Kaspersky has introduced a significant update to its Unified Monitoring and Analysis Platform, a leading Security Information and Event Management (SIEM) system, aimed at enhancing the productivity of cybersecurity teams. This development comes at a crucial time when cyber threats are becoming increasingly complex, and companies face escalating challenges in safeguarding their infrastructures.
The cybersecurity landscape has seen a marked increase in sophisticated attacks, making it imperative for organizations to optimize their resources. According to Kaspersky’s Human Factor 360 Report, 77% of businesses experienced at least one cybersecurity breach in 2023, with many encountering up to six breaches within the year. This alarming statistic underscores the need for more efficient tools that can collect and analyze security telemetry in real time, providing a higher level of situational awareness.
Kaspersky’s Unified Monitoring and Analysis Platform is a next-generation SIEM solution designed to manage security data and events with greater efficiency. It collects, aggregates, analyzes, and stores log data from across an organization’s IT infrastructure. In addition, it offers contextual enrichment and actionable threat intelligence insights, which are invaluable to IT security professionals when responding to threats.
The latest update introduces several new features aimed at reducing routine tasks and enhancing automation, allowing cybersecurity experts to focus more on critical threat detection and response activities. These advancements include:
- Event Forwarding from Remote Offices: Kaspersky has added an event router to its platform, which helps reduce the load on communication channels and minimizes the number of open ports on network firewalls. This router efficiently receives events from collectors and forwards them to designated destinations based on pre-configured filters. The use of this intermediate service ensures effective load balancing between links and allows for the utilization of low-bandwidth connections.
- Advanced Grouping and Time Rounding Functions: To aid in investigations, analysts can now select events and build queries with groupings and aggregate functions directly from the event interface. This feature enables customers to run aggregation queries simply by choosing one or more fields as grouping parameters, streamlining the process of event analysis.
- Multi-Storage Event Search: A new capability allows users to launch search queries across multiple storage clusters simultaneously, with results presented in a consolidated table. This feature simplifies the retrieval of necessary events in distributed storage environments and provides clear indicators of each record’s storage location.
- MITRE ATT&CK® Mapping: Kaspersky has introduced a mechanism to assist analysts in visualizing the coverage of the MITRE ATT&CK® matrix through developed rules. This tool helps assess the level of security by allowing analysts to import the latest techniques and tactics into the SIEM system, specify the detected tactics, and export rules marked according to the matrix to the MITRE ATT&CK Navigator.
- Collection of DNS Analytics Logs: The platform now supports the collection of DNS Analytics logs using a new Event Tracing for Windows (ETW) transport. This upgrade provides extended DNS logs, including diagnostic events and analytical data on DNS server operations, offering more comprehensive information with less impact on DNS server performance compared to traditional DNS debug logs.
Kaspersky’s Head of Unified Platform Product Line, Ilya Markelov, emphasized the importance of a user-friendly SIEM system for cybersecurity professionals, saying, “A company’s security largely depends on how conveniently experts can interact with SIEM, allowing them to focus directly on combating threats rather than performing routine tasks. We are continuing to actively improve the solution based on market needs and customer feedback, and we are consistently introducing new features to make analysts’ work simpler.”