AI-Powered Kaspersky SIEM Strengthens Defense Against DLL Hijacking
Kaspersky has added new AI-driven features to its Security Information and Event Management (SIEM) system, boosting protection against dynamic link library (DLL) hijacking. The update also integrates Digital Footprint Intelligence (DFI) and Managed Detection and Response (MDR) systems, improving visibility and response to cyber threats.
Kaspersky reports that Advanced Persistent Threats (APTs) affected one in four companies in 2024, a 74% jump from the previous year. To meet this growing risk, Kaspersky SIEM now uses AI to detect library substitution attacks that exploit legitimate software. The system continuously monitors loaded libraries and flags any suspected replacements for immediate investigation.
The platform’s integration with Kaspersky DFI enhances visibility into data leaks, alerting users about compromised credentials. Meanwhile, MDR integration allows automatic import of incidents into the SIEM system, speeding up analysis and containment.
Kaspersky has also expanded its behavioral analytics through a dedicated User and Entity Behavior Analytics (UEBA) ruleset. This detects abnormal login attempts, unusual network traffic, and suspicious process activity on Windows systems, strengthening early detection of insider threats and targeted attacks.
Reporting tools have been improved, allowing dashboards and templates to be shared between installations. Security teams can now visualize trends, merge graphs, and analyze data with a new drill-down function for deeper insights.
A new Raft-based architecture ensures high availability and scalability, keeping systems running smoothly under heavy data loads.
According to Kaspersky’s Ilya Markelov, these upgrades aim to reduce the workload of cybersecurity teams while improving their ability to manage complex incidents. The integration of AI helps automate large-scale analysis, ensuring faster detection and stronger resilience against advanced threats.
