New Kaspersky Threat Intelligence Tools Unlock ‘Bloodline’ Of Business

Kaspersky is now going to market in North America with three enterprise-grade threat intelligence offerings based off the comany’s unparalleled insights into threat actor activity and behavior.

Kaspersky has built a portfolio of subscription services around its threat intelligence data to help move upmarket and capture more large deals with enterprise customers.

The Moscow-based platform security vendor grew its nascent North American threat intelligence business by 131 percent in 2019, and capitalized on that success during a turnaround year, posting modest improvement in its North American business-to-business revenue after a few years of declining sales, according to Rob Cataldo, Kaspersky’s managing director of North America.

Kaspersky’s enterprise segment (which predominantly consists of customers with more than 1,000 nodes) led the way, Cataldo said, posting 25 percent year-over-year gains in 2019. Among the main growth drivers has been the threat intelligence offerings, which Cataldo said often leads to six-figure deals for the company and solution provider margins of between 20 percent and 40 percent.

[Related: New Kaspersky U.S. Channel Chief: We're Seeing Growth So Far In 2019]

“The personnel that are making these discoveries have a level of competency and practical knowledge and experience that is unmatched in the industry,” Cataldo told CRN. “There are arguably 300 of those type of analyst threat hunters in the world – 45 of them work for Kaspersky.”

The company’s Global Research & Analysis Team (GReAT) historically provided some of its telemetry data directly to interested customers at no cost, Cataldo said, but Kaspersky gradually came to realize that GReAT’s unique view of the threat landscape should be packaged, marketed, and monetized. GReAT’s research was traditionally more internal-facing to inform product development roadmaps.

“It is fantastic for our partners and our customers to know they can now leverage something that’s always been the bloodline of our business,” Cataldo said. “To be able to pour that into customers to help them better improve their ability to mitigate threats is a tremendous thing.”

But now, Cataldo said Kaspersky is going to market in North America with three distinct offerings based off GReAT’s unparalleled insights into threat actor activity and behavior. Kaspersky already has dozens of threat intelligence customers in the United States as well as a good number in Canada, and hopes to move slightly down market by leveraging MSSPs to analyze and crunch the data on their clients’ behalf.

“We are looking for those partners that have a level of competency to help us grow specifically in that market segment, targeting the types of organizations that have a level of maturity that can use it themselves or through MSSPs,” Cataldo said.

The threat intelligence products from Kaspersky have helped customers of Cyber Advisors better address vulnerabilities in their ecosystem by identifying potential malware or intrusions and digging into the country and origin for the exploit and whether and whether it’s known or unknown, according to Shane Vinup, CEO of the Maple Grove, Minn.-based Kaspersky partner.

By letting clients know what’s happening in the wild in different parts of the world, Vinup said Kaspersky can help customers lock down their network and prevent vulnerabilities. Cyber Advisors complements the feeds and threat intelligence provided by Kaspersky with its own computer forensics, security and vulnerability testing, and SIEM (security information and event management) technology, Vinup said.

“The more information and intelligence customers have, the better they can protect themselves,” Vinup said.

Kaspersky’s first threat intelligence offering is called Cyber Trace, and it ingests different forms of threat data feeds to see if there’s a match with the events from the customer’s SIEM platform, according to Cataldo. A positive match is indicative of a potential infection, Cataldo said, and is flagged for the SIEM team for further review and possible mitigation.

Customers should expect to pay between $25,000 and $50,000 for each threat data feed they wish to receive in Cyber Trace, according to Cataldo.

Meanwhile, Cataldo said Kaspersky Threat Lookup allows customers to get more information and a verdict on a potentially malicious hash based on matches made behind the scenes with Kaspersky’s telemetry data and threat data. Customers are charged a fixed amount for each search they conduct using Threat Lookup, according to Cataldo.

From there, Cataldo said Kaspersky APT Intelligence Reporting gives customers access to the between 110 and 130 reports produced by the company’s GReAT team each year on nefarious advanced persistent threats (APTs) often sponsored by nation-state actors. The report details all of the threat group’s tactics, techniques and procedures (TTPs), as well as indicators of compromise and YARA data.

Kaspersky uses the YARA rules to look for variants of existing APT campaigns based on the specific attributes of the initial campaign, according to Cataldo. Here, Cataldo said Kaspersky benefits from having access to vastly different telemetry data than its U.S.-based peers thanks to its dominant market share for anti-malware products in Russia, Eastern Europe, the Middle East and parts of Asia.

As a result of having access to massive amounts of data coming from some of the most highly targeted countries in the world, Cataldo said Kaspersky is often the first to see very sophisticated threats emerging outside of North America. A subscription to Kaspersky APT Intelligence Reporting costs $100,000 per year, Cataldo said, making it a good fit for larger enterprise organizations.

“If you want to truly provide your customers with a unique data set that they will not find anywhere else, they need to partner with Kaspersky,” Cataldo said. “I am told time and time again that other sources they use are recycled news. Maybe it comes in a better package, but it is still recycled news.”