The updated Kaspersky SIEM now features AI functionality for detecting signs of dynamic link library (DLL) hijacking, provides integration with Kaspersky Digital Footprint Intelligence (DFI) and Kaspersky Managed Detection and Response (MDR) and enables better capabilities for working with dashboards and reports.
According to the latest Kaspersky MDR analyst report, Advanced Persistent Threats (APTs) significantly affected one in four companies in 2024, representing a remarkable 74% increase compared to 2023. The findings highlight that, despite advancements in automated detection technologies, persistent attackers continue to exploit vulnerabilities and bypass defenses. To address these challenges and enhance threat detection capabilities, Kaspersky has upgraded its Kaspersky SIEM by integrating new and valuable features designed to enhance overall efficiency of cybersecurity systems.
Kaspersky SIEM collects, aggregates, analyzes and stores log data across the entire IT infrastructure, delivering contextual enrichment and actionable threat intelligence insights. In the latest update, this platform was enhanced by the following capabilities:
Enhanced protection against DLL hijacking
Legitimate software loads numerous libraries during operation, which can be exploited by attackers to evade detection and execute cyberattacks. To address this threat, Kaspersky SIEM has introduced a specialized AI-based subsystem that continuously analyzes information about all loaded libraries. In cases of suspected substitution, the system automatically annotates the event, enabling security teams to create incidents for further investigation. To leverage this new functionality, users can simply connect a DLL Hijacking enrichment rule to the collector or correlator, enhancing the system’s ability to detect and respond to potential library substitution threats effectively.
Integration with Digital Footprint Intelligence and Managed Detection and Response
Kaspersky SIEM now offers seamless integration with Kaspersky Digital Footprint Intelligence, enabling users to receive comprehensive analytics related to digital footprint data. This enhancement ensures that user account and password leaks are promptly detected, with automated alerts generated to facilitate immediate response. Incidents identified through this integration can be further investigated within the SIEM system, enhancing overall security posture.
Additionally, the solution now supports automatic incident import from the Managed Detection and Response (MDR) Console directly into the SIEM, streamlining incident processing and analysis for faster and more efficient threat management.
Improved behavioral analysis
Kaspersky SIEM has been further enhanced with the integration of a dedicated User and Entity Behavior Analytics (UEBA) ruleset, specifically designed for the comprehensive detection of anomalies across authentication processes, network activity and process execution on Windows-based workstations and servers. This addition enables Kaspersky SIEM to more effectively analyze deviations from established behavioral patterns, thereby facilitating the timely identification of APTs, targeted attacks and insider threats.
New capabilities for reporting
Dashboards and report templates can now be shared and transferred between Kaspersky SIEM installations, facilitating seamless collaboration and consistency across security environments. This functionality also enables users to receive updates directly from Kaspersky, ensuring that security teams have access to the most current content for comprehensive organizational cybersecurity analysis.
In addition, new data visualization widgets have been introduced, offering advanced capabilities for presenting information. Users can now display data as trends, combine multiple graphs and illustrate relationships between different values, thereby enhancing the clarity and effectiveness of security insights.
Furthermore, a new pre-configured widget has been added, featuring the ability to create refined queries. This is complemented by a drill-down capability, allowing users to navigate from a dashboard into another pre-configured dashboard for more detailed analysis.
Higher availability and scalability
Kaspersky has introduced a distributed Raft-based architecture for its SIEM Core, designed to deliver high availability and resilience. Such an approach ensures continuous operation under heavy loads and allows organizations to scale horizontally with ease.
“At Kaspersky, we are continuously improving our SIEM platform to ensure its detection capabilities against sophisticated threats are consistently enhanced. We aim to reduce the workload on cybersecurity professionals, enabling them to dedicate more time to analyzing complex cyber incidents and implementing preventive measures. Leveraging advanced AI technologies, we automate numerous processes and expedite the analysis of large data volumes. This advancement significantly reinforces organizational security and resilience against emerging threats,” comments Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.
