KASPERSKY SECURITY INTELLIGENCE SERVICES

Alexander Mazikin

Global Presales Manager, Security Intelligence Services

SERVICES MAP

2

Security Awareness

Professional Trainings

SECURITY TRAINING

Digital Forensics

Malware Analysis

INVESTIGATION SERVICES

THREAT INTELLIGENCE

Threat Data Feeds

Botnet Tracking

Intelligence Reporting

SECURITY ASSESSMENT

Penetration Testing

Security Assessment

GARTNER’S ADAPTIVE SECURITY CYCLE

3

RESPOND

PREDICT PREVENT

DETECT

• Digital Forensics

• Malware Analysis

• Penetration Testing

• Security Assessment

• Professional Trainings

• Tailored Reporting

• Threat Data Feeds

• Botnet Tracking

• APT Intelligence Reporting

• Security Awareness

TARGET AUDIENCE AND USE CASES

4

Customer SOC (Security Operation Center)

Train your employees

and experts

Enterprises Government MSSP ISP/Telco Banks

Improve your SIEM

with KL data feeds

Get early warning

about global APTs

and threats targeting

your organization

In case of an incident get

help from our forensics

experts

Mitigate a risk of

intrusion with

KL PenTesting

Uncover vulnerabilities

in your applications

CYBERSECURITY TRAINING

5

SECURITY TRAINING – POC

6

► KL trainer conducts a remote session for

the customer to explain the required courses

in more details

SECURITY TRAINING – CASE STUDIES

7

City of London Police

Kaspersky Lab has delivered several courses

in the areas of Digital Forensics and Malware

Analysis

Public reference is available and you can

request an official pdf approved by COLP

management

You can find more in public press releases:

http://www.kaspersky.com/about/news/viru

s/2014/City-of-London-Police-and-

Kaspersky-Lab-lead-the-way-in-

combatting-fraud

http://www.computerworlduk.com/news/se

curity/3539039/city-of-london-police-

brings-in-kaspersky-to-train-officers-to-

tackle-cybercrime/

THREAT INTELLIGENCE SERVICES

8

Threat Data Feeds

A customer gets more from existing SIEM

solution by leveraging Threat Data from KL

► Malicious URLs

► Phishing URLs

► Botnet C&C URLs

► Malware Hashes

► Mobile Malware Hashes

► Mobile Botnet C&C URLs

► P-SMS Trojan Feed

THREAT INTELLIGENCE SERVICES

9

Intelligence Reporting

► APT Intelligence Reporting

A customer gets exclusive, proactive access

to descriptions of high-profile cyber-

espionage campaigns, including indicators of

compromise (IOC)

► Customer / Country Specific Reporting

OSINT is a main source of intelligence:

• Network Reconnaissance and

Vulnerability Analysis

• Malware and Cyber-Attack Tracking

Analysis

• Staff, Data Leakage and Underground

Activities Analysis

► Industry Reporting

Quarterly reporting about threats related to

industry (Financial, Telco etc.)

THREAT INTELLIGENCE SERVICES

10

Botnet Tracking

Expert monitoring and notification services to

identify botnets threatening online banking of

a banking customer

► Almost real time notifications (every 15

min)

► JSON compatible

► Can be offered for MSSP or banks

THREAT INTELLIGENCE SERVICES – POC

11

► Data Feeds – two week pilot*

► Intelligence Reporting – 3 private reports

for evaluation*

► Botnet Tracking – two week pilot or

report for the last two months

*an NDA is required

THREAT INTELLIGENCE – CASE STUDIES

12

Telefonica

► Telefonica has subscribed to KL Data

Feeds, Botnet Tracking and Intelligence

Reporting for 2nd year

► You can find more in public press

releases:

• http://www.kaspersky.com/about/news/

business/2014/Kaspersky-Lab-and-

Telefonica-join-forces-to-improve-cyber-

protection-for-European-and-Latin-

America-customers

• http://www.eurocomms.com/industry-

news/49-online-press/9898-telefonica-

signs-cyber-security-deal-with-

kaspersky-lab

INCIDENT INVESTIGATION SERVICES

13

Digital Forensics

Digital Forensics is an investigation service

aimed at producing a detailed picture of an

incident. Forensics can include malware

analysis if any malware was discovered

during the investigation. Kaspersky Lab

experts piece together the evidence to

understand exactly what is going on,

including the use of HDD images, memory

dumps and network traces. The result is a

detailed explanation of the incident.

Malware Analysis

Malware Analysis offers a complete

understanding of the behavior and objectives

of specific malware files that are targeting

your organization.

INCIDENT INVESTIGATION – POC

14

► KL Digital Forensics. KL provides

the customer a sample report on

Digital Forensics*

► Malware Analysis. A customer can

provide KL a single malware sample

for analysis

*an NDA is required

INCIDENT INVESTIGATION – CASE STUDIES

15

Collaboration with Interpol

► Kaspersky Lab helped Interpol to establish

a forensics lab in Singapore

► You can find more in public press

releases:

• http://www.kaspersky.com/about/news/b

usiness/2013/Kaspersky_Lab_signs_up_

to_actively_support_INTERPOL_Global_

Complex_for_Innovation_Singapore

SECURITY ASSESSMENT SERVICES

16

Penetration Testing

Kaspersky Lab’s Penetration Testing Service gives

you a greater understanding of security flaws in your

infrastructure, revealing vulnerabilities, analyzing the

possible consequences of different forms of attack,

evaluating the effectiveness of your current security

measures and suggesting remedial actions and

improvements.

Security Assessment

Kaspersky Lab’s Security Assessment Services

uncovers vulnerabilities in applications or systems of

any kind, from large cloud-based solutions, ERP

systems, online banking and other specific business

applications, to embedded and mobile applications

on different platforms (iOS, Android and others) or

specific systems (Telecom, SCADA, ATM etc.).

SECURITY ASSESSMENT – WHY KL?

17

KL is able to delivery Security Assessment of non-standard systems

► Telecom specific systems (OSS, BSS, base stations, media GW, GSM/UMTS/LTE, IP,

SS7)

► ATM / POC

► SCADA, PLC, smart meters

Qualified Team

► Experienced white-hat hackers known for their security

research and acknowledged for security advisories by Microsoft,

Google, Apple, Oracle, Cisco, Siemens, SAP, Citrix and others

DOCUMENTATION

18

Available Materials:

► SIS Catalog

► Security Training – Program Description

► Threat Data Feeds – Technical Description

► Intelligence Reporting – Technical Description

► Intelligence Reporting – How to use IOCs

► Penetration Testing – Technical Description

► Application Security Assessment –

Technical Description

► Digital Forensics and Malware Analysis –Technical Description

► Marketing Presentations

The materials could be requested from intelligence@kaspersky.com

KL ENTERPRISE WEBSITE

19

THANK YOUAlexander Mazikin

Global Presales Manager, Security Intelligence Services

Alexander.Mazikin@kasperksy.com

intelligence@kaspersky.com