Kaspersky Supercharges SIEM Solution with AI for Faster Threat Detection

Kaspersky has launched a major update to its Security Information and Event Management (SIEM) platform, boosting cybersecurity teams’ efficiency with AI-powered alert triage, enhanced search capabilities, and streamlined data collection. The update aims to help businesses combat the growing complexity and volume of cyber threats.


23 January 2025 – Recognizing the escalating challenges faced by cybersecurity professionals, Kaspersky has unveiled a significant update to its SIEM solution. The enhanced platform incorporates a new AI module for more effective threat detection, improved search functionalities, and simplified data collection, empowering security teams to respond to threats faster and with greater precision.

The SIEM market is experiencing rapid growth, driven by the rise in cyberattacks, regulatory compliance requirements, and the demand for real-time threat detection. Kaspersky’s updated SIEM solution directly addresses these challenges, providing organizations with the tools they need to stay ahead of evolving threats.

“As SIEM is one of the main tools for SOC teams and IT security departments, we do everything we can to make our platform easier to use,” says Ilya Markelov, Head of Unified Platform Product Line at Kaspersky. “These new features mean businesses can react to events faster and with less effort.”

Key enhancements in the updated Kaspersky SIEM include:

  • AI-Powered Alert Triage: A new AI module analyzes historical data to improve the prioritization of alerts and incidents. AI-based risk scoring of assets helps security teams focus on the most critical threats.
  • Streamlined Data Collection: The Kaspersky Endpoint Security agent can now directly send data to the SIEM system, eliminating the need for separate SIEM agents and simplifying data collection for existing Kaspersky users.
  • Enhanced Search Capabilities: A resource dependencies graph visualizes how resources are interconnected, making it easier to navigate complex searches. Extended search functionalities allow for more precise queries and efficient report generation.
  • Content Versioning: The platform tracks the history of resource changes, improving collaboration among analysts and enabling easy rollback of modifications.
  • Unique Field Mapping: Analysts can add specific field values to correlation events and exceptions, saving time and reducing false positives.

Kaspersky’s commitment to continuous improvement is evident in the expanded threat intelligence capabilities of the SIEM solution. The platform now covers over 400 techniques from the MITRE ATT&CK matrix and supports nearly 300 event sources, with more being added constantly.

This update reinforces Kaspersky’s dedication to providing robust and innovative cybersecurity solutions that empower businesses to effectively defend against the ever-evolving threat landscape.

Author: Terry KS

Share This Post On