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky, said: “Professional cybercriminals can reside without detection on trusted objects, exploit zero-day vulnerabilities, use legitimate software, compromised accounts, unique software, or social engineering techniques or exploit insiders. That’s why it is essential not to rely exclusively on the evidence left by malefactors, but to search for potential traces of their activity. To help organisations solve this issue, we translated Kaspersky’s expertise into a set of IoAs and mapped them with MITRE ATT&CK. With more information and understanding of a malefactor’s intentions, companies will be able to react to complex threats faster.”
 ITSRS 2018 ITSRS8N21. Has your organization experienced any of the following incidents in the last 12 months? – Targeted attacks
Netflix expands to France, over 20 titles for 2020
In a move to expand its European presence, but with major implications for Francophone Africa, Netflix has entered France and now employs 40 staff at its France office.
Netflix has opened its new Paris office, in the heart of the 9th arrondissement. This new office is set to boost Netflix’s presence among France’s creative community, and it promises over 20 French productions in 2020.
Netflix France now employs 40 people, across films and series, partnerships and marketing.
“It is a real honour to be in France, with its rich culture and history of storytelling,” said Reed Hastings, founding chairman and CEO of Netflix. “This office is a sign of our long-term commitment to the country, and will enable us to work even more closely with the French creative community on great shows and films that are made in France and watched all around the world.”
Netflix has, since launching in France in 2014, developed 24 French titles, including 6 films, 9 series, 5 stand-up shows, 3 documentaries and 1 unscripted series. This is not only to serve France, but also the Francophone countries of the world, which include Belgium, the Democratic Republic of Congo, and Canada.
2019 was a year of great success for original stories in France, with the horror and young adult sci-fi series Marianne and Mortel, comedies Plan Coeur and Family Business, the film Banlieusards, and Grégory, the documentary series about a case that touched France.
The French content executives have unveiled several original shows to be produced by Netflix over the coming years, as well as a range of series and films made by production partners for Netflix.
“We are incredibly proud of the productions we’re currently filming, the ones we are developing and the ones we’ve unveiled today,” says Damien Couvreur, Netflix’s director of series in France. “The establishment of a new French creative hub brings new opportunities for us to work with the best and most exciting creative talent in France and to bring diverse genres and content to everyone who loves French storytelling.”
Leak reveals Huawei P40 Pro
A high-resolution render of the Huawei P40 Pro, released by Evan ‘Evleaks’ Blass, shows that it will probably include five rear lenses, two front lenses, and a ceramic build. BRYAN TURNER investigates
The highly-anticipated Huawei P40 Pro is set to be unveiled in Paris in late-March. Many rumours surround its hardware build as well as its software capabilities since Huawei lost the rights to preload Google Apps on the phone.
From the leak, it seems the P40 Pro will feature a near-bezelless screen, like the Mate 30 Pro, which debuted late last year. The screen drops the notch, in favour of a dual-camera cut-out, similar to the Samsung Note 10+. The leak also shows there are small buttons on the side of the device for volume control and locking the device. This is an interesting step back from the buttonless Mate 30 Pro.
The most impressive aspect is the seven cameras which this device will house, five on the back and two on the front. The rear camera system seems to showcase a slight bump, and features a new type of periscope-style telephoto camera. This is expected to provide an 18-240mm equivalence between ultrawide and telephoto. The device is also expected to provide a whopping 13x optical zoom, thanks to the periscope camera.
The build is expected to be glass on the front and back, both of which are curved for ergonomics. From the render, it showcases classy design using ceramics. On the bottom, there’s a USB Type-C port with a speaker grill. And there’s no surprises about the absence of a headphone jack, which hasn’t featured for a while now.
The only real question-mark hanging over this device is: what about Google apps? Huawei is currently touring Europe, showing off the power its smartphones still have without having Google apps installed. Hopefully, they will fill that education gap before the release date of the P40 Pro, less than two months away.