Enterprises can Outsmart malicious actors by leveraging contextual data from AD and UEBA to deconstruct the exploit triad: users, entities and processes.
ManageEngine has released a unique, ML-powered exploit triad analytics feature in its SIEM solution, Log360. This feature allows enterprises to knowledgeably trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad: users, entities and processes. The feature update was unveiled at the ManageEngine User Conference at The Ritz-Carlton, Dubai International Financial Centre in the United Arab Emirates.
“Today’s cyberthreats masterfully blend into the fabric of legitimate activity, weaponizing stolen credentials, mimicking trusted processes and exploiting human vulnerabilities. These insidious tactics create a critical challenge: an extended data breach life cycle. It takes an alarming 277 days to identify and contain a data breach, with expenses surging by 23% after surpassing the 200-day mark. Manual, unguided threat analysis is a losing battle—a labyrinth of multi-tool chaos,” shared Manikandan Thangaraj, Vice President, ManageEngine.
“By offering a dynamic tapestry of insights into user attributes, process lineage and threat intelligence, Log360’s ML-powered exploit triad analytics transcends from merely assisting detection to enabling better comprehension. This makes it a game-changer in reducing the breach life cycle,” added Thangaraj.
Log360’s threat detection and incident response (TDIR) module, Vigil IQ, features a dual-layered threat detection system released last year. It now takes security a step further with advanced analytics offering deeper insights and faster response times.
Now user, device and process analytics are unified on a single console that allows security professionals to delve deep into investigation as they traverse through the Incident Workbench. Also ML allows Log360’s in-depth contextual analysis. The process flow probing capability on the Incident Workbench and the correlation rules for the spawning of suspicious processes together create a complete suite for process hunting. Empowering the cyber investigation dashboard, the latest iteration of Vigil IQ also enhances threat detection capabilities with the introduction of a correlation package for prevalent attacker tools and LOTL threats and an integration with VirusTotal.
