The new version of Kaspersky SIEM features an AI-enabled mechanism for detecting potential account compromise, and provides enhanced data integrity and improved customisation, empowering organisations with stronger, more flexible security.
According to a recent global survey conducted by Kaspersky, Security Information and Event Management (SIEM) platforms rank among the top three most in-demand cybersecurity solutions for companies planning to establish a Security Operations Center, with 40% of organisations considering it an essential technological component for building an advanced cybersecurity division.
In response to this market need, Kaspersky has regularly upgraded its SIEM with new, valuable features designed to enable advanced threat detection capabilities and better compliance with industry standards and regulation.
In the latest update the following new key capabilities were added:
Flexible role model for customisation
The new system allows users to create, clone, and modify roles to better align with internal workflows and organisational needs. This enhancement offers greater flexibility, enabling companies to tailor the system to their unique structures.
Correlator 2.0 Beta and AI-enabled account theft detection
The fault-tolerant, horizontally scalable Correlator 2.0 is now available in beta mode. This upgrade delivers significant improvements in performance and reduces hardware requirements.
It also introduces advanced features, such as AI-powered detection of account theft, which analyses login activity, establishes baseline patterns, and identifies abnormal behaviour to generate timely alerts for potential account compromises. This feature enhances an organisation’s security and operational efficiency.
Backup and restore events for data integrity and compliance
The new functionality supports exporting event data into secure, immutable archive files, safeguarding data during investigations, audits, and regulatory compliance processes – ensuring data remains unaltered.
Background search queries for enhanced user experience
Background search processing allows analysts to initiate low-priority queries that run quietly in the background. This allows users to continue their work without interruption, with search results available immediately upon completion, drastically improving usability and operational efficiency.
“At Kaspersky, our ongoing commitment is to refine and expand the capabilities of our products to stay ahead of evolving cyber threats. By harnessing innovative AI technologies in Kaspersky SIEM, we can streamline complex data analysis and automate essential processes, empowering cybersecurity professionals to concentrate on investigating sophisticated incidents and implementing proactive security measures. These improvements significantly bolster organisational resilience and ensure robust protection against emerging threats,” states Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.
Kaspersky SIEM collects, aggregates, analyses and stores log data across the entire IT infrastructure, delivering contextual enrichment for cybersecurity teams. The platform leverages a dedicated User and Entity Behaviour Analytics (UEBA) ruleset that helps identify deviations from established behavioural patterns, facilitating the timely detection of APTs, targeted attacks, and insider threats. Additionally, the rule mapping on the platform has been regularly updated to align with the latest versions of MITRE ATT&CK.
To learn more about Kaspersky SIEM, please visit the website.
