A recently added database of Indicators of Attack (IoAs), maintained and fed by Kaspersky’s expert threat hunters, helps to deliver additional context during investigation of cybercriminal activities.
In addition, IoAs are now mapped to the MITRE ATT&CK knowledge base for further analysis of adversaries’ tactics, techniques, and procedures. These key improvements help enterprises investigate complex incidents faster.
Cyber-incidents relating to complex threats can have a significant impact on business. The cost of response and process recovery, the need to invest in new systems or processes, the effect on availability, and the damage to reputation all add up. Today, organisations need to consider the growing number of widespread malicious programmes, and the increase in complex advanced threats that are targeting them. In 2018, 41% of enterprises1 admitted that they suffered a targeted attack. Clearly, companies need protection from the more sophisticated threats that would otherwise evade detection. Kaspersky helps to solve this issue with the next generation of Kaspersky EDR and Kaspersky Anti Targeted Attack platform.
Using Indicators of Attack to boost the investigation process
Kaspersky EDR and Kaspersky Anti Targeted Attack include functionality to check for Indicators of Compromise (IoCs), such as hash, file name, path, IP address, and URL, which show that an attacker has struck. In addition to search for IoC, new capabilities with IoAs provide an opportunity to identify the intruders’ tactics and techniques, regardless of the malware or legitimate software used in the attack. To simplify the investigation process when examining telemetry from multiple endpoints, events are correlated with a customised set of IoAs from Kaspersky. Matched IoAs show up in the user interface with detailed descriptions and recommendations on the best way to respond to the attack.
Customers can produce their own set of IoAs based on their internal experience, knowledge of the most significant threats, and their specific IT environment. All new events are automatically mapped in real time with the internal database of custom IoAs, enabling the immediate creation of informed response actions and long-term detection scenarios, according the specifics of the protected infrastructure.
Mapping to the MITRE ATT&CK knowledge base
Together, Kaspersky EDR, Kaspersky Anti Targeted Attack and MITRE ATT&CK – a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations – enable companies to validate and investigate incoming incidents more efficiently. Discovered threats are automatically mapped to the knowledge base, immediately contextualising the new events with external intelligence and attack technique data. Having a deeper understanding into an attack reduces future risks and helps security teams cut the time taken to analyse and respond to threats.
The enhanced functionality is also available for organisations that offer cybersecurity monitoring and management. The new multi-tenancy architecture allows Managed Security Services Providers (MSSPs) to protect the infrastructure of multiple clients at the same time.
Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky, said: “Professional cybercriminals can reside without detection on trusted objects, exploit zero-day vulnerabilities, use legitimate software, compromised accounts, unique software, or social engineering techniques or exploit insiders. That’s why it is essential not to rely exclusively on the evidence left by malefactors, but to search for potential traces of their activity. To help organisations solve this issue, we translated Kaspersky’s expertise into a set of IoAs and mapped them with MITRE ATT&CK. With more information and understanding of a malefactor’s intentions, companies will be able to react to complex threats faster.”
 ITSRS 2018 ITSRS8N21. Has your organization experienced any of the following incidents in the last 12 months? – Targeted attacks
IFA 2019: Dell puts 10th gen Intel Core in laptops
Ahead of IFA, Dell has announced its consumer portfolio with new form factors and the addition of 10th Gen Intel Core processors to its current XPS and Inspiron portfolio. It is likely that the devices will go on display at IFA 2019 in Berlin at the beginning of September.
Click below to read more about the updated portfolio.
Dell says its latest consumer portfolio refresh can deliver performance gains needed for compute-intensive, demanding, multi-thread workloads, while still handling 4K content efficiently. In doing so, Dell says it gives heavyweight performance in a thin, light and portable design.
The refreshed XPS 13 will be available in the USA on 27 August, along with some of the models housing Intel 10th Gen Core U series processors, while i7 hexacore models will be available in October.
With the new Killer AX1650 (2×2) built on Intel WiFi 6 Chipset, wireless connectivity is three times as fast as the previous generation. Along with Dell CinemaColor, Dolby Vision and an optional 4K Ultra HD InfinityEdge display, the XPS 13 will remain eye candy for those glued to their screen.
The XPS will be available with either Windows 10 or Ubuntu 18.04 LTS, the latter serving as the foundation of the XPS 13 developer edition, now in its 9th generation. Ubuntu versions also mean lower cost due to not having to pay for Windows bundled with the computer.
Inspiron 14 7000
With the latest 10th Gen Intel Core processors, Dell says it is putting premium materials and performance to its Inspiron line with the introduction of the new Inspiron 14 7000 ultralight laptops. Weighing under 1.1 kg, this impressively portable design was achieved through introducing a lightweight yet durable magnesium alloy chassis.
It features a new lid-open sensor, Connected Modern Standby and fingerprint reader built into the power button. The system signs on securely and starts in a flash. The stylish laptop features all-around narrow borders with 100% sRGB colour coverage, great for mobile multitasking.
For more specs, details, pricing and availability, follow Gadget on Twitter.
Acer’s latest Chromebook means serious business
The latest Acer Chromebooks for business have arrived in South Africa. BRYAN TURNER reviewed the Acer Chromebook 715.
Click below to read the review.
The Chromebook market has been perceived as very consumer-focused, until the recent introduction of management tools for Chrome OS.
To complement these corporate management tools, Acer has released the Chromebook 715, aimed at the business person that works in the cloud, in South Africa.
The unit we reviewed contained an Intel Core i5-8250U, 16GB of RAM, and 128GB of eMMC storage. All of this was housed in a sturdy aluminium body.
On the left side, the computer features a USB Type-C port for charging and data transfer, a standard USB Type-A port, and a headphone jack, while on the right it has a Kensington Lock, another USB Type-C port just for connectivity and a microSD card slot.
When open, the narrow bezelled 15.6″-inch display has a Full HD resolution for crisp lettering in documents. The wide colour gamut also ensures that colours are accurately represented on screen.
The keyboard features a first for Chromebooks: a num-pad. This is especially useful for those working with spreadsheets on Google Sheets or Excel Online, or accountants working in web apps like Xero.
The overall design of this computer shows the professional look Acer was going for with a business-facing Chromebook. It has a grey aluminium body, which looks heavy, but comes to a mere 1.8kg. It’s much lighter than it looks for an almost 16″ laptop.
The performance is great and switching between web apps is fast. This is thanks to the embedded i5 processor, which doesn’t make as much of a noise as its Windows counterparts.
The computer isn’t for the “slashie”: those who run their personal and business lives on the same device. As a result, games don’t run on the computer because it doesn’t run applications. This asserts the device’s status as a purely business-focused device.
Apart from the hardware features, the computer is handled via the lightweight Chrome OS.
Chrome OS is Google’s answer for those who only work with web apps, and don’t want their computer’s performance hindered by unnecessary apps. With the increasing power offered from web apps, the computer application as we know is likely to disappear eventually.
With Google’s Apps for Work platform, the Chromebook lends itself to the same admin management tools that exist on other platforms.
The integrated 45 Wh battery may seem small but operates for around 9 hours, thanks to the lightweight software and good battery management.
Overall, for those who want a no-nonsense approach to computing, the Acer Chromebook 715 may be their best next device. However, its pricing at R7,999 may deter those who would expect to pay less.