ManageEngine Introduces ML-Powered Exploit Triad Analytics in Log360 SIEM Solution to Accelerate Breach Response Time

ManageEngine, the IT management division of Zoho Corporation, has unveiled a novel ML-powered exploit triad analytics feature within its Log360 SIEM solution. This feature aims to empower enterprises in tracking adversaries and curtailing breaches by offering comprehensive contextual visibility into the exploit triad: users, entities, and processes. The announcement was made during the ManageEngine User Conference at The Ritz-Carlton, Dubai International Financial Centre in the United Arab Emirates.

Addressing the Urgency of Swift Breach Response

Manikandan Thangaraj, Vice President of ManageEngine, highlighted the growing challenge posed by cyber threats, which adeptly blend into legitimate activities, exploiting vulnerabilities and extending the breach life cycle. He emphasized the pressing need for faster breach detection and containment, given the alarming statistics indicating that it takes an average of 277 days to identify and mitigate a data breach.

Thangaraj emphasized that traditional, manual threat analysis methods are insufficient in tackling modern cyber threats. He underscored the significance of Log360’s ML-powered exploit triad analytics in providing actionable insights and reducing the breach life cycle.

Key Enhancements

The Log360 SIEM solution’s Threat Detection and Incident Response (TDIR) module, Vigil IQ, now features advanced analytics capabilities to bolster threat detection and response:

• Three-way threat hunting core: Combining user, device, and process analytics on a single console facilitates in-depth investigation through the Incident Workbench.
• ML-powered contextual data enrichment: Log360 offers comprehensive contextual analysis, incorporating insights from User and Entity Behavior Analytics (UEBA), process tree visualization, and risk scoring of IPs, URLs, and domains.
• Process hunting suite: The integration of process flow probing capability and correlation rules for detecting suspicious processes enhances the suite for process hunting.

Additionally, the latest iteration of Vigil IQ enhances threat detection capabilities with the introduction of:

• Correlation package for prevalent attacker tools and LOTL threats: More than 100 out-of-the-box correlation rules aid in the detection of prevalent attacker tools and Living-off-the-Land (LOTL) attacks.
• Integration with VirusTotal: Advanced Threat Analytics feature is augmented through integration with VirusTotal, a leading threat intelligence service, providing enhanced visibility into external threats and risk analysis.