The update is aimed at helping organizations investigate cyber threats more effectively, better understand attacker behavior, and proactively monitor the most relevant risks across their digital environments.
Kaspersky has rolled out a significant upgrade to its Threat Intelligence Portal (TIP), adding a new Hunt Hub section, an improved MITRE ATT&CK coverage map, and a greatly expanded vulnerabilities database. The update is aimed at helping organizations investigate cyber threats more effectively, better understand attacker behavior, and proactively monitor the most relevant risks across their digital environments.
The move comes as cyber threats continue to rise. According to the Kaspersky Security Bulletin 2025, the company’s detection systems identified an average of 500,000 malicious files per day in 2025 — a 7% increase year over year. With attacks growing in scale and sophistication, Kaspersky says security teams need deeper insight, not just alerts, to respond effectively.
At the center of the update is the newly introduced Hunt Hub, integrated into the Threat Landscape section of the portal. The feature is designed to provide greater transparency into how detection technologies operate and to give users access to Kaspersky’s threat hunting expertise. Hunt Hub contains Kaspersky Next EDR Expert hunts, also known as indicators of attack (IoA) or detection rules. All users can browse the hunt catalog and descriptions, while EDR Expert customers receive more advanced access to detection logic and recommendations in a structured, SIGMA-like format. Each hunt is mapped to relevant MITRE ATT&CK tactics and techniques and connected to known threat actors to provide added context.
By exposing detection logic in a structured way, Hunt Hub aims to remove the “black box” perception around threat detection. Security teams can see why an alert was triggered and what type of threat it is meant to uncover, improving trust in detection systems and speeding up investigations.
Kaspersky also enhanced the MITRE ATT&CK coverage map within the Threat Landscape section. The portal now combines product coverage across SIEM, EDR, NDR, and Sandbox tools with MITRE ATT&CK techniques, scoring, coverage percentages, and related EDR Expert hunts in one unified interface. This allows organizations to evaluate how well their current security stack addresses specific attack techniques and to spot potential protection gaps.
In addition, the portal’s Vulnerabilities section has been expanded, with the CVE database now covering nearly 300,000 vulnerabilities. The platform also offers more detailed intelligence on vulnerabilities that have been exploited in real-world attacks, enabling organizations to prioritize patching and remediation based on active threat activity.
Kaspersky says the update is designed to help organizations shift from reactive alert handling to proactive threat hunting and risk management by giving analysts clearer visibility into detection processes and threat intelligence.
