ManageEngine Introduces Dual-Layered Threat Detection System in Log360 SIEM Solution

ManageEngine, the enterprise IT management division of Zoho Corporation, has unveiled a cutting-edge dual-layered threat detection system, a first in the industry, as claimed by the company. This feature is integrated into Log360, the company's security information and event management (SIEM) solution, specifically within its threat detection, investigation, and response (TDIR) component, Vigil IQ.

The new system is designed to empower Security Operations Center (SOC) teams by significantly improving accuracy and precision in threat detection, addressing challenges faced by resource-constrained SOCs. Recent upgrades to Log360's security analytics module, focusing on SOC optimization through key performance metric monitoring, preceded this groundbreaking feature.

According to a recent study by ManageEngine, many SOCs are understaffed, leading to significant obstacles like process silos and manual investigation of non-threats, low-priority issues, or false positives. Manikandan Thangaraj, Vice President at ManageEngine, highlighted the imperative adoption of AI & ML for contextual event enrichment and rewiring threat detection logic.

The dual-layered ML approach of Vigil IQ aims to enhance the precision and consistency of threat detection. The system first ensures genuine threats are distinguished from false positives, then facilitates targeted threat identification and response. This advanced system improves the accuracy of threat identification, streamlining the detection process for SOC analysts to focus on investigating real threats.

Key Features of Vigil IQ's Dual-Layered Threat Detection System in Log360:

Smart Alerts: Vigil IQ combines accuracy and precision in threat detection. Its dynamic learning capability adapts to changing network behavior, covering more threat instances accurately and overcoming manual threshold settings.

Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, reducing the mean time to detect (MTTD) threats.

Contextual Intelligence: Vigil IQ enriches alerts with deep contextual information, providing security analysts with comprehensive threat insights. This accelerates the mean time to respond (MTTR) by delivering pertinent, precise information.

The introduction of this dual-layered threat detection system reflects ManageEngine's commitment to advancing SIEM solutions and enhancing the capabilities of SOCs in addressing evolving cybersecurity challenges.