In an era where security operations centers are inundated with over 80% false-positive alerts, operational burnout has become a silent threat undermining enterprise cybersecurity. Manikandan Thangaraj, Vice President at ManageEngine, is leading a paradigm shift—moving beyond volume-based detection to precision-engineered security intelligence. With Log360’s enhanced platform, featuring over 1,500 cloud-updated detection rules mapped to MITRE ATT&CK and SIGMA, ManageEngine is answering a critical question: how do we empower analysts to work smarter, not harder? In this exclusive interview, Thangaraj reveals how unified SOC platforms, identity-centric monitoring, and AI-driven augmentation are transforming security from a cost center into a strategic business enabler for modern enterprises.
Vice President of Engineering
ManageEngine
CISO Forum: SOC teams face constant operational burnout. What do you see as the main drivers of alert fatigue in enterprises today?
Manikandan Thangaraj: Alert fatigue in Security Operation Centers (SOC) is driven primarily by three intertwined factors, creating a crisis of operational burnout.
First, false positives flood the system, forcing analysts to waste critical time investigating benign activity. When over 80% of alerts are false positives, analysts are incentivized to ignore the queue, thereby burying genuine threats. Second, tool sprawl creates a complex environment where multiple, unintegrated security solutions generate redundant or conflicting notifications. This forces manual correlation, slowing response, and amplifying cognitive load. Third, the persistent lack of context in alerts prevents rapid triage. A generic “suspicious activity” alert demands hours of manual investigation to determine asset criticality and actual risk. The cumulative effect is a team perpetually fighting fires, leading to high turnover and a dangerous decline in security efficacy. We must shift focus from simply generating more alerts to generating high-fidelity, context-rich signals.
CISO Forum: ManageEngine has enhanced Log360 to reduce false positives. How does the platform streamline analyst workflows and improve SOC efficiency?
Manikandan Thangaraj: We approached this challenge by re-engineering detection around precision and adaptability. Instead of broad, one-size-fits-all rules, Log360 enables object-level filtering across users, groups, and organizational units, letting analysts scope detections to what truly matters.
The most significant drain on SOC teams is time lost chasing false positives. Log360 helps streamline this by combining detection logic, rule management, and tuning insights into a single console. Analysts can fine-tune detections with granular controls, applying rules only to high-value assets such as executive accounts, sensitive data stores, or critical servers, while suppressing benign alerts from less critical endpoints.
This is supported by a catalog of over 1,500 curated, cloud-updated detections, mapped to MITRE ATT&CK and SIGMA, and continuously updated from the cloud. Along with interactive visibility into rule performance metrics such as hit frequency and alert volume, analysts can constantly refine their detections. The result is a more focused, high-fidelity workflow that improves triage speed and strengthens response.
CISO Forum: With 1,500+ detection rules mapped to MITRE ATT&CK® and SIGMA, how are detection technologies reshaping enterprise threat detection and response?
Manikandan Thangaraj: Detection engineering has shifted from focusing on the number of rules to the quality of regulations. Frameworks such as MITRE ATT&CK and SIGMA provide a global language for mapping adversary techniques; however, enterprises require actionable, production-ready detections rather than just frameworks.
This threat modeling approach offers two key advantages:
- It enables enterprises to identify and respond to threats more quickly by providing contextual information.
- SIGMA and MITRE standardize the sharing of threat information in a consistent format. Being community-driven, these frameworks are continually updated and refined to meet the evolving needs of the community.
Out-of-the-box rules help reduce mean time to detect (MTTD), while the added context helps lower mean time to respond (MTTR). Each detection rule is researched, curated, and validated by ManageEngine’s in-house threat research team, and then tested against real-world attack simulations to ensure high precision and minimal false positives.
CISO Forum: What broader trends in enterprise security modernization are driving the demand for unified, scalable, and intelligent SOC platforms worldwide?
Manikandan Thangaraj: Identity has become the new perimeter, with most modern breaches involving compromised credentials or the misuse of privilege. The challenge for SOC teams is that identity signals are scattered across Active Directory, cloud identity providers, VPNs, and SaaS platforms. A unified SOC platform consolidates these signals into a single location and correlates them with endpoint and network events. This means analysts can immediately connect an anomalous login to privilege escalation, lateral movement, or data exfiltration without having to juggle multiple tools or miss context.
Scale and distribution are also redefining enterprise security. Organizations today operate workloads across on-premises infrastructure, multiple cloud environments, and remote endpoints, which demands horizontally scalable platforms that can maintain resilience while keeping detection-to-response cycles tight. This kind of unification not only ensures visibility across identity, data, and infrastructure risks but also enables faster and more confident decision-making.
Operational efficiency has become another decisive factor. Security teams must achieve more with fewer people. By consolidating Security Information and Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), and threat intelligence into a single console, enterprises can reduce tool sprawl, minimize context switching, and accelerate detection-to-response cycles. This unification isn’t just cost-effective; it’s what makes identity, data, and infrastructure risks visible together, enabling faster and more confident decisions.
CISO Forum: Balancing compliance, productivity, and risk is a challenging task. What practical strategies should CISOs adopt to strengthen security while enabling business growth?
Manikandan Thangaraj: The key is to shift from compliance-first to risk-first. Compliance frameworks provide guardrails, but absolute protection comes from contextual visibility. CISOs should invest in unified monitoring that ties compliance requirements directly to detections; for example, using rule libraries that cover Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), or Network and Information Systems Directive (NIS2), while still surfacing anomalies and insider threats. Automating routine reporting frees up teams to focus on active risks. Equally important is collaboration. Embedding security into DevOps, IT, and business workflows ensures security is not a blocker but an enabler of growth.
CISO Forum: Looking ahead, how do you see the future of SOC operations evolving in the era of AI-driven cybersecurity advancements?
Manikandan Thangaraj: AI is poised to transform SOC operations in two key ways. It will act as a force multiplier for analysts, with AI-driven assistants summarizing incidents, suggesting playbooks, and auto-triaging routine alerts, allowing human expertise to be focused on complex investigations. At the same time, it will raise detection fidelity by leveraging machine learning models trained on identity behaviors, cloud activity, and threat intelligence to flag subtle anomalies that traditional rules often miss. That said, AI is not a replacement but an augmentation. The future SOC will combine curated, human-driven detection engineering with AI-driven investigation and response. The result will be operations that are faster, sharper, and more resilient against evolving adversaries.
