ManageEngine, the real-time IT management company, has released enhancements to its SIEM solution, Log360, adding log management for AWS and Azure cloud environments as well as an incident management console to track and resolve security incidents.
ManageEngine will give a hands-on demonstration of the latest version of Log360 at GISEC 2017 which runs until May 23 at the Dubai World Trade Centre.
“With businesses increasingly adopting cloud deployments, IT security administrators are now tasked with securing their cloud infrastructure as well. A SIEM portfolio ought to provide monitoring and auditing capabilities for public cloud platforms in order to truly achieve complete visibility into an organization’s IT,” said Manikandan Thangaraj, director of product management at ManageEngine.
When commenting on Log360’s new incident management system, Thangaraj added: “The biggest challenge for a security operations centre is early detection and mitigation of security threats. Real-time security alerts are a must, but administrators also need an efficient, accountable process for resolving incidents, and that is the problem we set out to solve.”
On top of existing support for physical and virtual environments, Log360 can now also collect, analyse, search, and archive logs from AWS and Azure to give key insights into activity on critical cloud resources.
The system:
● Adds comprehensive public cloud auditing for AWS and Azure to Log360’s SIEM arsenal.
● Monitors and secures cloud infrastructure with predefined reports and alert profiles.
● Tracks critical user activities, configuration changes, security group changes, business-critical applications, and more.
Log360 now includes an incident management system that lets security administrators keep track of all the incidents arising in their network with a straightforward, built-in ticketing system.
This feature allows administrators to:
● Create alert profiles to detect anomalous events in their network and automatically assign tickets to security administrators.
● Ensure accountability in a security operations centre by easily tracking the entire incident resolution process.
● Add resolution notes to every incident, which can later serve as their organisation’s knowledge and error database.
● Centralise their ticketing system by automatically raising a ticket in their help desk, including ServiceNow and ServiceDesk Plus, when Log360 triggers an alert.