ManageEngine Log360 SIEM gets automated incident response feature

ManageEngine, the IT management division of Zoho Corporation, announced that its comprehensive SIEM solution, Log360, can now launch automated response measures to security incidents. This feature dramatically reduces the workload of security teams, and can potentially contain the scale of an attack.

According to the IBM-Ponemon 2019 Cost of a Data Breach Report, the average lifecycle of a data breach, or the time taken to identify and contain it, is 279 days. Once a breach was detected, 73 of those days were spent containing it.

The study also found that companies saved more than $1.2 million when the lifecycle of the data breach was less than 200 days, highlighting the need for faster incident detection and response. Automated responses, such as shutting down compromised systems or disabling malicious user accounts, help organizations contain breaches more quickly.

“With incident response automation, security teams don’t have to perform standard, repetitive response measures anymore,” said Manikandan Thangaraj, director of program management at ManageEngine.

“They experience less alert fatigue, discover actual threats sooner and have more bandwidth to deal with high-level security challenges. All of this helps cut down incident response time, and ultimately reduces the overall cost of a breach.”

From detection to response: End-to-end incident management with Log360

With Log360’s new automated incident response feature, IT teams can associate predefined or custom workflows with security alerts to automate standard incident response measures. Log360 provides automated responses through incident workflows, which lay out the sequence of steps to be taken following a security incident.

In addition to this new functionality, Log360 continues to offer several advanced features to detect, manage and respond to security incidents, including:

• In-depth security analytics: Derive actionable insights from network events using over 1,200 predefined report and alert profiles, and more than 30 predefined correlation rules. Log360 supports log sources from physical, virtual and cloud environments.
• Real-time threat intelligence: Detect malicious entities interacting with the network based on the latest threat intelligence from reliable STIX/TAXII-based threat feeds.
• User and entity behavior analytics: Leverage machine learning-based analytics to identify high-risk users and devices. Identify potential insider threats, compromised accounts or data exfiltration attempts.
• Streamlined incident management: Use the built-in ticketing console to assign and track incident tickets, or forward incident information to third-party help desk software.