Additional Info

CompanyManageEngine
Websitehttps://www.manageengine.com/
Company size (employees)10,000 or more
Headquarters RegionNorth America

Overview

Log360 is a unified SIEM that can improve the productivity of your security operations center.

1. It brings several capabilities on to a single console: Network infrastructure security, data security, log forensics, anomaly detection using machine learning algorithms, compliance management, threat intelligence, cloud monitoring and cloud access security broker, user and entity risk analysis, incident detection and resolution.

2. It can ingest data from 750+ types of log sources: This includes Active Directory, network devices, databases, workstations, endpoint solutions, data loss prevention systems, vulnerability scanners, applications, and cloud services. Organizations can also parse logs from custom applications.

3. Security analytics: Insightful and actionable security analytics are provided for activities that happen in every part of the network. The analytics are logically arranged so that you can easily find them. You can also configure alerts based on unique security use cases.

4. Incident response: You can configure workflows and playbooks for mitigating incidents. The solution can be integrated with various third-party help desk and ticketing tools. You can assign technicians to incidents automatically using rules and the incident resolution status can also be tracked continuously.

5. Correlation of events: The correlation engine enables you to put together seemingly unrelated events from across the network and classify it as a potential threat. Built-in correlation rules are provided within the solution; and so is the functionality to build custom correlation rules.

6. Anomaly detection: The anomaly detection engine within Log360 can spot behavior abnormalities in users and hosts in a network. Based on the extent of abnormal deviation, a risk score is assigned to every entity. This helps you focus on the most pressing threats first, and decrease false positives. There are also options available to customize risk scoring and build your own anomaly models.

How we are different

1. Caters to an organization's security use cases: There are more than 30 pre-defined analytics and reports pertaining to popular security use cases such as brute force attacks, denial of service attacks, ransomware, cryptojacking and more. The analytics provide the entire timeline of the possible attack along with the ability to search, drill down and find out the root cause. On top of this, you also have the flexibility to build your own rules depending upon unique use cases. When building your rules, you can leverage Log360's foresight of the MITRE ATT&CK framework to identify different tactics and techniques that cyberattackers can use. This will give a better structure to your threat detection capability. We will keep adding capabilities so that out-of-the box analytics are provided for new use cases and new attack tactics.


2. It reduces the number of false positives: Each incident lists all the involved entities, users, and processes involved along with the activity timestamp. You can perform your analysis quickly and follow up on only the incidents that need to be investigated further. You can also use the log collection and alerting filters so that only relevant alerts are generated. Furthermore, the anomaly detection engine powered by UEBA helps to significantly reduce false positives. It introduces risk scoring and you can prioritize incidents. You can modify alert rules to fit with the requirements of your organization. This can in turn reduce false positives.


3. A CASB-integrated SIEM: The cloud security module of Log360 can monitor activities that happen on public cloud platforms such as AWS, Azure, Salesforce and Google Cloud Platform. It can also audit changes that happen on Azure Active Directory. Furthermore, it can ensure effective data loss prevention by monitoring data that flows out of the organization into the cloud. It can also monitor