Kaspersky Enhances SIEM Platform with AI to Combat DLL Hijacking Threat Detection
Kaspersky has announced an upgraded version of its advanced Kaspersky SIEM platform, now enhanced with artificial intelligence (AI) capabilities to detect signs of DLL hijacking attacks. The new update also includes seamless integration with Kaspersky Digital Footprint Intelligence (DFI) and Managed Detection and Response (MDR), alongside improved dashboard and reporting functionalities designed to strengthen enterprise cybersecurity efficiency.
According to Kaspersky’s MDR Analyst Report 2024, Advanced Persistent Threats (APTs) impacted one in four organizations worldwide, marking a 74% increase compared to 2023. This alarming growth underscores the need for more adaptive and intelligent detection systems. Kaspersky’s new SIEM upgrade directly addresses these challenges, enhancing both visibility and response across complex digital environments.
🔹 Enhanced Protection Against DLL Hijacking
Legitimate software applications often load multiple dynamic libraries, which can be exploited by cyber attackers to execute stealthy intrusions. The latest AI-powered subsystem within Kaspersky SIEM continuously monitors all loaded libraries, automatically flagging any suspected substitution events.
This automated annotation enables rapid incident creation and investigation, empowering security teams to detect and respond to DLL hijacking threats more effectively.
🔹 Integration with DFI and MDR
The upgraded SIEM platform now integrates directly with Kaspersky Digital Footprint Intelligence, allowing organizations to monitor leaked credentials, detect account compromises, and receive automated alerts for faster remediation.
Additionally, incidents from Kaspersky Managed Detection and Response (MDR) can now be automatically imported into the SIEM console, streamlining incident analysis and response workflows for security teams.
🔹 Advanced Behavioral Analytics (UEBA)
Kaspersky SIEM now incorporates a dedicated User and Entity Behavior Analytics (UEBA) ruleset that identifies anomalies across authentication, network traffic, and process execution on Windows-based endpoints and servers.
This capability strengthens detection of APTs, targeted attacks, and insider threats, enabling earlier intervention and more accurate response.
🔹 Improved Dashboards and Reporting
The new update allows sharing and synchronization of dashboards and report templates between different SIEM installations, ensuring consistent monitoring and collaboration across enterprise environments.
Enhanced data visualization widgets enable users to display trends, combine multiple graphs, and analyze relationships between key security metrics.
A new drill-down feature allows analysts to move from one dashboard to another for deeper, context-rich investigation.
🔹 Higher Availability and Scalability
The platform now leverages a distributed Raft-based architecture, ensuring high availability, resilience, and horizontal scalability under heavy workloads—critical for enterprises managing vast security data streams.
> “At Kaspersky, we continuously evolve our SIEM platform to ensure its detection capabilities stay ahead of sophisticated cyber threats,” said Ilya Markelov, Head of Unified Platform Product Line at Kaspersky.
“By leveraging AI, we automate complex processes and accelerate large-scale data analysis—allowing cybersecurity professionals to focus on strategic threat hunting and preventive measures.”
