In a move to enhance the productivity and efficiency of cybersecurity teams, Kaspersky has introduced a groundbreaking update to its Security Information and Event Management (SIEM) platform. This update includes a cutting-edge AI module designed to expedite and improve alert triage, comprehensive resource dependency visualization, and extended search functionalities.
A Growing SIEM Market
According to Verified Market Research, the SIEM market, valued at $5.21 billion in 2024, is projected to reach $10.09 billion by 2031. Key drivers of this growth include escalating cyber threats, stringent regulatory compliance requirements, and the growing demand for rapid threat detection. Organizations worldwide seek solutions that facilitate real-time data collection and analysis, offering improved situational awareness. Kaspersky’s enhanced SIEM platform aligns with these needs, providing tools for more effective threat detection and incident response.
AI-Powered Features
The updated Kaspersky SIEM leverages AI-driven technology and globally recognized Threat Intelligence. By collecting and enriching log data with contextual and actionable insights, it supports comprehensive incident investigation and automated responses.
One of the standout enhancements is the new AI module, which improves the triage of alerts and incidents by analyzing historical data and employing AI-based risk scoring for assets. This enables cybersecurity professionals to conduct proactive searches with informed hypotheses. The system also marks unusual activities on specific assets, such as workstations or virtual machines, with additional statuses, enabling analysts to prioritize critical incidents swiftly.
Streamlined Data Collection
The integration of the Kaspersky Endpoint Security agent simplifies data collection. Previously, installing separate SIEM agents on each workstation was necessary. Now, the endpoint security agent can directly transmit data to the SIEM system, streamlining operations for organizations already using Kaspersky’s endpoint solutions.
Enhanced Search and Visualization
The platform’s enhanced search capabilities include a resource dependencies graph that visualizes connections between filters, rules, and lists. Analysts can quickly identify relevant events, define precise timeframes for reports, and access stored search histories for easier inquiry management.
Content Versioning and Field Mapping
Kaspersky SIEM now supports content versioning, creating automatic resource versions whenever changes are made. This feature promotes seamless collaboration among analysts, allowing teams to track and revert changes to correlation rules if necessary.
Additionally, the platform enables the addition of specified field values from correlation rules to events, reducing manual effort. Analysts can also add field values to exception lists for false-positive alerts, focusing on critical threats while minimizing noise.
Expert Insight
“As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use,” says Ilya Markelov, Head of Unified Platform Product Line at Kaspersky. “These new features allow businesses to react faster with less effort. Our SIEM now supports over 400 MITRE ATT&CK techniques and nearly 300 event sources, and this number is constantly growing.”
About Kaspersky
Founded in 1997, Kaspersky is a global leader in cybersecurity and digital privacy. With over one billion devices protected worldwide, the company continues to innovate, offering advanced solutions to safeguard businesses, critical infrastructure, governments, and individuals.
For more information, visit www.kaspersky.com.
