Kaspersky SIEM updated with AI-driven threat detection and enhanced customization

According to a recent global survey conducted by Kaspersky, Security Information and Event Management (SIEM) platforms rank among the top three most in-demand cybersecurity solutions for companies planning to establish a Security Operations Center, with 40% of organizations considering it an essential technological component for building an advanced cybersecurity division. In response to this market need, Kaspersky has regularly upgraded its SIEM with new, valuable features designed to enable advanced threat detection capabilities and better compliance with industry standards and regulation. In the latest update the following new key capabilities were added:

• Flexible role model for customization

The new system allows users to create, clone, and modify roles to better align with internal workflows and organizational needs. This enhancement offers greater flexibility, enabling companies to tailor the system to their unique structures.

• Correlator 2.0 Beta and AI-enabled account theft detection

The fault-tolerant, horizontally scalable Correlator 2.0 is now available in beta mode. This upgrade delivers significant improvements in performance and reduces hardware requirements.

It also introduces advanced features, such as AI-powered detection of account theft, which analyzes login activity, establishes baseline patterns, and identifies abnormal behavior to generate timely alerts for potential account compromises. This feature enhances an organization's security and operational efficiency.

• Backup and restore events for data integrity and compliance

The new functionality supports exporting event data into secure, immutable archive files, safeguarding data during investigations, audits, and regulatory compliance processes - ensuring data remains unaltered.

• Background search queries for enhanced user experience

Background search processing allows analysts to initiate low-priority queries that run quietly in the background. This allows users to continue their work without interruption, with search results available immediately upon completion, drastically improving usability and operational efficiency.

"At Kaspersky, our ongoing commitment is to refine and expand the capabilities of our products to stay ahead of evolving cyber threats. By harnessing innovative AI technologies in Kaspersky SIEM, we can streamline complex data analysis and automate essential processes, empowering cybersecurity professionals to concentrate on investigating sophisticated incidents and implementing proactive security measures. These improvements significantly bolster organizational resilience and ensure robust protection against emerging threats," states Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

Kaspersky SIEM collects, aggregates, analyzes and stores log data across the entire IT infrastructure, delivering contextual enrichment for cybersecurity teams. The platform leverages a dedicated User and Entity Behavior Analytics (UEBA) ruleset that helps identify deviations from established behavioral patterns, facilitating the timely detection of APTs, targeted attacks, and insider threats. Additionally, the rule mapping on the platform has been regularly updated to align with the latest versions of MITRE ATT&CK.

• ข่าวo:member
• ข่าวo:loc
• ข่าวen
• ข่าวo:it