Enhanced Threat Detection with ManageEngine’s Log360
ManageEngine has rolled out significant enhancements to its security information and event management (SIEM) solution, Log360, now featuring a revamped threat detection model aimed specifically at meeting the evolving needs of security operations center (SOC) teams.
Addressing the Challenge of Threat Data Overload
A recent study, the 2025 Threat Intelligence Benchmark conducted by Google, reveals that over 60% of SOC teams struggle with excessive irrelevant threat data. Alarmingly, around 53% of cloud security alerts are identified as noise. This new release of Log360 tackles this crucial issue by filtering out unnecessary alerts, enabling SOC analysts to respond more efficiently and alleviating the common burnout experienced in this high-pressure environment.
As Manikandan Thangaraj, vice president at ManageEngine, stated, “The biggest challenge for security teams today isn’t collecting data—it’s separating genuine signals from overwhelming noise.” The enhancements to Log360’s detection capabilities aim to streamline this process, allowing SOC teams to implement flexible and granular rule-tuning. This ensures that while they filter out irrelevant noise, they do not miss out on authentic threats. The goal is to focus on genuinely protecting systems rather than merely monitoring them around the clock.
New Features that Improve Efficiency
The latest iteration of Log360 comes with a suite of features designed to elevate its functionality. This includes a centralized detection console, object-level rule filters, and a comprehensive library of over 1,500 prebuilt detection rules. These rules are actively updated from the cloud, providing users with the most current defenses against emerging threats.
The architecture of Log360 has also been bolstered to support enterprise-grade scalability. This includes a multi-tier structure, role-specialized log processing, and centralized multi-site collection capabilities, ensuring that performance remains robust even as the volume of data and number of log sources increases.
Real-World Validation: ECSO 911’s Experience
The enhancements to Log360’s detection capabilities have been put to the test by Emergency Communications of Southern Oregon (ECSO) 911, a U.S.-based customer. Their early beta testing confirmed a significant reduction in false positive alerts, coupled with faster detection and response times. ECSO 911 serves as the emergency dispatch center and Public Safety Answering Point (PSAP) for all 911 calls in Jackson County and Crater Lake National Park.
Corey Nelson, IT manager at ECSO 911, emphasized the critical nature of security in their operations, stating, “For a 911 emergency communications center, security is the foundation of public trust—and any failure has immediate, real-world consequences.” The improvements introduced by Log360 have led to a remarkable 90% reduction in false or low-priority alerts, allowing analysts to direct their attention to genuine threats efficiently.
Key Highlights of Log360’s New Features
Reengineered Detection
Log360 now offers an integrated detection console that combines all detection content, including MITRE ATT&CK-aligned rules, correlation logic, user and entity behavior analytics (UEBA), and threat intelligence feeds, into one accessible interface. This innovation allows security teams to develop detection rules—whether standard, anomaly-based, or advanced—without needing to craft intricate queries. The introduction of object-level filters targets Active Directory users, groups, and organizational units, ensuring that high-value entities are under constant surveillance while low-priority noise is minimized.
Cloud-Delivered Content
In this updated version, more than 1,500 prebuilt rules provide comprehensive coverage for various scenarios like privilege escalation, lateral movement, endpoint tampering, and SaaS attacks. These rules are meticulously crafted and tested by ManageEngine’s in-house threat research team, guaranteeing their accuracy and effectiveness in reducing false positives. Additionally, these rules are delivered via a cloud-based update mechanism, keeping the system current and responsive to the latest threats.
Multi-Tier Enterprise Architecture
The design enhancements in Log360 facilitate horizontal scalability through log processor clusters and role-based processing that includes correlation, enrichment, and alerting. Centralized data collection from distributed locations ensures continuity in performance, which is especially beneficial for large, geographically diverse enterprises.
ManageEngine’s commitment to developing Log360 into a unified security platform reflects the ever-growing demands placed on SOC teams today. The advancements not only improve the effectiveness of threat detection but also play a crucial role in ensuring that organizations can efficiently manage their security operations.
