Transcript
So Rosaltexis is an aerospace and defense company. We are working for defense sector and manufacturing unit, which is located in Bangalore. And I'm taking care of entire IT operation and cyber security. So each and every cyber security admin looking always for the same tool, where we can able to get all the events and related information, we can able to get it. By that we can able to identify any issues with the cyber security tool. And when come to the SIM, when we are evaluating, we implemented previous some other tool. But those tools are lagging with the correlation rules. So this Manage Engine Log360, where it is providing the correlation rule, it can be customizable based on our own business need, where other common providers, they are providing with the industry standard rules, but I need a company, my own company standard rules, right? So that is provided by the correlation. So that is the best thing in the Log360, that's why we come with the Log360. Log360 is providing two different tabs, where it will collect all the events. And based on the event, we can able to create a workflow to create an incident. But all other cyber security tool is providing only incident based alerting. So when come to the compliance, auditor always ask, other security tool is providing all the event as an incident. So they will be asking, why are you getting 500 events daily? But Log360 is providing only the event, and if something is really need to be converted as an incident, we can able to set up the workflow, where we can able to reduce the number of incidents. When come to the UEBA, User Identity Behavior Analysis, so those things help us to understand what actually our users are using and endpoints are actually doing. Why that we can able to streamline the process, SOPs and other things, right? So users can be do anything, right? But we need to monitor that. So it's not only monitoring the endpoints or networking device, it's providing the user their experience, what they are doing and how we can able to make sure that they are getting the greater experience. So the UEBA is providing option to understand the user based on their behavior, and it will understand for more than a month or three months, it will take a time. And if any anomaly detected, it automatically gives us, so it will help IT admins to provide what actually user is doing and how it is misleading to the users. Endpoints also, some endpoints we can able to get anomaly detection, where we can able to secure the endpoint more reliable. As a company, we are using ISO standard, aerospace standards, where Log360 is providing the comprehensive report of ISO standards and also the aerospace standard. So when the audit happens, the auditor will always ask about the reports. So after implementing the Log360, we no need to prepare the reports previously, right? So on the spot, we can able to give the live reports to the auditor and auditor will be happy to see the live dashboards and they can able to make sure that every standard is followed. So it's not about one particular standard, one particular class. So if you go to the standard, it will list down whatever the possible classes they can able to provide the evidence. So in a single report, we can able to get multiple standard evidence and we can able to predict the auditor. Threat intel, threat intelligence in the Log360 will always help us to identify the anonymous IP, where it may be a CDN network, it will go and contact some Microsoft service or something else. But as a defense sector, we should not contact some of the countries to download the data, right? So we defined as a particular rule, where it will identify the anonymous IPs, where it reported as a malicious in the threat intel, we can able to get the IP and we can able to filter it in our firewall. So that really helped us to identify the setup IPs, which need to be blocked for our organization. Once we implement the Log360, after a week and a month, when we are seeing the dashboard as IT admin, I also surprised. So these many events we are processing per day. So it is giving the comprehensive report of how many events we are actually processing. And it will give you the detailed analysis of how many endpoints are contacted, how many endpoints are providing, and what are the five threat actors, or what are the five user or entity or any other end systems providing a lot of alerts, we can able to see it in a single dashboard. By that we can able to take action if any other system is providing unauthorized access or some other things, we can able to get it in the dashboard itself. So when come to the live scenario, the thing I can able to tell you that the file integrity monitoring, where Log360 is providing the option where we can able to see the file integrity, because in my industry, the files are more, right. So we have to check the integrity of the files, which is very much complicated with the other tools. But Log360 by default, it is providing the option where we can able to see the file integrity monitoring. When come to the Log360, it is not only about the end systems, it's about the comprehensive IT solution where we can able to implement endpoints, network devices, and whatever the device can able to generate the alert, we can able to integrate with the Log360. And it will give you the unified view of entire IT assets. So when come to the firewalls or other networking devices, to collect the logs, it's not like collecting the events, it's collecting the logs where we are configuring the syslog forwarding and automatically Log360 will collect the logs and it will process and it will give you in the unified dashboard. We configured for all the networking devices like routers, switches, L1, L2 and firewalls. One feature about the Log360 is they are providing the onboarding team where they will help us to implement the software from the scratch to what we are actually looking for. And onboarding team, first they will connect with you, they will understand what is your requirement and how you want the Log360 to be implemented and how your network, they will understand the network, not only the pain point, they will understand the network and they will start implementing. So it's not about the implementing. So once implement, they will be explaining what options are enabled and how it is giving the better visibility from your organization and security. And also post implementation, they will be providing a training. The training will focus on the entire Log360 options, not only what they are implemented. So they will be providing all the options where we can able to get full product knowledge and we can able to improve ourselves. So the implementation team, they assigned Lokesh, a good guy. He always listened first, then he will answer. So he was a very nice guy and he understand the requirement well and he started implementing. While implementing, we were asking so many questions and he never hesitated to answer it. So he wonderfully implemented the Log360 and I want to thank him in person. So the rating, if you want me to give as a user, I'll give 9 out of 10. But as an IT admin, I would like to give 7 out of 10 because the two point reduced because it's giving more job to us. So I need to analyze more logs, more alerts, more incidents I need to analyze and it will give you the better visibility. So I'll go with a standard 8 out of 10. So the health check actually helped us to implement what option we actually missed out like antivirus search engine, we can able to integrate ATX and threat intelligence. They explained what is threat intelligence, how it will help us to improve a lot. And not only that, they will be telling that these are all the things you need to notify to your security team to prevent that. So actually that health check, it's not only about the Log360 health, it's about the improvement what they have to do it in the Log360. So the Log360 product was working well and our health check team has contacted us and we told that product is working fine, then again, why we need to do for the health check. They said it is not only for the health check, it is the improvement check. So once they came for the check, they verified all the standard things. Not only that, they asked us to enable the threat intelligence where we can able to get the deep web and dark web details, which is going out from our organization and we enabled it and we found a few IPs need to be blocked and that actually helped us to make sure our security poster increased into the next level. So I would like to recommend Log360. If you want to customize the alerts based on your own industry, not about the standard industry. If you want to do a correlation, you can able to do whatever you want in the organization, you can able to implement that. So if you want the customization, go for Log360. The entire Log360 implementation changed our security poster from normal overlooking the false positive alerts and other things from the proactive mechanism. So where you can able to defend your correlation rule to reduce the false positive. So the headache for all IT admins is false positive, right? So we used to get so many false positive alerts and we may miss the true positive. So we implemented Log360 and we created so many correlation rules to reduce the false positive and it increased our security poster by another 30%. Every organization needs a SIEM solution, right? So they can able to monitor all the events. So if they want SIEM solution only for the compliance perspective, they can go with any product. If you really want to improve your security poster, go with the Log360 where you can able to defend your own rules. Whole experience with ManageEngine is like I started as an audience, then become a customer. Now I am using the full-fledged ManageEngine solution. So many tools we are using it. And always ManageEngine give the product into the next level but with the simplest way. So I would like to recommend the ManageEngine entire suite for all the IT admins where you can able to explore more options and you can able to get the ROI. Yes, so the Log360 is not only about the standard SIEM solution, right? So it will give you the better ROI and you can able to implement what actually you are looking for if you go with the standard SIEM tool, whatever they define you have to follow it. But here you can able to define what kind of alerting you are required and the UI, when come to the Log360 UI, it is very simple. They will be providing only 7 to 8 tabs where you can able to get all the information. And it will give you the standard report and also the compliance report where you can able to see all the things. And also the money what we are investing, it will be useful also when after implementation, if you are going with the management about the presentation, you can able to confidently provide the ROI of the Log360. But when come to the pricing, this is affordable. And it can be easily approved by the management. When come to the DR and BCP, we always need to have the data in the cloud, right? So this is a critical data if we are keeping it in the on-prem, if something happens, if we are not able to recover the data, then it will be a problem. And also the Log360 cloud, they are providing more option when compared to the on-prem. They are also providing to the on-prem, but the first implementation will be in the cloud. So I actually evaluated the Log360 cloud, and I have seen more potential reports and other alerting systems are available in the cloud version. The Log360 always keep all the events, alerts, and it will be huge, right? If you are storing it in the on-prem, we need higher storage units. And when come to the higher storage unit, we have to invest a lot. And the maintenance, ROI, everything will be into the matter. But if you are going to the Log360 cloud, where they are providing the BCP and DR option by default, also they are providing the additional features like we can able to monitor the Active Directory and network trafficking, and user trafficking, ISP trafficking, those are all we can able to manage from the cloud. So I would like to recommend, and I also want to try the Log360 cloud in future to explore more potential improvements. File integrity monitoring, where we can able to monitor the entire file integrity like when it was created, edited, modified. So those integrity check, we can able to monitor from the file integrity. And it's not only about the file, it will give you the detailed insights about who used it, who changed it, and from which system source it had been modified or changed. So those reports, we can able to do that. It also can be a real-time alert, or you can able to schedule it. If the users are normally using it, then you can able to schedule the report on daily basis. When come to the files, so many people are using the files, right? And the user doesn't know who modified that and whether it is modified or not. They will be telling that I didn't modify on that particular timing. But when we enable the report, we can able to see and we can able to start the investigation like this particular time, this user used it and he changed this. This file has been modified, deleted, new file created. So those insights, we can able to get it from the FEM. The Log360 is not only the sim tool, it is a analytic tool. I can tell you that. You can able to monitor how many users has been created, deleted, and how many system hostname has been added. So those insights also, you can able to get it from the Log360 by creating the correlation rule based on your own requirement. It's not only about the correlation about the users or systems. You can able to create, I mean, they already provided the multiple ransomware detection alerting options where we can able to enable that and we can able to get the real-time alert and we can able to add it to the report also. So they already added the known malware attack patterns into the Log360 and we can able to enable it to get our organization secure. So when it comes to the correlation rule, it's not only about the system or user creation. It will be providing how many failed login attempts have been detected and if any system is unaccepted, it's shut down or any file change in a mass or any activity on the delete of the alerts, any system file changes. So those things actually, it is predefined in the correlation rule where we can able to alert it. The Log360 workflow feature is providing an option to modify whatever we are actually need to secure our organization. For example, if a brute force attack detected, automatically we have to do a user blocking or disable the account to prevent the privilege escalation. So that can be defined in the workflow where once a brute force attack detected, it automatically disable the account. Only IT admin can able to enable it back. Not only the brute force attack, even the database backup has been created, deleted or altered, we can able to define whether the database user who modified that need to be quarantined or how we need to do action on that. So that can be defined in the workflow. Before Log360, the events, it's a huge, right? So the event analysis will take hours time to identify the issue. Before that, during the analysis itself, the hacker or threat actor, they can able to move it to other portion. But after implementing the Log360, the analysis reduced from hours to minutes. So it automatically detect the alerts and it will work based on our requirement like whatever the workflow we define and it will prevent whatever need to be done to secure our environment. So I can say in a simple word like the analysis which was taken hour reduced to minutes. So the Log360 integration is like we can able to integrate with multiple Managed Engine products like Endpoint Central, AD Self Service Plus, those things again we can able to integrate in the Log360 where we can able to see the unified view of all the Managed Engine product. Not only that, whenever we are storing the logs, you know, it will take a huge storage space where Managed Engine Log360 is providing an archive mechanism where we can able to define how many days we need to have a live data and what need to be do it in the archive mode. Even the archive mode data also we can able to retrieve from the Managed Engine Log360 itself we can able to get the data where we can able to use it for the searching the logs. If anything need to be searched, we can able to onboard the archive log from a single click and we can able to get the data. So the Log360 is collecting more, more, more alerts from multiple sources and it need a huge storage to store all the data, right? But they are also providing option for archiving the data where we can able to define real time data can be available in the Log360 and we can able to archive into the multiple files, multiple date wise, month wise we can able to archive it. The archiving ratio is like if that ratio is like 1 is to 40, whatever the data we are having they can able to reduce and they can able to do it in the archive mode. And if we need to search something from the archive data, we can able to go to the basic and advanced search option is available where we can able to fetch the archive data and we can able to process only that particular data not the entire archive mechanism. By that we can able to reduce the workload of the system since we hosted in the on-prem. So we can able to reduce the workload of the system and the storage space of the system and it will reduce the workload of the server. And whenever it is required for investigation or especially for the auditing point of view, when the auditor comes they will be asking, can you please fetch last year data, this particular date, what kind of activity has been done, I need to verify that. We can able to load only the particular archive data and we can able to search it and we can able to get the data immediately. Actually, lock 360 provided more security future for us. So we detected more security escalation like privilege escalation and other activity which is confidential. We prevented so many things from the lock 360 because of the lock 360. And also lock 360 is not a tool for us. It's our cybersecurity strategy platform where we can able to do the strategy for next few months.
