ManageEngine introduced a dual-layered threat detection system in its security information and event management (SIEM) solution, Log360.
This feature, part of Log360’s threat detection, investigation, and response (TDIR) component called Vigil IQ, aims to enhance the accuracy and precision of threat detection for security operations center (SOC) teams. The move is in response to challenges in enterprise security, including staffing shortages and complexities in solution orchestration.
“In a recent ManageEngine study, a majority of respondents revealed that their SOCs are understaffed. These resource-constrained SOCs grapple with significant obstacles, such as process silos and manual investigation of alerts, which are often non-threats, low-priority issues or false positives. These lead to extended detection and response times for actual threats. To overcome these challenges, we recognize the imperative adoption of AI & ML for contextual event enrichment and rewiring threat detection logic,” Manikandan Thangaraj, vice president at ManageEngine, wrote.
The new system incorporates Smart Alerts, combining accuracy and precision in threat detection. With dynamic learning capabilities, Vigil IQ adapts to evolving network behavior, enhancing the reliability of the detection system by identifying threats that may be missed due to manual threshold settings.
Vigil IQ’s Proactive Predictive Analytics utilizes historical data patterns for predicting potential security threats. This approach enables the implementation of proactive measures before incidents occur, significantly reducing the mean time to detect (MTTD) threats. The system’s Contextual Intelligence enriches alerts with deep contextual information, offering security analysts comprehensive threat insights. This enrichment of alerts with non-event context accelerates the MTTR by providing pertinent and precise information to security teams.
In response to the challenges in enterprise security, ManageEngine’s Log360 is enhancing its capabilities to empower security operations centers (SOC) with improved accuracy and precision in threat detection. Recent upgrades, including the dual-layered threat detection system, aim to optimize SOC performance and address issues such as staffing shortages and complexities in solution orchestration. The focus is on providing a comprehensive solution that combines dynamic learning, predictive analytics, and contextual intelligence to enhance the overall effectiveness of security operations, according to the company.