Advanced threat analytics in EventLog Analyzer
The modern day IT security landscape is so volatile that security teams are often grappling to keep up. Using a legacy intrusion detection system (IDS), which is signature-based, organizations can detect and thwart threats with patterns similar to already known threats.
However, these systems struggle to spot new types of threats with never-before-seen patterns. To bridge this gap, organizations should use a security tool that can integrate with a threat repository that is constantly updated with all the recent incidents spotted across the globe.
Empowering EventLog Analyzer by integrating with Webroot's threat feed
EventLog Analyzer, a log management tool, has several features that make it a potent security tool. One is its correlation engine, able to preempt network security threats and integrate with Webroot's threat database.
Despite the availability of open source threat feeds, third-party ones like Webroot's contain a more refined list of threats as they constantly receive updates from endpoint software around the globe. Each malicious IP, URL, or domain updated in the feed is assigned a reputation score that denotes how severe the potential threat caused by it could be.
EventLog Analyzer leverages the information in threat feeds by correlating it with the log information collected. This ensures that administrators are alerted when a malicious IP address or URL in the feed initiates a connection with their network.
Analyzing threats in-depth using EventLog Analyzer
EventLog Analyzer has a dedicated tab that lists all malicious IPs, URLs, and domains that have been detected. If an administrator is suspicious about a particular malicious source and wants to investigate it further, EventLog Analyzer provides more context by fetching crucial data from the feed such as the first and the last time it was detected, the number of times it was detected, and its reputation score.
It also provides a suggestion on how to deal with the malicious source. With all this information in hand, administrators can prioritize sources based on their severity levels, and decide on the next course of action.
By combining the wealth of information from the collected logs and the database of global threat feeds, EventLog Analyzer gives security teams all the information they need to take preemptive action against network security threats.