Kaspersky has introduced major updates to its Security Information and Event Management (SIEM) platform, adding AI-powered detection for DLL hijacking, new integrations with Kaspersky Digital Footprint Intelligence (DFI) and Managed Detection and Response (MDR), and enhanced dashboard and reporting features to help security teams identify and respond to complex threats faster.
According to the company’s latest MDR analyst report, one in four organizations suffered Advanced Persistent Threat (APT) attacks in 2024 — a 74% increase over the previous year. The new Kaspersky SIEM update directly addresses this surge by automating anomaly detection and expanding visibility across IT infrastructures.
“We’re leveraging advanced AI to automate detection and strengthen resilience against sophisticated threats.”
— Ilya Markelov, Head of Unified Platform Product Line, Kaspersky
A key highlight of the update is AI-based DLL hijacking detection — a system that continuously monitors all loaded libraries and flags suspicious substitutions in real time. This proactive approach allows security analysts to respond quickly to potential library manipulation attempts, a common evasion tactic in targeted attacks.
The platform now also integrates seamlessly with DFI and MDR, enabling users to detect leaked credentials, investigate incidents, and automate alert generation. This connectivity ensures faster, more unified responses across enterprise security environments.
Another major enhancement is the inclusion of User and Entity Behavior Analytics (UEBA) rules, designed to identify anomalies in user authentication, network activity, and process execution on Windows systems. These insights empower organizations to detect insider threats and advanced attack behaviors more effectively.
New dashboard sharing and data visualization tools provide deeper insights through interactive widgets, trend displays, and drill-down capabilities — helping analysts explore incident data from multiple perspectives.
In addition, a new Raft-based distributed architecture enhances SIEM’s scalability and availability, ensuring continuous operation even under heavy workloads.
“At Kaspersky, we are continuously improving our SIEM platform to ensure its detection capabilities against sophisticated threats are consistently enhanced,” said Ilya Markelov, Head of Unified Platform Product Line at Kaspersky. “By leveraging AI, we automate analysis and reduce workloads for cybersecurity professionals — strengthening resilience against evolving cyberthreats.”
