Story image

ManageEngine introduces user and entity behaviour analytics in its SIEM solution

07 Mar 2019

ManageEngine, the real-time IT management company, announced that it has introduced user and entity behaviour analytics (UEBA) into its SIEM solution, Log360. 

With score-based risk assessment, threat corroboration, anomaly detection powered by machine learning, and other new capabilities, the Log360 UEBA add-on helps security professionals identify, qualify, and investigate internal threats and anomalies by extracting more information from logs for better context.

According to Verizon’s 2018 Data Breach Investigations Report, over a quarter of the 53,308 cyber attacks in 2017 involved insiders. 

Insider threats can be particularly difficult to detect with conventional threat detection systems, as it’s hard to spot the signs of someone using their legitimate access to data for nefarious purposes, and both vulnerabilities and exploits are unknown. 

UEBA delivers more robust and accurate threat detection by using machine learning to set a baseline of a user’s normal activity and then flag any deviations from that baseline.   ManageEngine director of program management Manikandan Thangaraj says, "In today’s IT security landscape, rigid alert rules and conventional threat detection systems no longer make the cut.”

“The need of the hour is a system that can learn and adapt to continuous change. Log360 UEBA does just that and improves the accuracy of threat detection, helping SOC personnel qualify and investigate threats that actually merit investigation."   Highlights of Log360 UEBA

Log360 UEBA monitors user activity captured in logs to identify behavioural changes. User activities that would otherwise go unnoticed are flagged, reducing the time it takes to detect and respond to threats. The highlights of Log360 UEBA include:

  • Anomaly detection: Spots deviant user and entity behaviour such as logons at unusual hours, excessive login failures, and file deletions from a host that is not generally used by a particular user.  
  • Score-based risk assessment: Generates a risk score for each user and entity based on how dangerous their behaviour is, helping security admins determine which threats merit investigation.  
  • Threat corroboration: Identifies indicators of compromise and indicators of an attack, exposing major threats including insider threats, account compromise, and data exfiltration.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Exploring the different needs for cloud services across Europe
Although digital transformation is happening across Europe, each country continues to have its own IT needs and the different cloud markets highlight this.