Kaspersky has outlined how artificial intelligence and machine learning are being integrated into its Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies to bolster cyber threat detection and incident response.
The company states that by harnessing AI and machine learning within its EDR and XDR platforms, it can better process and analyse large volumes of data, facilitating improved threat detection and easing the operational workload for security teams. This approach comes as organisations contend with increasingly sophisticated cyber threats.
According to a Kaspersky report titled "Cyber defense & AI: Are you ready to protect your organisation?", nearly half of businesses surveyed indicated they already utilise AI-based solutions that automatically adapt and enhance threat detection and response through machine learning, while 46% are actively implementing such solutions.
One area where Kaspersky identifies a significant impact of AI is behavioural analysis and anomaly detection. Machine learning enables EDR and XDR platforms to establish baselines for typical activity within organisations by persistently monitoring user behaviour, system actions, and network traffic. Any deviations from these patterns are flagged as potentially suspicious activities, allowing for the identification of previously unknown threats such as zero-day attacks and advanced malware. Unlike rule-based detection systems, which rely on predefined threat signatures, machine learning-driven behavioural analysis increases the capability to detect novel threats.
Threat hunting, traditionally a manual process that involves security analysts investigating logs and alerts to identify potential information security risks, is also being transformed by AI. Kaspersky notes that AI can correlate data from multiple sources and detect indicators of compromise that might otherwise be missed, streamlining and strengthening the threat hunting process.
Managing false positive rates is another challenge familiar to cybersecurity professionals. Kaspersky asserts that AI is augmenting the accuracy of threat detection models by continually refining them and by prioritising threats based on risk. As AI-driven EDR and XDR systems improve the differentiation between benign anomalies and genuine threats, organisations can focus on higher-impact incidents while reducing distractions from non-critical alerts.
AI is also being used to automate incident response and remediation. Upon detecting a potential attack, EDR and XDR systems equipped with AI capabilities can initiate predefined response actions, such as isolating compromised devices, blocking suspicious IP addresses, or quarantining files, in real-time. This reduces incident response times, allowing security teams to focus on strategic priorities rather than getting bogged down in operational responses.
Another application highlighted by the company is predictive threat intelligence. AI-supported EDR and XDR platforms can assimilate global threat data and learn from past incidents to forecast emerging attack patterns. Machine learning models trained on extensive security datasets enable these platforms to anticipate incoming threats, allowing organisations to fortify their defences in advance and tailor security strategies to evolving risks.
Looking ahead, Kaspersky points to several trends likely to characterise the next generation of AI in EDR and XDR technologies. These include the advancement of explainable AI, which will offer security specialists greater transparency into AI decision-making; an ongoing AI arms race as threat actors and security vendors develop increasingly sophisticated techniques to outmanoeuvre each other; and self-learning security systems that automatically adapt to new threats with minimal human input.
Vladislav Tushkanov, Group Manager at the Kaspersky AI Technology Research Centre, commented, "AI is no longer a future concept in cybersecurity – it's already reshaping the way we detect, respond to, and prevent threats. Kaspersky actively utilises AI and ML in its products, and patents its innovative approaches of using AI in a variety of tasks, including anomaly and malware detection, detection of malicious scripts, and phishing. As cyber threats grow in scale and sophistication, AI is becoming the foundation for resilient, proactive cyber defense."
