Why businesses need a unified monitoring and analysis platform for cybersecurity

• Kaspersky’s Unified Monitoring and Analyzing Platform monitors information security incidents.
• KUMA expands the capabilities of analysts, and allows businesses and organizations to optimize the budget for cybersecurity.
• Kaspersky noticed a previously unknown mobile APT campaign with KUMA.

One of the biggest problems in dealing with cybersecurity is the number of solutions that are available in the market today. While each cybersecurity solution caters to the specific needs of an organization, managing them can be a real challenge, especially for small cybersecurity teams. It’s like playing poker with a whole half-pack of cards. Card management quickly gets out of hand.

While there are managed service providers that can help manage cybersecurity, not all companies have the luxury of using them, due to budgetary or regulatory constraints. Industries like financial services, for example, require security systems that are capable of giving them complete visibility of their systems.

This is where security information and event management (SIEM) solutions come in. SIEM is a central element of most mature information security systems, so it has to meet all relevant market requirements and take into account the changing landscape of cyberthreats.

SIEM often struggles to detect threats in the cloud due to different data formats, high transfer costs and data privacy regulations. As such, having a unified console allows organizations not only to have greater visibility on their cybersecurity, but also to take the necessary actions.

Kaspersky’s Unified Monitoring and Analyzing Platform

Kaspersky’s Unified Monitoring and Analyzing Platform (KUMA) is a unified console for monitoring and analyzing information security incidents. The fundamental program includes the following components:

• One or more Collectors that receive messages from event sources and parse, normalize, and, if required, filter and/or aggregate them.
• A Correlator that analyzes normalized events received from Collectors, performs the necessary actions with active lists and creates alerts in accordance with the correlation rules.
• The Core includes a graphical interface to monitor and manage the settings of system components.
• The Storage contains normalized events and registered incidents.

Advantages of KUMA include:

• High performance: 300k+ EPS per KUMA instance
• Low system requirements: Virtual or physical environment and up to 10k EPS AiO on one virtual server
• Scalability: Flexible microservice architecture with HA support for each component
• Unified web console interface: Single fully multi-tenancy UI console for everything
• Out-of-the-box integration: With third-party products and Kaspersky solutions
• Low entry threshold: Does not require knowledge of special query languages or writing rules

Thanks to the integration with the Kaspersky CyberTrace platform, which processes reports from the National Coordination Center for Computer Incidents, the researcher can extract compromise indicators and use them to detect events in SIEM. KUMA expands the capabilities of analysts, and allows businesses and organizations to optimize the budget for cybersecurity, providing protection at the optimal level.

“Threat actors increasingly use diverse tactics to launch sophisticated targeted attacks. So it is essential to use a platform that can provide a centralized view of security events in quickly identifying and responding to potential threats such as SIEM. A SIEM is commonly used for compliance support with internal security policies and external regulatory requirements, said Victor Chu, head of systems engineering for South East Asia at Kaspersky.

He explained that KUMA empowers cybersecurity teams’ efficiency in detecting, investigating, and responding to complex cyber-incidents with the approach of XDR (Extended Detection and Response) capabilities.

Organizations, of different sizes and maturity, can deploy KUMA to receive security events from various third-party sources and security tools while correlating these events with contextual threat intelligence feeds to identify suspicious or anomalous activities thus providing timely notification of security incidents.

By collecting security events from all security controls and correlating them in real-time with advanced analytics, KUMA aggregates all the information needed for further incident investigation and response. So using KUMA helps organizations gain the visibility and context needed to understand their security posture and risks.

Chu also explained that there is some degree of automation in Kuma. When anomalies are detected, KUMA is not only able to flag them but also isolate them from causing any more problems to the system.

Interestingly, this also helps businesses deal with the shortage of cybersecurity skills in the industry. Chu believes that while AI can help with some cybersecurity tasks, there still needs to be some human intervention in managing them. However, with AI, some processes can be sped up, reducing the burden on stretched-out cybersecurity teams.

“When it comes to cybersecurity, even the most secure operating systems can be compromised. As APT actors are constantly evolving their tactics and searching for new weaknesses to exploit, businesses must prioritize the security of their systems. This involves providing employees and technical teams with the latest tools to effectively recognize and defend against potential threats as well as timely remediation of incidents,” says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

Cybersecurity in Malaysia

During a media briefin, Yeo explained that KUMA will be beneficial for organizations in Malaysia. According to the report by Kaspersky, the dangers of phishing, scams, data breaches, and geopolitically-motivated cyberattacks are seen to continue targeting organizations and individuals from the region.

In Malaysia, Kaspersky blocked 26.854,304 internet-borne attacks. This amount is equivalent to about 74,000 attacks a day. When it comes to local infections, Kaspersky detected and foiled 22 million infections in 2023, which is more than 60,000 a day.

For organizations, these figures will only lead to security teams being overwhelmed. Yeo also highlighted that 2024 will only see more cybersecurity incidents targeting both individuals and organizations. Romance scams, money laundering, illegal gambling and crypto-fraud are some of the cybersecurity activities that will increase this year.

“We could not emphasize enough to the public and corporates that practicing cyber-hygiene is an essential step to keep the local threats at bay. Offline method of attacks usually requires human action in order to be successful. As our previous research showed, employees breaching security protocols are now as dangerous as external hacking against a company. I encourage organizations to look closely into how they can strengthen the human factor of their security posture,” added Yeo.

---

---

---

---