Real-time streaming correlation
Kaspersky SIEM provides centralized collection and analysis of log records, real-time correlation of cyber-events and timely incident notification, as well as out-of-the-box (OOTB) connectors for various log sources.
Overview
Kaspersky Unified Monitoring and Analysis Platform is a next-generation SIEM solution for managing security data and events. It analyzes information security events in real time, significantly increasing situational awareness.
The platform not only collects, aggregates, analyzes and stores log data from the entire IT infrastructure but also provides contextual enrichment and actionable threat intelligence insights used by IT security experts for various use cases, including governance, compliance, and rule-based correlation matching for suspicious activity. The solution also supports automation of response to generated alerts.
Use cases
Kaspersky SIEM is designed to help organizations with established information security processes to increase their efficiency in the following tasks:
About our solution
Kaspersky SIEM integrates Kaspersky products and third-party solutions into a centralized information security system and is a key component in implementing a comprehensive defense approach capable of securing corporate and industrial environments, as well as the IT/OT systems junction most exploited by attackers, from today’s cyberthreats.
Tight integration with Kaspersky Threat Intelligence
The platform is tightly integrated with Kaspersky Threat Intelligence's rich portfolio of services to identify and prioritize threats and access contextual information on new attacks, indicators of compromise, attacker tactics and techniques.
Contextual information for incident response
Automated collection of inventory information (installed software, vulnerabilities, equipment, asset owners, etc.) can be used to contextualize information security events and assist in incident investigation . Workplace agent management assists in the process of responding to identified incidents.
Why choose us
High performance, scalability and low system requirements
Powerful correlation streaming engine and the modular microservice architecture enable easy configuration changes, provides unlimited scalability, fault tolerance, minimal cost of ownership and flexible deployment options.
Wide range of out-of-the box integrations
Both with Kaspersky products and third-party solutions. There is also the option to add additional integrations as required. Kaspersky SIEM excels in its ability to receive data (logs) from other systems and devices.
MSSP and large enterprise ready
Multitenant architecture of Kaspersky SIEM has full tenants, which means data delimitation, i.e. users of one tenant cannot see data (events, alerts, incidents, users) of other tenants. At the same time, the master administrator (MSSP) has access to its subordinate tenants.
Simple and flexible licensing policy
Kaspersky SIEM relies solely on the EPS (event-per-second) metric when it comes to licensing. We track average flow of EPS per day after aggregation and filtering to limit overruns and do not limit access to Kaspersky SIEM in case they happen, we also allow for unlimited NetFlow with the purchased module and avoid pay-per-use cloud policies to keep the price reasonable and predictable.
24/7 Premium support and services
Professional help is available when you need it. Operating in more than 200 countries from 34 offices around the world, we are there for you 24/7/365. Take advantage of our premium support packages or our professional services to ensure you get the most out of your Kaspersky security installation.
Related products
KasperskySecurity for Mail Server
Proven multi-layered protection against mail-based attacks
KasperskySecurity for Internet Gateway
Secures your infrastructure against web-based threats
KasperskyThreat Intelligence
For instant access to technical, tactical, operational and strategic TI