Kaspersky enhances SIEM solution with AI & new features

Today

Kaspersky has announced significant updates to its Security Information and Event Management (SIEM) solution, enhancing its features to improve productivity and effectiveness in cybersecurity operations.

The SIEM market, as reported by Verified Market Research, was valued at $5.21 billion in 2024, with projections indicating it could reach $10.09 billion by 2031. The growth is attributed to increasing cyber threats, the need for regulatory compliance, and the demand for swift threat detection. Businesses are thus seeking solutions that facilitate real-time data collection and analysis to better manage their cybersecurity landscape. The newly added features in Kaspersky's SIEM aim to meet these demands by providing tools for more efficient threat detection.

Kaspersky's SIEM, designed as a security operations centre (SOC) platform, incorporates an AI-powered technology stack supported by advanced Threat Intelligence. It gathers log data and enhances it with contextual information and usable threat intelligence, catering to the needs for incident investigation and response while enabling automation in alert responses and threat hunting.

The new AI module incorporated in the Kaspersky SIEM aids in improving the analysis of alerts and incidents by examining historical data. "This module analyzes how the characteristic of a particular activity is related to different assets - workstations, virtual machines, mobile phones, and so on," stated Kaspersky. Alert detections that appear atypical for identified assets are flagged for immediate attention, streamlining focus for analysts on critical incidents.

A development in the data collection process has been introduced with the Kaspersky Endpoint Security agent's capability to directly send data to the SIEM system. This update removes the need for installing separate SIEM agents on each workstation, simplifying the setup for customers already utilising Kaspersky endpoint security products.

The platform also features enhanced search capabilities, including a resource dependencies graph. This feature allows users to visualise the connections between various resources like filters, rules, and lists, thereby improving the efficiency of search queries for analysts, especially within extensive datasets. Additionally, these capabilities are complemented by functionalities such as "rolling window" reports and the convenience of accessing stored search histories.

Kaspersky has introduced content versioning, where history of resource changes is stored as versions, making teamwork among analysts more straightforward. This feature allows team members to track changes to correlation rules and undo them if necessary, enhancing collaborative efforts within security teams.

Unique field mapping improvements mean that analysts can quickly associate specified field values from correlation rules with correlation events, reducing the need to manually search through field values. Moreover, false positives can be more efficiently handled by adding specific field values to exception lists.

Ilya Markelov, Head of Unified Platform Product Line at Kaspersky, commented on these advancements: "As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use. These new features mean businesses can react to events faster and with less effort. Also, we enhanced our Kaspersky SIEM by enriching it with connectors to event sources and correlation rules. Today, our out-of-the-box rules already cover over 400 techniques from the MITRE ATT&CK matrix, and the number of supported sources has reached close to 300. And this number is constantly growing."

Share on: