Enterprise IT management solutions provider, ManageEngine, is set to introduce an industry-first dual-layered threat detection system in its Security Information and Event Management (SIEM) platform, Log360.
The feature, available in Vigil IQ, Log360's threat detection, investigation, and response component, is designed to dynamically adapt to changing network behaviour. This adaptability ensures a more precise detection of threats, preventing potential breaches from being overlooked.
A part of Zoho Corporation, ManageEngine's initiative comes as part of a drive to empower Security Operations Centre (SOC) teams with improved accuracy and enhanced precision in threat detection.
A good SOC ensures solid functioning of people, processes, and advanced technology. However, the challenges of staffing shortages and the complexities of solution orchestration make enterprise security a daunting task.
These far-reaching upgrades to Log360's security analytics module are aimed at facilitating SOC optimisation through key performance metric monitoring, targeting pressing challenges in security operations.
According to Manikandan Thangaraj, Vice President at ManageEngine, "In a recent ManageEngine study, a majority of respondents revealed that their SOCs are understaffed. Resource-constrained SOCs grapple with substantial obstacles like process silos and manual investigation of alerts, often non-threats, low-priority issues, or false positives."
"To overcome these challenges, we recognise the imperative adoption of AI (Artificial Intelligence) & ML (Machine Learning) for contextual event enrichment and rewiring threat detection logic."
"We pioneered a dual-layered, ML approach to enhance the precision and consistency of threat detection. The Vigil IQ system first ensures genuine threats are discerned from false positives."
"Then, it facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process, and allows SOC analysts to focus their valuable time on investigating real threats," added Thangaraj.
Key features of the dual-layered threat detection system of Vigil IQ in Log360 include Smart Alerts and Proactive Predictive Analytics. The system's dynamic learning capacity adapts to the altering patterns of network behaviour, spotting threats potentially overlooked by manual threshold settings, thus escalating the detection system's reliability.
The predictive analytics facet of the program, based on historical data patterns, predicts potential security threats. This capability promotes the implementation of preventative measures before incidents occur, significantly reducing the mean time to detect threats.
Further, the Vigil IQ system enriches alerts with a wealth of contextual information. This data enrichment offers security analysts a comprehensive insight into threats, hastening the mean response time by delivering pertinent, precise information.