Kaspersky upgrades SIEM with AI-led threat detection and deeper customization

Kaspersky has rolled out a major update to its Security Information and Event Management (SIEM) platform, adding AI-driven account compromise detection, stronger data integrity controls, and expanded customization options—features aimed squarely at organisations building or modernising Security Operations Centres (SOCs).

The update comes at a time when SIEM platforms are firmly back in focus. A recent global survey by Kaspersky found that SIEM ranks among the top three cybersecurity technologies organisations prioritise when planning a SOC, with 40% of respondents identifying it as a core requirement for an advanced security function.

AI steps into account compromise detection

One of the most notable additions is an AI-enabled mechanism to detect potential account theft. The new capability analyses login behaviour, establishes baseline patterns, and flags deviations that may indicate compromised credentials. By generating early alerts on suspicious activity, the feature is designed to help security teams respond faster to identity-based attacks—an area that continues to be a major weakness for many enterprises.

Alongside this, Kaspersky has introduced Correlator 2.0 in beta. The new correlator is fault-tolerant and horizontally scalable, promising higher performance with lower hardware requirements. Together, these changes are intended to make large-scale log analysis more efficient without increasing infrastructure complexity.

More control, better compliance

The update also places a strong emphasis on flexibility and compliance. A redesigned role model allows organisations to create, clone, and modify user roles to better reflect internal workflows and governance structures. This is particularly relevant for larger SOCs where responsibilities are distributed across multiple teams.

To address regulatory and audit requirements, Kaspersky has added backup and restore functionality for event data. Security teams can now export logs into secure, immutable archive files, helping ensure the integrity of evidence during investigations and compliance checks.

Operational usability has also been improved through background search queries. Analysts can run low-priority searches without interrupting active work, with results becoming available once processing is complete—an enhancement aimed at reducing friction during day-to-day SOC operations.

Built for evolving threat environments

Kaspersky says the latest SIEM enhancements are designed to help organisations keep pace with increasingly complex threats while meeting regulatory expectations.

“At Kaspersky, our ongoing commitment is to refine and expand the capabilities of our products to stay ahead of evolving cyber threats,” said Ilya Markelov, Head of Unified Platform Product Line at Kaspersky. He added that AI-driven automation within the SIEM helps reduce manual analysis, allowing security teams to focus on investigating advanced incidents and taking proactive action.

The platform continues to leverage User and Entity Behavior Analytics (UEBA) to identify deviations from normal behaviour, supporting detection of advanced persistent threats, targeted attacks, and insider risks. Its rule mapping has also been updated to align with the latest versions of the MITRE ATT&CK framework, reinforcing its relevance for SOC teams tracking modern adversary techniques.

With identity-based attacks rising and compliance scrutiny tightening, Kaspersky’s SIEM update reflects a broader industry shift: moving beyond log collection toward intelligent, flexible, and audit-ready security operations.