Kaspersky Introduces New SIEM Features to Reduce Routine Tasks

SIEM Features

As cybersecurity challenges increase, Kaspersky has launched a major update to its Unified Monitoring and Analysis Platform, a key security information and event management (SIEM) system. This upgrade aims to boost cybersecurity teams’ productivity by enhancing threat detection and response capabilities.

Cybersecurity teams face growing threats, including frequent attempts to breach company infrastructures and a rise in complex attacks. The Kaspersky Human Factor 360 Report reveals that 71% of businesses in KSA experienced at least one cybersecurity breach in 2023 and the year before. Companies need solutions that provide real-time information security telemetry to make the most of their resources and improve efficiency, enhancing their situational awareness.

The Kaspersky Unified Monitoring and Analysis platform is a cutting-edge SIEM solution for managing security data and events. It collects, aggregates, analyses, and stores log data from across the IT infrastructure, offering contextual enrichment and actionable threat intelligence. These features are invaluable to IT security experts. The latest update introduces new functionalities to help cybersecurity professionals navigate the platform and detect threats more effectively.

One new feature is event forwarding from remote offices to a single stream. An event router has been added to lessen the load on communication channels and reduce the number of open ports on network firewalls. This router receives events from collectors and sends them to designated destinations based on configured filters. This intermediate service helps balance the load between links and supports the use of low-bandwidth connections.

Another improvement is grouping by arbitrary fields using time rounding functions from the event interface. Analysts can now select events and build queries with grouping and aggregate functions more easily. Customers can run aggregation queries by selecting fields for grouping and clicking “Run query.”

The update also includes the ability to search events across multiple storage clusters simultaneously. This allows users to retrieve necessary events from distributed storage clusters more efficiently, with results displayed in a consolidated table that shows each record’s storage location.

Additionally, there’s a new functionality for mapping rules to MITRE ATT&CK®. This feature helps analysts visualize how well the developed rules cover the MITRE ATT&CK® matrix, assess security levels, and import updated lists of techniques and tactics into the SIEM system. Analysts can also export a list of rules marked up according to the MITRE ATT&CK Navigator.

Finally, the update introduces the collection of DNS Analytics logs. The new ETW (Event Tracing for Windows) transport reads DNS Analytics subscriptions, providing extended DNS logs, diagnostic events, and analytical data on DNS server operations. This new method offers more detailed information than the DNS debug log and has less impact on DNS server performance.

“SIEM systems are crucial tools for cybersecurity professionals. A company’s security depends on how effectively experts can use SIEM to focus on combating threats instead of handling routine tasks. We continue to enhance our solution based on market needs and customer feedback, consistently adding new features to simplify analysts’ work,” says Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

To learn more about Kaspersky SIEM and its security information and event management features, please visit our website.

About Kaspersky

Founded in 1997, Kaspersky is a global leader in cybersecurity and digital privacy. With over a billion devices protected from emerging cyber threats, Kaspersky’s extensive security expertise leads to innovative solutions and services that safeguard businesses, critical infrastructure, governments, and consumers worldwide. Our comprehensive security portfolio includes top-tier endpoint protection, specialized security products, and Cyber Immune solutions designed to counter sophisticated and evolving digital threats. We assist over 200,000 corporate clients in protecting their most valuable assets.

👁 Post Views =55k

Share this post :

Facebook
Twitter
LinkedIn
Pinterest