Kaspersky Next updates its all-in-one SOC management console and enhances AI functionality

According to the latest Kaspersky study, one in three companies intends to integrate EDR (Endpoint Detection and Response) or XDR (Extended Detection and Response) into their SOCs to deliver advanced and reliable protection. This trend highlights a growing recognition among organizations of the critical importance of unified, proactive security solutions to counter increasingly sophisticated cyber threats. With this in mind, Kaspersky updated Kaspersky Next to ensure that businesses are armed with the most effective and all-encompassing cybersecurity technologies and tools.

Kaspersky Next is a flagship B2B product line that provides real-time protection, threat visibility, investigation and response capabilities of EDR and XDR[1]. In its new release, Kaspersky Next Expert, an offering designed for enterprises, has received significant updates related to AI-powered technologies, EDR capabilities and flexible deployment options.  

All in one: more integrity and visibility in Kaspersky Next EDR Expert

Kaspersky Next EDR Expert has migrated to the Open Single Management Platform (OSMP), uniting essential SOC tools such as EPP, EDR, XDR and SIEM within a single management console. This migration enables seamless interaction between components and allows both Kaspersky and third-party solutions to be integrated with the console. At the same time, we maintained seamless transitions between OSMP and KATA/NDR[2] interfaces with the Single Sign-On service to ensure a simple and fast experience with both EDR and NDR simultaneously.

For large-scale deployments, this update provides optimized sizing, reducing resource requirements by up to 30% for users of Kaspersky Next EDR Expert and up to 60% for users of Kaspersky Next XDR Expert.

Unlocking new AI features: DLL hijacking detection, AI Assistant and more
With the new release, companies receive access to advanced AI features including:

Precise detection of DLL hijacking class attacks, with automatic alert generation upon identification[3]. AI examines program launch and execution parameters, identifying suspicious occurrences of legitimate software running with malicious libraries, enabling solution to detect DLL hijacking.

Spotting of potentially compromised user accounts. The AI-driven mechanism leverages new correlation rules that determine the baseline of normal login activity and detects abnormal events to trigger account theft alerts.

In addition to the above-mentioned AI-based features, Kaspersky Investigation and Response Assistant (KIRA AI) has been also integrated into Kaspersky Next[4]. KIRA is the first GenAI-powered assistant in the product line, designed to empower SOC analysts by deobfuscating command lines, providing detailed analyses and generating concise reports to help reduce cognitive load. Among other things, KIRA provides the following capabilities:

• Intelligent formulation of Threat Hunting queries in plain text. The system automatically translates a natural request into a structured query compatible with the telemetry database. Analysts can review the generated query, validate its logic and adjust parameters or syntax if required.
• Rapid generation of incident summaries in text form. Within the incident card, an AI-generated summary is displayed, explaining what happened during the incident, including the initial attack vector and the attacker’s actions throughout the incident. This enables analysts to quickly grasp the key details without reviewing all underlying event data.

Enhanced EDR capabilities
Kaspersky Next Expert now also provides improved EDR functionalities and delivers a new level of security and operational efficiency:

• The improved integration with Kaspersky MDR enables seamless collaboration, allowing for faster and more coordinated threat response.
• Enhanced monitoring of the "health" metrics for the product’s server components ensures optimal performance and reliability, minimizing downtime and maintaining stability.
• The advanced capabilities of the Linux EDR agent help organizations detect and mitigate threats more effectively across diverse environments.
• Playbooks have been added to enable automated or manual incident response, reducing the time from threat detection to its neutralization.
• The ability for alert merging into incidents was added, allowing analysts to focus on the full attack picture, reduce information noise and prioritize response to the most critical threats.
• An attack development graph is now available. It provides a visual overview of the attack chain, helping analysts quickly assess the scale, vectors, stages and response points of the threat.       
• The ability to perform a response on protected devices via a remote terminal 'Live Shell' has been added. It significantly reduces response time and allows viewing response results in the remote terminal console in real-time mode. 
• The upgraded role-based access control (RBAC) delivers advanced capabilities for managing accounts such as creating, editing and deleting as well as flexible role management, including modifications and the assignment of multiple roles.

“This update exemplifies our commitment to empowering cybersecurity teams with smarter, more integrated solutions. By unifying SOC tools within a single platform and enhancing EDR and AI capabilities, we enable faster, more precise threat detection, as well as more efficient operations, raising the bar for proactive cybersecurity protection,” comments Ilya Markelov, Head of Unified Platforms at Kaspersky.

For more information about Kaspersky Next, please visit the website.

[1] Kaspersky Next provides two core offerings: Kaspersky Next Optimum (for small and mid-sized businesses) and Kaspersky Next Expert (for enterprises of all sizes).

[2] KATA/NDR = Kaspersky Anti Targeted Attack/Network Detection and Response

[3] DLL hijacking is a prominent attack technique that involves getting vulnerable legitimate software to load a malicious dynamic library (DLL).

[4] To access this feature, the customer needs an additional license and an integration with an LLM provider.