Kaspersky Unified Monitoring and Analysis Platform (KUMA) – SIEM platform for centralized security event monitoring and analysis

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is Kaspersky's SIEM platform, designed to help enterprises collect, normalize, correlate and analyze security events centrally in real-time. In the context of increasingly sophisticated cyberattacks and increasingly complex IT infrastructure, KUMA plays a central role in enhancing security monitoring capabilities, early threat detection and optimizing SOC operations for enterprises.

According to Kaspersky, KUMA is a next-generation SIEM solution that supports comprehensive monitoring of IT and OT systems on a unified platform.

SIEM market overview and enterprise needs

According to Grand View Research, the global Security Information and Event Management (SIEM) market reached $3.9 billion in 2022. Polaris Market Research recorded the market size at $8.75 billion in 2024 and forecasts growth at a CAGR of approximately 15%, heading toward $26.79 billion by 2032.

The Asia-Pacific region, including Vietnam, is rated by Mordor Intelligence as one of the fastest-growing SIEM markets, thanks to strong digital transformation and the increase in attacks such as ransomware, APT and supply chain attacks.

Why do enterprises need to deploy SIEM?

During IT infrastructure expansion and modernization, enterprises face numerous cybersecurity challenges:

• Increasing Ransomware, APT, phishing, insider threats attacks

• Complex IT infrastructure, combining On-Premise, Hybrid Cloud and Multi-Cloud

• Difficulties in monitoring, analyzing, and investigating security incidents

• Requirements to comply with information security standards and regulations

• Shortage of SOC personnel with deep expertise

SIEM solution enables businesses to centralize security logs and events, analyze data in real-time, support incident investigation and response, and enhance proactive defense capabilities.

Introducing Kaspersky Unified Monitoring and Analysis Platform (KUMA)

Kaspersky is a global cybersecurity company, operating in nearly 200 countries and territories, protecting over 400 million users. With over 20 years of experience, Kaspersky provides security solutions for large enterprises, SMBs and individual users.

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a SIEM platform designed to:

• Collect, process and store security events from various sources

• Normalize and enrich event data

• Real-time and retrospective event correlation

• Detect anomalous behavior across the entire IT infrastructure

• Support automated response through Kaspersky ecosystem and custom scripts

KUMA deeply integrates with solutions such as Kaspersky Security Center, Threat Intelligence Portal, Kaspersky CyberTrace, Kaspersky Endpoint Detection and Response (EDR), and Kaspersky Industrial CyberSecurity for Networks.

Kaspersky KUMA SIEM platform architecture

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is built on a modular architecture, allowing flexible deployment from all-in-one to geographically distributed models, suitable for large and complex IT systems.

Main components of KUMA SIEM

🔹 KUMA Core

The central component of Kaspersky KUMA SIEM platform, providing unified management interface, data visualization, user management, dashboards and security incident investigation support.

🔹 KUMA Correlator

Perform security event correlation based on predefined rules, supporting real-time incident detection and historical data retrospective scanning.

🔹 KUMA Collector

Collect, normalize, enrich, and filter events from multiple sources, supporting diverse protocols and log formats.

🔹 KUMA Storage

Event storage on ClickHouse platform, supporting hot, cold, and archive storage, ensuring high performance and linear scalability.

🔹 KUMA Agent

Collect events from Windows, Linux operating systems and air-gapped environments.

🔹 KUMA Event Router

Flexible event routing and distribution, optimizing bandwidth and supporting complex deployment scenarios.

Key features of Kaspersky SIEM (KUMA)

• High performance, supporting up to 500,000 EPS per node

• Flexible horizontal and vertical scalability

• Multi-tenancy support

• Integration with Threat Intelligence, EDR, SOAR, Active Directory and OT/ICS

• Automatically respond to incidents and enrich data in real time

• Query events using SQL syntax

• Support RESTful API, SSO, LDAP, FreeIPA

• Export reports in multiple formats: HTML, PDF, CSV, Excel

Deployment model and system requirements for KUMA SIEM

Kaspersky Unified Monitoring and Analysis Platform (KUMA) supports multiple deployment models:

• All-in-One centralized deployment for small and medium systems

• Deploy distribution for large-scale systems requiring high performance and scalability

The architecture is designed based on EPS targets and minimum 6-month log retention requirements, ensuring long-term stability and scalability.

KUMA SIEM in Sonic's cybersecurity solution ecosystem

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a key component in the cybersecurity solution portfolio distributed by Sonic in Vietnam, helping enterprises build modern SOC systems and proactively address threats.

Conclusion

Kaspersky Unified Monitoring and Analysis Platform (KUMA) is a powerful, flexible, and highly scalable SIEM platform suitable for organizations and enterprises with large and complex IT infrastructure. The solution helps centralize security monitoring, accelerate threat detection, optimize SOC operations, and integrate tightly with the Kaspersky security ecosystem as well as third-party solutions.

👉 Learn more about other cybersecurity solutions at:
https://sonictech.com.vn/