ManageEngine Introduces ML-Powered Exploit Triad Analytics To Shorten Breach Life Cycle
The feature will allow enterprises to trace the path of adversaries and mitigate breaches by providing contextual visibility into the exploit triad.
ManageEngine, the enterprise IT management division of Zoho Corp., has announced the release of a machine learning-powered exploit triad analytics feature in its SIEM solution, Log360. The feature will allow enterprises to trace the path of adversaries and mitigate breaches by providing contextual visibility into the exploit triad: users, entities and processes.
Log360’s threat detection and incident response module, Vigil IQ, features a dual-layered threat detection system released last year. It now enhances security with advanced analytics offering deeper insights and faster response times, ManageEngine said.
According to the company, user, device and process analytics are unified on a single console that allows security professionals to investigate as they traverse through the Incident Workbench. Log360's ML-powered contextual analysis incorporates insights from user and entity behaviour analytics, process tree visualisation, and the risk scoring of IPs, URLs and domains. The process flow probing capability and the correlation rules for the spawning of suspicious processes combine to improve process hunting.
"It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark. Manual, unguided threat analysis is a losing battle—a labyrinth of multi-tool chaos," said Manikandan Thangaraj, vice president of ManageEngine.
"By offering a dynamic tapestry of insights into user attributes, process lineage and threat intelligence, Log360's ML-powered exploit triad analytics transcends from merely assisting detection to enabling better comprehension," Thangaraj said.
According to ManageEngine, the latest iteration of Vigil IQ enhances threat detection capabilities. This is done through a package of more than 100 correlation rules for detection of prevalent attacker tools in the environment and living off the land attacks. Also, through integration with VirusTotal, the Advanced Threat Analytics feature enhances visibility into external threats and risk analysis.