Kaspersky has upgraded its Security Information and Event Management (SIEM) platform, introducing new AI-driven capabilities aimed at improving threat detection, operational flexibility, and security operations efficiency.
The standout enhancement is an artificial intelligence mechanism designed to detect potential account compromise. The system analyses user login behaviour over time, builds baseline activity patterns, and flags anomalies that may indicate unauthorised access or credential misuse. This approach strengthens early detection of insider threats and account takeovers, which remain among the most common attack vectors for enterprises.
The update also introduces Correlator 2.0, currently in beta, a redesigned event correlation engine built for improved scalability and performance. According to Kaspersky, the new engine enables faster processing of large data volumes while reducing infrastructure strain — a critical improvement for organisations running complex or high-traffic security environments.
In addition, the SIEM platform now supports a more flexible role-based access model, allowing organisations to customise user roles to better reflect internal workflows and security responsibilities. This is intended to simplify administration and align security operations with organisational structures.
To support compliance and post-incident investigations, Kaspersky has added secure backup and restore functionality. Event data can now be exported into immutable archives, ensuring integrity during audits, regulatory reviews, and forensic analysis. The platform also introduces a background search feature, enabling analysts to run low-priority queries without interrupting active investigations — a move aimed at improving productivity in Security Operations Centres (SOCs).
Kaspersky says the upgrades respond to growing global demand for advanced SIEM solutions, particularly in regions such as the Middle East, where organisations are increasingly investing in mature cybersecurity operations. By combining AI-driven analytics, user and entity behaviour analytics (UEBA), and updated rules aligned with the MITRE ATT&CK framework, the company aims to help security teams detect sophisticated threats more quickly while maintaining strong compliance and data integrity standards.
