According to a Verified Market Research report, the SIEM market was valued at 5.210 million dollars in 2024 and it is expected to reach 10,090 million dollars in 2031. This growth is driven by the increase in cyber threats, regulatory compliance regulations and the growing demand for rapid threat detection.

Companies seek solutions that allow them to collect and analyze data in real time, significantly improving their knowledge of the situation. To respond to this demand, Kaspersky has launched a significant update of its Security Information Management platform (SIEM). This update includes an innovative artificial intelligence module (AI) that optimizes alert prioritization, allows the visualization of resources dependencies and expands search capabilities.

“Siem is one of the main tools for the SOC teams and IT security departments, so we do everything possible so that our platform is easier to use. These new features allow companies to react to events faster and less effort. In addition, we have improved Kaspersky always enriching their compatibility with sources of events and correlation rules,” concludes Ilya Markelov, director of the line of unified platform products of Kaspersky.

NEW SIEM UPDATE

Kaspersky Siem is a platform designed for security operations centers (SOC), based on AI technology and reinforced with intelligence of world -class threats. The platform collects registration data and enriches them with contextual information and intelligence of processable threats, providing all the necessary data for investigation and response to incidents, while enabled automated responses to alerts and threat search activities.

  • New AI module. The new Kaspersky module always improves the classification of alerts and incidents through the analysis of historical data. In addition, the Risk Score based on AI for assets offers valuable hypotheses for proactive searches. This module analyzes how the characteristics of a specific activity are related to different assets, such as work stations, virtual machines and mobile phones. If an alert detected by the system is not typical for the asset in which it is detected, it is marked in the interface with an additional state, allowing analysts to quickly identify incidents that require immediate attention.

Kaspersky Siem: Advanced AI capacities and resource visualization

  • Simplified data collection. Previously, to collect data from working stations with Windows and Linux, it was necessary to install a SIEM agent at each station or configure data transmission to an intermediate host. Now, if Kaspersky Endpoint’s security agent is installed in the host, you can send data directly to the SIX system. These data can be used for searches for events, analysis and correlation, eliminating the need to install and monitor SUF agents separately for customers who already use Kaspersky safety products for Endpoints.
  • Disposal display of expanded search resources and abilities. The platform has improved their search capabilities, allowing users to visualize how resources (filters, rules, lists) are connected to each other. A resource dependencies graph with a hierarchical folder structure facilitates the search for specific consultations for large equipment or multiple searches stored. Analysts can quickly and accurately locate the relevant events or create “Rolling Window” reports, defining the start and end of a search consultation or a report.
  • Content version management. Kaspersky Sieges the history of changes in resources in the form of versions. A new version is created automatically when an analyst creates a new resource or keeps changes in an existing resource. This storage of versions simplifies the interaction within the analyst teams, allowing, for example, that a team member sees the changes made by a partner in a correlation rule and, if necessary, undo them.
  • Unique field mapping
  • With the updated platform, analysts can add a series of specific field values ​​from the unique field section of the correlation rule to a correlated event, saving time by eliminating the need to search for values ​​in underlying events. Kaspersky always allows you to add specific field values ​​to an exception if an alert is identified as a false alarm. Each correlation rule generates a separate list of exceptions, which allows analysts to focus on critical alerts and quickly reduce the “noise” of the correlation rules.
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.