Story image

ManageEngine introduces user and entity behaviour analytics in its SIEM solution

07 Mar 2019
Twitter
Facebook

ManageEngine, the real-time IT management company, announced that it has introduced user and entity behaviour analytics (UEBA) into its SIEM solution, Log360. 

With score-based risk assessment, threat corroboration, anomaly detection powered by machine learning, and other new capabilities, the Log360 UEBA add-on helps security professionals identify, qualify, and investigate internal threats and anomalies by extracting more information from logs for better context.

According to Verizon’s 2018 Data Breach Investigations Report, over a quarter of the 53,308 cyber attacks in 2017 involved insiders. 

Insider threats can be particularly difficult to detect with conventional threat detection systems, as it’s hard to spot the signs of someone using their legitimate access to data for nefarious purposes, and both vulnerabilities and exploits are unknown. 

UEBA delivers more robust and accurate threat detection by using machine learning to set a baseline of a user’s normal activity and then flag any deviations from that baseline.   ManageEngine director of program management Manikandan Thangaraj says, "In today’s IT security landscape, rigid alert rules and conventional threat detection systems no longer make the cut.”

“The need of the hour is a system that can learn and adapt to continuous change. Log360 UEBA does just that and improves the accuracy of threat detection, helping SOC personnel qualify and investigate threats that actually merit investigation."   Highlights of Log360 UEBA

Log360 UEBA monitors user activity captured in logs to identify behavioural changes. User activities that would otherwise go unnoticed are flagged, reducing the time it takes to detect and respond to threats. The highlights of Log360 UEBA include:

  • Anomaly detection: Spots deviant user and entity behaviour such as logons at unusual hours, excessive login failures, and file deletions from a host that is not generally used by a particular user.  
  • Score-based risk assessment: Generates a risk score for each user and entity based on how dangerous their behaviour is, helping security admins determine which threats merit investigation.  
  • Threat corroboration: Identifies indicators of compromise and indicators of an attack, exposing major threats including insider threats, account compromise, and data exfiltration.
Story image
14 Nov
Harcourts chooses Nintex to advance business operations
“Nintex Promapp is the perfect process management solution, enabling us to leverage the best-practice knowledge we have captured, allowing for real-time feedback, and helping us to create and maintain a high-performance work environment to the benefit of our team and, ultimately, our customers.”More
Story image
20 Nov
Effective cyber resilience means thinking beyond the IT department
It’s worth investing time and resources now to put in place a comprehensive and effective business resilience plan that will ensure operations can continue, says CQR Consulting.More
Link image
Best financial planning and analysis practices for CFOs
The Institute of Management Accountants surveyed more than 700 organisations across the globe, focusing on what the most successful organisations are doing.More
Story image
19 Nov
Automation Anywhere advances IQ Bot to extend Intelligent Document Processing
“IQ Bot’s latest release further simplifies the automation journey by empowering business users to easily harness AI and machine learning to rapidly automate document-centric processes by themselves."More
Story image
20 Nov
Jamf announces powerful new product line
Jamf has deployed new functionality across its suite of products that take advantage of Apple’s advances for businesses.More
Story image
13 Nov
Microsoft showcases innovations in new Asia Pacific HQ
Almost 145,000 metres of cabling, 200 display screens, 179 Bluetooth beacons and 900 sensors make up Microsoft’s new Asia Pacific headquarters in Singapore, which is now home to the region’s first Microsoft Experience Centre.More