Contextual data for faster security threat detection and resolution
Built-in threat detection module and advanced threat analytics add-on
- Block malicious sources.
- Prevent data breaches.
- Intercept malicious site visits.
Combining both open source and commercial threat feeds, this integrated platform reduces false positives, speeds up threat detection, and helps triage critical security threats.
Spot and mitigate
- Users visiting blacklisted and risky URLs and domains.
- Malicious IPs trying to access your critical resources.
Get insights into
- The geolocation of malicious actors attempting to intrude.
- Attack techniques.
Open source threat feeds and commercial threat data
Log360 supports the following open source threat feeds
Commercial threat intelligence partners
Webroot BrightCloud® Threat Intelligence Services delivers real-time, accurate threat feeds on malicious URLs, IPs, files, and more. By ingesting these feeds dynamically, Log360's Advanced Threat Analytics module provides visibility into threat activity in your network and helps prioritize critical threat alerts.How to spot and block malicious traffic inflow using Log360
Detecting and automatically blocking malicious traffic using threat intelligence and predefined workflow rules
Security use cases that Log360's Threat Intelligence Platform can solve
Stop attack attempts at the earliest
Exploiting public-facing machines and known vulnerabilities is still one method hackers use to intrude into a network. With Log360's preconfigured Threat Alerts, enterprises can stop not only the communication from a malicious source but also automatically trigger a workflow to add blacklisted IPs to the firewall and permanently block them.
Prevent data exfiltration
If an attacker intrudes into the network using stolen credentials or any other means and tries to extort sensitive data and send it to their command-and-control server, Log360 can immediately detect and stop such communication. Log360's Threat Intelligence Platform checks all outbound communication; alerts the concerned analyst about communication to malicious IPs, domains, or URLs; and terminates the connection immediately. All of this happens in real time.
Triage security alerts
Detecting which security alert poses the greatest risk to the enterprise is a challenging task for every security professional. Log360's Advanced Threat Analytics module identifies threats and attack types including malware, phishing, and other known attacks. These contextual insights can also be leveraged in the incident investigation module to better corroborate threats and prioritize their resolution.
Reduce false positives
Log360 enriches its real-time event response system with contextual information, such as the reputation score of an IP that's trying to remotely log in to critical servers, or the geolocation of an IP trying to remotely connect to the VPN. This provides more visibility into network behavior and helps differentiate suspicious activities from legitimate ones.