ManageEngine, the enterprise IT management division of Zoho Corporation, announced the release of a unique, ML-powered exploit triad analytics feature in its SIEM solution, Log360.
This feature allows enterprises to knowledgeably trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad: users, entities and processes. The feature update was unveiled at the ManageEngine User Conference at The Ritz-Carlton, Dubai International Financial Centre in the United Arab Emirates.
Addressing the Critical Need for Faster Breach Response
“Today’s cyberthreats masterfully blend into the fabric of legitimate activity, weaponising stolen credentials, mimicking trusted processes and exploiting human vulnerabilities. These insidious tactics create a critical challenge: an extended data breach life cycle. It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark. Manual, unguided threat analysis is a losing battle—a labyrinth of multi-tool chaos,” said Manikandan Thangaraj, vice president of ManageEngine.
“By offering a dynamic tapestry of insights into user attributes, process lineage and threat intelligence, Log360’s ML-powered exploit triad analytics transcends from merely assisting detection to enabling better comprehension. This makes it a game-changer in reducing the breach life cycle,” said Thangaraj.
Highlights of the Enhancement
Log360’s threat detection and incident response (TDIR) module, Vigil IQ, features a dual-layered threat detection system released last year. It now takes security a step further, with advanced analytics offering deeper insights and faster response times.
⦁ A three-way threat hunting core: User, device and process analytics are unified on a single console that allows security professionals to delve deep into investigation as they traverse through the Incident Workbench.
⦁ ML-powered contextual data enrichment: Log360’s in-depth contextual analysis incorporates insights from UEBA; process tree visualization; and the risk scoring of IPs, URLs and domains.
⦁ A process hunting suite: The process flow probing capability on the Incident Workbench and the correlation rules for the spawning of suspicious processes together create a complete suite for process hunting.
Empowering the cyber investigation dashboard, the latest iteration of Vigil IQ also enhances threat detection capabilities with the introduction of the following features:
⦁ A correlation package for prevalent attacker tools and LOTL threats: Augmenting the Incident Workbench, the solution also enhances the threat detection capabilities of Vigil IQ with more than 100 out-of-the-box correlation rules for effective detection of prevalent attacker tools in the environment and LOTL attacks.
⦁ An integration with VirusTotal: The scope of the Advanced Threat Analytics feature has expanded via an integration with VirusTotal, one of the leading threat intelligence services, for enhanced visibility into external threats and risk analysis.