ManageEngine
unveiled the industry's first dual-layered threat detection system in
its
security information and event management (SIEM)
solution, Log360. The new feature, available in Log360's threat
detection, investigation and response (TDIR) component, Vigil IQ,
empowers security operations center (SOC) teams in organizations with
improved accuracy and enhanced precision in threat detection.
A quality SOC ensures people, processes, and cutting-edge technology
function well. However, enterprise security is made difficult by
staffing shortages and solution orchestration complexities. Following
recent upgrades to the security analytics module of Log360 designed to
facilitate SOC optimization through key performance metric monitoring, the company has focused on addressing pressing challenges in security operations.
"In a recent ManageEngine study,
a majority of respondents revealed that their SOCs are understaffed.
These resource-constrained SOCs grapple with significant obstacles, such
as process silos and manual investigation of alerts, which are often
non-threats, low-priority issues or false positives. These lead to
extended detection and response times for actual threats. To overcome
these challenges, we recognize the imperative adoption of AI & ML
for contextual event enrichment and rewiring threat detection logic,"
said Manikandan Thangaraj, vice president at ManageEngine.
"We pioneered a dual-layered, ML approach to heighten the precision and
consistency of threat detection. First, Vigil IQ ensures genuine threats
are discerned from false positives. Second, the system facilitates
targeted threat identification and response. This advanced system
significantly improves the accuracy of identifying threats, streamlining
the detection process and allowing SOC analysts to focus their valuable
time on investigating real threats."
Key Features of the Dual-Layered Threat Detection System of Vigil IQ in Log360
Smart Alerts:
Vigil IQ, the TDIR module of Log360, now combines the power of both
accuracy and precision in threat detection. With its dynamic learning
capability, Vigil IQ adapts to the changing nature of network behavior
to cover more threat instances accurately. It will spot threats that get
overlooked due to manual threshold settings, thereby improving the
detection system's reliability.
Proactive Predictive Analytics: Leveraging predictive analytics
based on historical data patterns, Vigil IQ predicts potential security
threats, facilitating the implementation of proactive measures before
incidents occur. This predictive intelligence drastically reduces the
mean time to detect (MTTD) threats.
Contextual Intelligence: Vigil IQ enriches alerts with deep
contextual information, providing security analysts with comprehensive
threat insights. This enrichment of alerts with non-event context
accelerates the mean time to respond (MTTR) by delivering pertinent,
precise information.