Kaspersky Next Enhances AI Powered Threat Detection And Unified Security Operations For Businesses

By unifying SOC tools within a single platform and enhancing EDR and AI capabilities, we enable faster, more precise threat detection, as well as more efficient operations

JOHANNESBURG, South Africa, March 9, 2026/APO Group/ --

These advancements facilitate the administration and maintenance of security tasks on a platform, and allow for advanced AI capabilities, enhancing various processes from faster data search to improved threat detection. Moreover, this update in Kaspersky Next (www.Kaspersky.co.za) helps companies significantly reduce hardware requirements, leading to cost savings and increased efficiency.

According to the latest Kaspersky global study, one in three companies intends (https://apo-opa.co/3NrZEE7) to integrate EDR (Endpoint Detection and Response) or XDR (Extended Detection and Response) into their security operations centers to deliver advanced and reliable protection. This trend highlights a growing recognition among organisations of the critical importance of unified, proactive security solutions to counter increasingly sophisticated cyber threats. With this in mind, Kaspersky updated Kaspersky Next to ensure that businesses are armed with the most effective and all-encompassing cybersecurity technologies and tools.

Kaspersky Next is a flagship B2B product line that provides real-time protection, threat visibility, investigation and response capabilities of EDR and XDR within core offerings: Kaspersky Next Optimum (for small and mid-sized businesses) and Kaspersky Next Expert (for enterprises of all sizes). In its new release, Kaspersky Next Expert has received significant updates related to AI-powered technologies, EDR capabilities and flexible deployment options.  

All in one: more integrity and visibility in Kaspersky Next EDR Expert

Kaspersky Next EDR Expert has migrated to the Open Single Management Platform (OSMP), uniting essential security operations center (SOC) tools such as EPP, EDR, XDR and SIEM within a single management console. This migration enables seamless interaction between components and allows both Kaspersky and third-party solutions to be integrated with the console. At the same time, Kaspersky maintained seamless transitions between OSMP and Kaspersky Anti Targeted Attack/Network Detection and Response interfaces with the Single Sign-On service to ensure a simple and fast experience with both EDR and NDR simultaneously.

For large-scale deployments, this update provides optimised sizing, reducing resource requirements by up to 30% for users of Kaspersky Next EDR Expert and up to 60% for users of Kaspersky Next XDR Expert.

With the new release, companies receive access to advanced AI features including:

Precise detection of DLL hijacking class attacks, with automatic alert generation upon identification. DLL hijacking is a prominent attack technique that involves getting vulnerable legitimate software to load a malicious dynamic library (DLL). AI examines program launch and execution parameters, identifying suspicious occurrences of legitimate software running with malicious libraries, enabling the solution to detect DLL hijacking.

Spotting of potentially compromised user accounts. The AI-driven mechanism leverages new correlation rules that determine the baseline of normal login activity and detects abnormal events to trigger account theft alerts.

In addition to the above-mentioned AI-based features, Kaspersky Investigation and Response Assistant (KIRA AI) has also been integrated into Kaspersky Next. KIRA is the first GenAI-powered assistant in the product line, designed to empower SOC analysts by deobfuscating command lines, providing detailed analyses and generating concise reports to help reduce cognitive load. Among other things, KIRA provides the following capabilities:

• Intelligent formulation of Threat Hunting queries in plain text. The system automatically translates a natural request into a structured query compatible with the telemetry database. Analysts can review the generated query, validate its logic and adjust parameters or syntax if required.
• Rapid generation of incident summaries in text form. Within the incident card, an AI-generated summary is displayed, explaining what happened during the incident, including the initial attack vector and the attacker’s actions throughout the incident. This enables analysts to quickly grasp the key details without reviewing all underlying event data.

Enhanced EDR capabilities

Kaspersky Next Expert now also provides improved EDR functionalities and delivers a new level of security and operational efficiency:

• The improved integration with Kaspersky MDR enables seamless collaboration, allowing for faster and more coordinated threat response.
• Enhanced monitoring of the "health" metrics for the product’s server components ensures optimal performance and reliability, minimising downtime and maintaining stability.
• The advanced capabilities of the Linux EDR agent help organisations detect and mitigate threats more effectively across diverse environments.
• Playbooks have been added to enable automated or manual incident response, reducing the time from threat detection to its neutralisation.
• The ability for alert merging into incidents was added, allowing analysts to focus on the full attack picture, reduce information noise and prioritise response to the most critical threats.
• An attack development graph is now available. It provides a visual overview of the attack chain, helping analysts quickly assess the scale, vectors, stages and response points of the threat.       
• The ability to perform a response on protected devices via a remote terminal 'Live Shell' has been added. It significantly reduces response time and allows viewing response results in the remote terminal console in real-time mode.       
• The upgraded role-based access control (RBAC) delivers advanced capabilities for managing accounts such as creating, editing and deleting as well as flexible role management, including modifications and the assignment of multiple roles.

“This update exemplifies our commitment to empowering cybersecurity teams with smarter, more integrated solutions. By unifying SOC tools within a single platform and enhancing EDR and AI capabilities, we enable faster, more precise threat detection, as well as more efficient operations, raising the bar for proactive cybersecurity protection,” comments Ilya Markelov, Head of Unified Platforms at Kaspersky.

For more information about Kaspersky Next, please visit the website (https://apo-opa.co/3NoDG4U).

*To access Kaspersky Investigation and Response Assistant feature, the customer needs an additional license and an integration with an LLM provider.