ManageEngine, the division of Zoho Corporation specializing in enterprise IT management, has unveiled a new feature in its SIEM solution, Log360. This feature harnesses machine learning technology to provide exploit triad analytics capabilities.

At the ManageEngine User Conference held at The Ritz-Carlton, Dubai International Financial Centre in the United Arab Emirates, a significant feature update was revealed.

This update empowers enterprises with the ability to systematically trace adversary activities and effectively mitigate breaches. By offering comprehensive contextual visibility into the exploit triad—comprising users, entities, and processes—organizations can make informed decisions to bolster their security measures.

This feature equips enterprises with the necessary insights to understand the pathways of potential threats and take proactive steps to safeguard their systems and data. The unveiling of this update underscores ManageEngine's commitment to providing cutting-edge solutions that address the evolving challenges of cybersecurity in today's digital landscape.

Managing the Crucial Need for Faster Breach Response

"Today’s cyber threats masterfully blend into the fabric of legitimate activity, weaponizing stolen credentials, mimicking trusted processes, and exploiting human vulnerabilities. These insidious tactics create a critical challenge: an extended data breach life cycle. It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark. Manual, unguided threat analysis is a losing battle—a labyrinth of multi-tool chaos," said Manikandan Thangaraj, Vice President of ManageEngine.

"By offering a dynamic tapestry of insights into user attributes, process lineage, and threat intelligence, Log360's ML-powered exploit triad analytics transcends from merely assisting detection to enabling better comprehension. This makes it a game-changer in reducing the breach life cycle," said Thangaraj.

Highlights of the Enhancement

Last year, Log360 introduced the Vigil IQ module within its threat detection and incident response (TDIR) framework, showcasing a dual-layered threat detection system. Enhancing its capabilities further, Log360 now offers advanced analytics within Vigil IQ, thereby elevating security measures with deeper insights and quicker response times.

• A three-way threat-hunting core: Security professionals can delve into investigations seamlessly using a single console where user, device, and process analytics are unified. This consolidated platform, known as the Incident Workbench, enables a thorough exploration of security incidents.

• ML-powered contextual data enrichment: Log360's thorough contextual analysis integrates insights from UEBA, process tree visualization, and risk scoring for IPs, URLs, and domains.

• A process hunting suite: The combined functionality of process flow probing on the Incident Workbench and correlation rules for detecting suspicious process spawning forms a comprehensive suite for process hunting.

Empowering the cyber investigation dashboard, the latest iteration of Vigil IQ also enhances threat detection capabilities with the introduction of the following features:

• Enhancing the Incident Workbench, the solution bolsters Vigil IQ's threat detection capabilities by introducing a correlation package tailored for prevalent attacker tools and LOTL threats. With over 100 preconfigured correlation rules, it enables effective detection of such threats within the environment.

• An integration with VirusTotal: The Advanced Threat Analytics feature now offers expanded scope through integration with VirusTotal, a prominent threat intelligence service. This integration enhances visibility into external threats and enables more thorough risk analysis.