SIEM solution with more automation

September 16, 2024
| No comments
SIEM solution with more automation - Image by Gerd Altmann on Pixabay
Advertising

Share post

With the motto less routine and more automation, Kaspersky has added new features to its SIEM solution. Faster threat detection, more automation and more flexible data management thanks to the update of Kaspersky Unified Monitoring and Analysis Platform.

The updated version of Unified Monitoring and Analysis Platform in Kaspersky's SIEM is designed to provide optimized threat detection and response, enabling SOC teams in companies to operate more routinely, more automated and ultimately more productively.

Advertising
Perfect SME cybersecurity
How small and medium-sized enterprises defend against AI-led attacks with tailored security

Two thirds of companies with cybersecurity incidents

Last year, 77 percent of companies were affected by at least one cybersecurity incident - 75 percent of which were serious incidents. Companies therefore need solutions for real-time collection and analysis of telemetry data to improve their current situational awareness and protection level.

The Kaspersky Unified Monitoring and Analysis Platform is a next-generation SIEM solution for managing security data and events. It not only collects, aggregates, analyzes and stores log data from the entire IT infrastructure, but also provides IT security professionals with contextual enrichment and actionable threat intelligence insights. The update enables SOC professionals to better navigate the platform and detect threats early and efficiently.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

New SIEM features

  • Forwarding events from remote locations into a single stream: A new event router relieves the load on communication channels and reduces the number of open ports on network firewalls. It receives events from different locations and forwards them to predefined destinations based on the filters configured for the service. Such an intermediate service enables effective load balancing between connections and the use of low-bandwidth connections.
  • Grouping by any field Using time rounding capabilities of the Event interface: Investigations require analysts to select events and build queries using grouping and aggregation functions. Customers can now run aggregation queries by selecting one or more fields they can use as grouping parameters and clicking "Run Query."
  • Search for events in multiple selected memories: Users can now run a search query across multiple storage clusters simultaneously and receive the results in a single consolidated table. This enables more efficient and easier retrieval of the events needed across distributed storage clusters. The combined table contains the location of each record.
  • Assigning rules to MITRE ATT&CK®: A new mechanism helps analysts visualize the coverage of the MITRE ATT&CK® matrix by created rules and thus assess the level of security. This allows them to import an up-to-date file with the list of techniques and tactics into the SIEM system, specify their properties that are detected by a rule, and export a list of rules from the SIEM system marked according to the matrix to the MITRE ATT&CK Navigator.
  • Collection of DNS analytics logs: The new Event Tracing for Windows (ETW) transport, used to read DNS Analytics subscriptions, delivers an enhanced DNS log, diagnostic events, and analytical data about DNS server operations. This provides more information than the DNS debug log and has less impact on DNS server performance.

"The SIEM system is one of the most important tools for cybersecurity professionals. The security of an organization largely depends on how easily the experts can interact with SIEM and focus on combating threats instead of performing routine tasks. Based on the voices from the market and feedback from our own customers, we are always actively optimizing our solution and continuously introducing new features to simplify the work of analysts," comments Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.

More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

PDFs: The Trojan Horses of Hackers

Cybercriminals are increasingly using the popular PDF file format to hide malicious code. Recent IT forensics findings underscore this: 68 ➡ Read more

Maximum IT security for OT systems

OT systems are rarely attacked directly. However, gaps and vulnerabilities in traditional IT make OT systems more vulnerable to attacks. ➡ Read more

IT resilience: cybersecurity at the storage level

More data security features for greater IT resilience at the storage level: Cyber ​​security managers can pursue a proactive data security approach at the storage level with highly secure NetApp storage and thus ➡ Read more

Algorithms for post-quantum cryptography

A provider of IT security solutions introduces Quantum Protect, a post-quantum cryptography application suite for its u.trust General Purpose Hardware Security Modules (HSMs) ➡ Read more

Power grid threat: security gaps in solar systems

A cybersecurity solutions provider published its research report “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems”, which ➡ Read more

Cloud and SaaS security is inadequate

A recent study shows that companies' security strategies are failing to keep pace with the rapid adoption of cloud-native technologies. 28 ➡ Read more

OT environments: Detect and assess threats

Enterprises with limited resources can identify, assess, and make informed decisions about threats in OT environments with a comprehensive endpoint protection solution. ➡ Read more

Cybersecurity: Automatically check connected devices

Suppliers and users can now easily manage the cybersecurity and compliance of the software in their networked devices, machines and systems. ➡ Read more

PR News
, , , , ,