الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Extended AI capabilities and resource visualization: great new features provided by Kaspersky SIEM

 

 

To bolster the productivity and effectiveness of cybersecurity teams, Kaspersky has unveiled a significant update to its Security Information and Event Management (SIEM) solution. The enhanced platform provides a new AI module for faster and more effective alert triage, helps to visualize resource dependencies and enables extended search capabilities.

According to Verified Market Research, the SIEM market was valued at $5.21 billion in 2024 and is expected to reach $10.09 billion by 2031. Among the key factors that contribute to such growth are rising cyber threats, regulatory compliance regulations and demand for rapid threat detection. Businesses are searching for solutions that enable them to collect and analyze data in real time, significantly enhancing their situational awareness. To meet this demand, Kaspersky added new features to its SIEM, allowing cybersecurity professionals to detect threats more efficiently.

Kaspersky SIEM is a security operations center (SOC) platform based on an AI-powered technology stack and reinforced by world-leading Threat Intelligence. The platform collects log data and enriches it with contextual information and actionable threat intelligence to provide all the data needed for incident investigation and response, while enabling automated responses to alerts and threat hunting.

New AI module

Kaspersky SIEM features a new AI module that improves triage alerts and incidents by analyzing historical data, while AI-based risk scoring of assets provides valuable hypotheses for proactive searches.

This module analyzes how the characteristic of a particular activity is related to different assets – workstations, virtual machines, mobile phones, and so on. If an alert detected by the system as a result of event correlation is not typical for the asset on which it is detected, such a detection is marked in the interface with an additional status. Therefore, analysts can quickly see incidents that require immediate attention.

Data collection by the Kaspersky Endpoint Security agent

Previously, to collect data from workstations running Windows and Linux, it was necessary to install a SIEM agent on each station or configure data transmission to an intermediate host and then configure data exchange with the SIEM. Now, if the Kaspersky Endpoint Security agent is installed on the host, it can directly send data to the SIEM system. This data can be used for further event searches, analysis, and correlation. Thus, the additional step of installing and monitoring separate SIEM agents is eliminated for customers who already use Kaspersky products for endpoint security.

Resource dependencies graph and extended search capabilities

The platform also improved its search capabilities and now allows customers to visualize how resources (filters, rules, lists) are connected with each other. A resource dependencies graph featuring a hierarchical folder structure makes it easier to find the correct search query for large teams or multiple stored searches. Analysts can quickly and precisely locate relevant events or create “rolling window” reports by defining the start and finish timeframes for a search query or report. Storing search query history enables the user to access previous inquiries with ease.

Content versioning

Kaspersky SIEM stores the history of resource changes in the form of versions. A resource version is created automatically when an analyst creates a new resource or saves changes to parameters in an existing resource. Version storage simplifies interaction within analyst teams. For example, one team member can see any changes a colleague has made in a correlation rule, and if necessary, undo them.

Unique field mapping

With the updated platform, analysts can now add an array of specified field values from the correlation rule’s unique field section to a correlation event, thus saving time by eliminating the need to search through field values in underlying events.

Kaspersky SIEM also enables the addition of specific field values to an exception if an alert is identified as a false positive. Each correlation rule generates a separate exception list, allowing analysts to focus on critical alerts and quickly reduce correlation rule ‘noise’.

“As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use. These new features mean businesses can react to events faster and with less effort. Also, we enhanced our Kaspersky SIEM by enriching it with connectors to event sources and correlation rules. Today, our out-of-the-box rules already cover over 400 techniques from the MITRE ATT&CK matrix, and the number of supported sources has reached close to 300. And this number is constantly growing,” comments Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

 

 

 

Related Posts:

Expand North Star 2025 by GITEX GLOBAL opens today, celebrating ten years of startup innovation with its biggest edition yet

The 10th Turkish Airlines World Golf Cup, world’s most prominent corporate golf tournament, returns to Cairo

Silicon Waha Launches the Third Edition of “Waha Connect” at Borg El Arab Technology Park

The Marq Announces, ‘inplace’, an Integrated Business Community in New Cairo with EGP 30 billion Investments

With the participation of experts, Invest-Gate issues its recommendations: “From Heritage to Horizons: Integrating Real Estate & Tourism Investment Opportunities”

DP World – Egypt and Suez Canal University Launch the Second Phase of the Faculty of Physical Therapy Development Project

QNET participates in the 8th edition of Cairo Water Week and showcases its latest home water filtration technology

Novotel Cairo Airport Introduces Renovated Rooms, Elevating Guest Comfort

آخر الأخبار
Expand North Star 2025 by GITEX GLOBAL opens today, celebrating ten years of startup innovation with... جماهير منتخب مصر تدعم حسن شحاتة بعد تعرضه لوعكة صحية إكسباند نورث ستار 2025 ينطلق في دبي ويحتفي بأضخم نسخة في تاريخه بعقد من الابتكار وريادة الأعمال جهاز حماية المنافسة يثبت مخالفة 12 مدرسة لقيامهم بممارسات احتكارية في قطاع الزي المدرسي The 10th Turkish Airlines World Golf Cup, world’s most prominent corporate golf tournament, returns ... بطولة الخطوط الجوية التركية للجولف تعود إلى القاهرة للعام العاشر إكسباند نورث ستار ضمن جيتكس جلوبال تسهم في توسيع نطاق شركات ناشئة من 180 دولة وزير الصحة يلتقي الرئيس التنفيذي لمعهد WifOR الألماني مركز «الملاذ الآمن» :الفضة تلامس أعلى مستوياتها منذ 2011 وتتفوق على الذهب كأفضل المعادن أداءً في 202... التمثيل التجاري المصري يبحث مع المستشار التجاري البريطاني بالقاهرة سبل الارتقاء بالعلاقات الاقتصادية طلعت: التكنولوجيا أصبحت أداة الدولة لضمان كفاءة توزيع المياه وتخطيط المواسم الزراعية قصر العيني يواصل التألق عالميًا: منة شاكر ضمن أفضل 10 كتّاب في مسابقة دولية مرموقة Silicon Waha Launches the Third Edition of "Waha Connect" at Borg El Arab Technology Park واحات السيليكون تطلق النسخة الثالثة من فعالية "Waha Connect" في برج العرب التكنولوجية اعتماد عقّار "ميتاليز®" 25 ملغم من "بورينجر إنجلهايم" بعد حصوله على موافقة هيئة الدواء المصرية لعلاج... رئيس الوزراء يستقبل الدكتور خالد العناني المدير العام المنتخب لمنظمة "اليونسكو" وزيرة التضامن الاجتماعي تستقبل وكيل الأمين العام للأمم المتحدة للشئون الإنسانية رئيس الوزراء يتابع الموقف التنفيذي لمشروعات الطاقات المتجددة بنك القاهرة شريكاً إستراتيجياً لمعرض "تراثنا" لدعم الحرف والمنتجات اليدوية افتتاح خطوط إنتاج جديدة بمصنع مارس مصر باستثمارات 280 مليون دولار