Singapore – Kaspersky, a global cybersecurity firm, has recently unveiled a suite of enhancements to its security information and event management (SIEM) system to enhance the productivity of cybersecurity teams through expanded threat detection and response features.
These new additions to Kaspersky’s Unified Monitoring and Analysis Platform further enable cybersecurity professionals to efficiently navigate the platform.
Key features of the platform include an event forwarding capability to work from remote offices to a single stream. This strategic approach allows an event router to be added to reduce load on communication channels and the number of ports opened on network firewalls.
The router also collects events from collectors and directs them to designated destinations using configured filters, facilitating efficient load balancing between links and the use of low-bandwidth links. With this, the platform now offers the ability to group by arbitrary fields through time-rounding functions from the event interface.
Furthermore, a capability to search events in multiple selected storage clusters has also been a notable addition to the platform. This capability makes it possible for a search query to be launched across multiple storage clusters, with the results displayed in a single consolidated table that shows the storage location for each record.
Among the new enhancements, a mechanism for mapping rules to the MITRE ATT&CK framework was also launched, with a feature that assists analysts in visualising the coverage of the MITRE ATT&CK matrix by developing rules, thereby assessing security levels.
This functionality further enables analysts to import an up-to-date file with techniques and tactics into the SIEM system, as well as specify techniques and tactics detected by a rule in its properties. It also exports a marked-up list of rules to the MITRE ATT&CK Navigator.
Additionally, the update provides a collection of DNS analytics logs through the latest ETW (Event Tracing for Windows) transport. This functionality is used to read DNS Analytics subscriptions and provides an extended DNS log, diagnostic events, and analytical data on DNS server operations, offering more information than the DNS debug log and impacting DNS server performance less.
Commenting about these innovations, Ilya Markelov, head of the unified platform product line at Kaspersky, remarked, “The SIEM system is one of the primary tools designed for cybersecurity professionals. A company’s security largely depends on how conveniently experts can interact with SIEM, allowing them to focus directly on combating threats rather than performing routine tasks.”
“We are continuing to actively improve the solution based on market needs and customer feedback, and we are consistently introducing new features to make analysts’ work simpler,” Markelov further explained.
