Every organization needs a fast-acting, effective threat detection and incident response plan to counteract the numerous threats in today’s cybersecurity landscape. Log360, ManageEngine’s SIEM solution with integrated DLP and CASB capabilities, detects threats across the length and breadth of an enterprise network, covering endpoints, firewalls, web servers, databases, switches, routers and even cloud sources.

See how Log360 performs the three major types of threat detection―security event threat detection, network threat detection and endpoint threat detection, below.

Security event threat detection

Events such as authentication, network access, and other critical errors and warnings, are termed security events. The threats that can be detected through these events are classified as security event threats. Some examples of security event threats include brute-force attacks, privilege misuse, and privilege escalation.

How Log360 detects security event threats

  • Privileged user monitoring: Audit privileged user logons, logoffs, resource access. Spot unusual user activity and user-based threats using ML-based user and entity behavior analytics.
  • Privilege escalation detection: Monitor user activities and detect privilege escalations and attempts to abuse privilege using signature-based MITRE ATT&CK technique implementation.
  • Authentication failure monitoring: Investigate suspicious authentication failures on critical systems using security analytics dashboard and incident timeline detect and preempt brute force or unauthorized network access attempts
  • Unauthorized data access detection: Monitor access to databases and sensitive data on file servers. Get visibility into unauthorized data access through file integrity monitoring and column integrity monitoring and column integrity monitoring.
Read how Log360 detects privilege escalation
Security event threat detection
Network threat detection

Network threat detection

Network threats are unauthorized intrusion attempts into the network by an adversary to exfiltrate sensitive data or disrupt the network functioning and structure. Some examples of network threats include DoS, malware propagation, advanced persistent threats, data exfiltration, introduction of rogue devices and more. To detect these threats, it is necessary to understand and monitor network traffic.

How Log360 helps

  • Traffic monitoring: Monitor network traffic for unusual, allowed and denied connections. Get insights into port activity to detect suspicious port usage.
  • Change auditing: Monitor firewall policies to detect changes made by adversaries to accommodate malicious traffic.
  • Auto-updated threat intelligence: Detect and stop malicious inbound and outbound traffic using dynamically updated threat feeds. Spot malicious IP addresses and URLs in network traffic and block them immediately.
  • Rogue device detection: Spot rogue devices using search console and terminate them using incident response workflows.
Watch how Log360 detects malicious traffic

Endpoint threat detection

Threats often originate at endpoints. One example is ransomware, which sees huge profits year after year, by locking endpoints and demanding ransom for access. Other endpoint threats include unusual user behavior, device malfunction, misconfigurations, and suspicious downloads. These losses and damage can be largely limited with the help of timely intervention, which is possible with endpoint threat detection and response technology.

How Log360 helps

  • Ransomware detection: Spot multiple ransomware strains well as generic ones through prebuilt correlation rules and real-time notification.
  • Anomaly detection: Detect unusual user and entity behavior using ML algorithms.
  • Malware detection: Identify malicious and suspicious software installations on Windows and Linux machines.
Read how Log360 detects malware
Endpoint threat detection

Why consider Log360 for threat detection?

 
  • Real-time incident detection

    Real-time incident detection with built-in incident management as well as support for third party ticketing tools.

  • ML-based UEBA module

    ML-based UEBA module that detects anomalies and facilitates risk-score based alerting.

  • Security dashboards for event monitoring

    Security dashboards for event monitoring for both on premise and cloud log sources across the network.

  • File integrity monitoring

    File integrity monitoring for critical system files and folders that monitors file access and modifications.

  • A powerful search engine

    A powerful search engine that facilitates and threat hunting .

  • Automated workflows

    Automated workflows for immediate incident response.

  • An auto-updated threat intelligence module

    An auto-updated threat intelligence module that receives feeds from trusted sources.

Frequently asked questions

1. What is threat detection and response?

Threat detection and response (TDR) refers to the process of identifying and neutralizing malicious threats present within your IT infrastructure. It involves proactive monitoring, analysis, and action to mitigate risks and protect against unauthorized access, malicious activities, and data breaches before they cause any potential harm to your organization's network. Threat detection uses automatic security tools like IDSs, IPSs, firewalls, endpoint protection solutions, and SIEM solutions to achieve this.

Threat detection is crucial to detect and respond to threats as soon as they occur in order to thwart malware, ransomware, and other cyberattacks that could damage key data and disrupt corporate operations.

2. What is the difference between threat detection, threat prevention, and threat intelligence?

  •  Threat detection: Threat detection is a reactive approach for which you've already been alerted about the suspicious activity or security threats present in your network attacking your endpoints, devices, networks and systems.
  •  Threat prevention: Threat prevention is a proactive approach where you try to protect your organization's data from a breach by identifying and thwarting security threats before they enter.
  •  Threat intelligence: Threat intelligence provides valuable insights into emerging threats, IOCs, threat actor profiles, and attack methods, which helps you proactively understand and prepare for threats.