Incident Response, Channel partners, Content, Security Operations

Zoho’s ManageEngine Log360: SIEM Gains Automated Incident Response

ManageEngine, the IT management division of Zoho, has integrated automated incident response into its Log360 security information and event management (SIEM) solution. The company showcased the Log360 update at last week's Black Hat USA 2019 conference in Las Vegas, Nevada.

Log360 automated incident response enables IT teams to link predefined or custom workflows to security alerts to automate standard incident response measures, according to ManageEngine. Log360 performs automated responses via incident workflows, which outline the steps to be taken after a security incident.

Automated incident response for Log360 is now available.

What Is Log360?

Log360 is a log management and security solution that helps organizations protect their networks against cyber threats. In addition to automated incident response, Log360 offers other capabilities to help organizations detect and respond to security incidents, including:

  • Incident Management: Provides a built-in ticketing console that allows organizations to assign and track incident tickets or forward incident information to third-party help desk software.
  • Security Analytics: Uses over 1,200 predefined report and alert profiles and more than 30 predefined correlation rules to provide insights into networking events.
  • Threat Intelligence: Identifies malicious entities interacting with networks based on the latest threat intelligence from various threat feeds.
  • User Entity and Behavior Analytics (UEBA): Leverages machine learning-based analytics to identify high-risk users and devices, along with potential threats, compromised accounts or data exfiltration attempts.

Pricing for Log360 starts at $795 per year.

SIEM for MSSPs and MSPs

A growing number of SIEM platforms specifically target MSPs and MSSPs. The offerings include SOC-as-a-Service tools that deliver SIEM features and functions. Still, MSP and MSSP business models for SIEM services can vary widely. Some options require complete SOC (security operations center) build-outs. Others are available as white-label services from master MSSPs and software companies.

Partners should study the models and associated talent costs closely before signing on the dotted line for such capabilities.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.