SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
ManageEngine unveils machine learning feature in Log360 for rapid breach response
Fri, 23rd Feb 2024

ManageEngine, the enterprise IT management arm of Zoho Corporation, has announced the release of a machine learning (ML)-powered exploit triad analytics feature in its Security Information and Event Management (SIEM) solution, Log360, to address the growing need for faster breach responses.

This feature unveiled at the ManageEngine User Conference held at The Ritz-Carlton, Dubai International Financial Centre, provides enterprises the capability to trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad, namely, users, entities, and processes.

Manikandan Thangaraj, Vice President of ManageEngine, highlighted the alarming statistics centred around data breaches. "Today's cyber threats masterfully blend into the fabric of legitimate activity, weaponising stolen credentials, mimicking trusted processes, and exploiting human vulnerabilities," said Thangaraj. He added, "It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark."

Thangaraj believes Log360's ML solution aims to dramatically reduce the breach life cycle. "By offering a dynamic tapestry of insights into user attributes, process lineage, and threat intelligence, Log360's ML-powered exploit triad analytics transcends merely assisting detection to enabling better comprehension. This makes it a game-changer in reducing the breach life cycle," said Thangaraj.

In an enhancement to Log360's threat detection and incident response module, Vigil IQ, it appears they are addressing the multi-faceted nature of cybersecurity threats. The upgrade includes an integrated trifecta featuring user, device, and process analytics - all accessible via a single console. This enhancement makes the software a tool for professionals seeking detailed information whilst undertaking security investigations.

Other additions to Log360 include ML-powered contextual data enrichment and a process hunting suite. The former provides Log360 with a robust contextual analysis system drawing insights from User and Entity Behaviour Analytics (UEBA), process tree visualisation, and the risk scoring of IPs, URLs, and domains. Simultaneously, the process hunting suite creates a complete suite for process hunting combined with the correlation rules for the initiation of suspicious processes.

The updated iteration of Vigil IQ further enhances threat detection capabilities with a correlation package for prevalent attacker tools and live off the land (LOTL) threats, offering more than 100 out-of-the-box correlation rules for effective detection of prevalent attacker tools and LOTL attacks.

An integration with VirusTotal, one of the leading threat intelligence services, further expands the Advanced Threat Analytics feature for enhanced visibility into external threats and risk analysis. This comprehensive approach aims to equip enterprises with the tools they need to navigate an increasingly difficult cybersecurity landscape.