The IT management company ManageEngine has updated Log360, which is a security information and event management (SIEM) platform. The platform’s Vigil IQ module now has an exploit triad analytics feature that allows security teams to gain a more full understanding of attackers.
The new capability unifies the full triad (consisting of users, entities, and processes) into a single view, making it easier for security teams to perform investigations.
It also uses machine learning to add more context to threat data, incorporating information from user and entity behavior analytics (UEBA) solutions, process tree visualization, and risk scoring for IPs, URLs, and domains.
“Today’s cyberthreats masterfully blend into the fabric of legitimate activity, weaponizing stolen credentials, mimicking trusted processes and exploiting human vulnerabilities. These insidious tactics create a critical challenge: an extended data breach life cycle. It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark. Manual, unguided threat analysis is a losing battle—a labyrinth of multi-tool chaos,” said Manikandan Thangaraj, vice president of ManageEngine.
In addition to the exploit triad feature, Log360’s Vigil IQ was also updated with a correlation package that adds over 100 out-of-the-box correlation rules for detecting common tools used by attackers. It also now integrates with VirusTotal, which is a threat intelligence service.