ManageEngine Enhances SIEM With Dual-Layered System For Advance Threat Detection
The system improves the accuracy of identifying threats and streamlines the detection process.
ManageEngine, the enterprise IT management division of Zoho Corporation, has introduced a dual-layered threat detection system in its security information and event management solution, Log360. The feature available in Log360's threat detection, investigation and response component, Vigil IQ, will allow enterprise security operation centre teams with improved accuracy and enhanced precision in threat detection, the company said.
A quality SOC ensures that people, processes and technology function well. However, enterprise security is made difficult by staffing shortages and other complexities. In a recent ManageEngine study, a majority of respondents revealed that SOCs are understaffed.
These resource-constrained SOCs face obstacles such as process silos and manual investigation of alerts, which are often non-threats, low-priority issues, or false positives. These lead to extended detection and response times for actual threats.
“To overcome these challenges, we recognise the imperative adoption of AI and ML for contextual event enrichment and rewiring threat detection logic," said Manikandan Thangaraj, vice president, ManageEngine.
“First, Vigil IQ ensures genuine threats are discerned from false positives. Second, the system facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process and allowing SOC analysts to focus their valuable time on investigating real threats," added Thangaraj.
Key Features Of The Threat Detection System
Smart Alerts: According to ManageEngine, Vigil IQ combines accuracy and precision in threat detection and adapts to the changing nature of network behaviour to cover more threat instances through its dynamic learning capability. It will spot threats that get overlooked due to manual threshold settings, improving the detection system's reliability.
Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, allowing measures to be taken before incidents occur. This reduces the mean time to detect threats.
Contextual Intelligence: Vigil IQ offers contextual information in alerts, providing security analysts with threat insights. This accelerates the mean time to respond by delivering relevant, precise information.
