Kaspersky has announced a major update to its Security Information and Event Management (SIEM) solution, introducing advanced artificial intelligence (AI) capabilities and operational enhancements designed to streamline cybersecurity operations. The upgrades aim to address the growing complexity of cyber threats and the rising demand for efficient threat detection, as organizations worldwide face increasing pressure to comply with regulations and protect digital assets.
The global SIEM market, valued at $5.21 billion in 2024, is projected to grow to $10.09 billion by 2031, according to Verified Market Research. This growth is driven by escalating cyberattacks, stricter regulatory requirements, and the need for real-time data analysis to improve situational awareness. Kaspersky’s updated SIEM platform seeks to meet these challenges by integrating AI-driven tools, simplifying data collection, and enhancing analytical workflows for security teams.
Central to the update is a new AI module that accelerates alert triage and incident analysis by leveraging historical data. The system evaluates patterns in user or entity behavior to identify anomalies, such as unusual activity on specific assets like workstations, virtual machines, or mobile devices. Alerts flagged as atypical for a given asset are prioritized in the interface, enabling analysts to focus on high-risk incidents requiring immediate action. Additionally, the module assigns risk scores to assets based on AI analysis, generating hypotheses for proactive threat hunting.
The platform also streamlines data collection by integrating with Kaspersky’s Endpoint Security agent. Previously, organizations using Kaspersky’s endpoint protection had to deploy separate SIEM agents on each device or configure data routing through intermediate hosts. The update allows endpoint security agents to transmit logs directly to the SIEM system, eliminating redundant infrastructure and reducing administrative overhead for existing customers. This integration aims to lower barriers to data analysis and correlation while maintaining compatibility with Windows and Linux systems.
Enhanced search functionalities and resource dependency visualization further aim to improve operational efficiency. Analysts can now generate hierarchical graphs showing connections between filters, rules, and lists, simplifying navigation in complex environments. The system supports time-based “rolling window” reports and retains search query histories, enabling teams to revisit past investigations quickly. A resource versioning feature automatically logs changes to rules or configurations, allowing teams to track modifications, revert adjustments, and collaborate more effectively.
To reduce false positives, the platform introduces unique field mapping, which lets analysts add specific field values from correlation rules directly to exception lists. This ensures irrelevant alerts are filtered out, allowing teams to concentrate on genuine threats. Kaspersky also emphasized the expansion of its out-of-the-box correlation rules, which now cover over 400 techniques from the MITRE ATT&CK framework—a globally recognized knowledge base of adversary tactics. The number of supported event sources has also grown to nearly 300, with ongoing updates to accommodate new technologies and threat vectors.
The updates reflect Kaspersky’s broader strategy to consolidate its position in the competitive SIEM market, where ease of use and integration with existing security ecosystems are critical differentiators. By automating routine tasks, reducing noise in alert systems, and providing clearer visibility into asset relationships, the company aims to empower security operations centers (SOCs) to respond faster and with greater precision.
As cyberattacks grow in sophistication and frequency, tools like SIEM have become indispensable for organizations managing large-scale digital infrastructure. Kaspersky’s enhancements align with industry trends emphasizing AI adoption, interoperability, and user-centric design. However, the effectiveness of these updates will depend on real-world implementation, particularly in environments with diverse IT architectures and legacy systems.
The company has not disclosed specific pricing or availability details for the upgraded SIEM platform but encourages interested organizations to visit its official website for further information. With cybersecurity now a top priority for businesses and governments alike, Kaspersky’s latest innovations underscore the ongoing race to develop tools that balance automation, intelligence, and adaptability in an increasingly volatile threat landscape.