36 InfoSec Resources You Might Have Missed in October

At Exabeam, we seek to provide security professionals with educational, useful content on threat detection, investigation, and response (TDIR) topics. In October, we unveiled New-Scale SIEM^TM to the world, so this month we amped up our regular cadence to bring you many resources on the new Exabeam Security Operations Platform, products, features, and capabilities. In case you missed them, here are 36 of our most recent pieces geared toward helping you along your security operations journey. Whether you’re a CISO or a security practitioner, there is something on this list for you.

In this blog post:

• New-Scale SIEM and the Exabeam Security Operations Platform
• Behavioral analytics
• Compromised credentials and insider threats
• Choosing a SIEM solution provider
• The New CISO podcast with Steve Moore
• Spotlight22

New-Scale SIEM and the Exabeam Security Operations Platform

1. Looking Back at the Evolution of SIEM | Blog Post

Over the last 20+ years, the SIEM market has had quite an evolution and growth explosion. Today, SIEM accounts for approximately $4B of total cybersecurity spend and is expected to increase to $6.24B by 2027. This is easy to understand as SIEM has evolved into the data store for cybersecurity data which has been exploding as the volume of data and number of alerts is growing exponentially. Before we go into where the SIEM market goes from here, let’s first take a look back at how SIEM has evolved.

2. New-Scale SIEM: Where Big Data Meets Cybersecurity | Blog Post

Exabeam introduces New-Scale SIEM to evolve the SIEM market towards more powerful cloud-native hyperscale data and security analytics technology with greater performance and significant cost efficiencies. Exabeam is known for having the best behavioral analytics capabilities on the market — it’s why so many of the world’s largest organizations count on us every day to help stop adversaries. We offer advanced automation of TDIR to identify intrusions other SIEMs can’t. Now, we marry our behavioral analytics and TDIR automation with the world’s most modern, hyperscale, cloud-native data lake to cost-effectively ingest, parse, store, and search data (hot, warm, and cold) in real time from anywhere. 

3. Introducing the New Exabeam Security Operations Platform | Blog Post

When Chief Product Officer (CPO) Adam Geller started at Exabeam two years ago, we had a primarily on-premises product that had just moved to a SaaS offering. As we considered the future, where we needed to evolve our products, we talked to customers to make sure we truly understood their challenges and realized that there was an opportunity to help security operations teams get a more complete picture of what’s happening in their environments so they can more effectively detect, investigate, and respond to threats. All of this culminates in what Exabeam announced: a new security operations platform with five products designed to solve the problems we’ve heard about time and again: Security teams need to collect more of the right data, teams must know what they are looking for, threats are buried in a sea of noise, and manual investigations lead to incomplete outcomes.

4. The Strategic Value of the Modular, App-centric Exabeam Security Operations Platform | Blog Post

The Exabeam strategy is to design and develop a modular platform for security operations excellence. CEO Michael DeCesare announces the launch of the first phase of the Exabeam Security Operations Platform. Read this post to learn why we created the Exabeam Security Operations Platform, and specifically the benefits to our customers, our partners, Exabeam, and our development teams.

5. Exabeam: A Company and Platform that Puts Customers First | Blog Post

Excited about the new Exabeam Security Operations Platform yet? The Exabeam Customer Success team’s mission is to put our customers first, and their job is to deliver an exceptional and seamless migration experience to the new platform. Read on to better understand our approach to help customers on their migration journey to the new platform. This post will discuss implementing a customer-first strategy, accelerating adoption of the new platform among our customers, and next steps. 

6. Introducing Exabeam SIEM: A Hyperscale Cloud-native SIEM | Blog Post

Cybersecurity today is a big data problem. Every sensor, detection product, or feed required to enable security use cases drives the collection of more data, often into terabytes per day. As the window of opportunity to detect and investigate attacks decreases, defenders are left vulnerable if they don’t know what to look for. As data volumes, exposure points, third-party alerts, and the cost of talent and storage have all multiplied, the speed of SIEM innovation has not kept up. Unfortunately, most SIEM products can’t meet the requirements of today and so industry analysts are asking customers to settle for less with XDR; customers deserve a better method rather than a jump to one more category.

7. New-Scale SIEM Expands Exabeam Threat Coverage with Content Library and TDIR Use Cases | Blog Post

Organizations’ decision to purchase a security information and event management (SIEM) solution is driven by the need to solve a variety of challenges facing the business. One of those main drivers is to establish effective TDIR capabilities. In order to leverage a SIEM for TDIR, organizations require the ability to detect a wide array of threats with high fidelity and at scale, as well as respond to those threats. Security content is the key enabler within any SIEM or security operations platform to drive the entire TDIR experience from end to end. With the launch of New-Scale SIEM, Exabeam introduces many new functionalities related to content, as well as brand-new TDIR content.

8. Anomaly Search and Advanced Analytics: Threat Hunting for Everyone | Blog Post

Threat hunting takes a proactive approach to cybersecurity. A threat-hunting workflow starts with a hypothesis or strange occurrence, and requires asking questions of your data repository to detect and isolate advanced threats. These can stem from events that have appeared in the news, or even curiosity about a MITRE ATT&CK^® tactic if you want to understand your security posture. Protecting your business from security threats on an ongoing basis requires threat hunting. By threat hunting, you can reduce the time between intrusion and discovery to minimize the damage from an attacker. Read the blog to learn about how Exabeam offers two starting points for threat hunting: Anomaly Search and Advanced Analytics. 

9. Panacea or Money Pit? Six Design Considerations for Your Security Data Lake | Blog Post

Large numbers of enterprises, such as retail conglomerates, consumer banks, airlines, and insurance companies are joining the rush to set up data lakes for handling petabytes of security data and logs. But many executives and architects assume that once they finish setting up log sources, applying parsers, and arming their security operations analysts with reports, their data lake will deliver the goods. Alas, if only that were true! We’ve heard the war stories: internal politics on building versus buying, years to deploy, millions of dollars invested, and unfortunately, multiple security threats missed or detected too late. If you’re considering investing in a new security data lake or replacing your existing one, take a pause. Be mindful of how you prepare — especially how you design yours. To help with this exercise, here are six design considerations for your security data lake based on our interactions with successful Exabeam customers.

10. Meeting ISO 27002 Standards | White Paper

ISO 27002 is a specification for a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes. This white paper outlines the primary information security controls and requirements addressed by ISO 27002, how Exabeam solution capabilities map to ISO 27002 controls, and how Exabeam can help manage risk to information systems and provide compliance.

11. The Exabeam Security Operations Platform | Data Sheet

New-Scale SIEM from Exabeam includes rapid data ingestion, a cloud-native data lake, hyper-quick query performance, powerful behavioral analytics for next-level insights that other tools miss, and automation that changes the way analysts do their jobs. Whether you replace a legacy product with a New-Scale SIEM, or complement an ineffective SIEM solution by adding the industry’s most powerful user and entity behavior analytics (UEBA) and automation to it, the Exabeam Security Operations Platform can help you achieve security operations success. 

12. Exabeam Security Log Management | Data Sheet

There is a need for hyper-scale, cloud-native security log management that can thrive within today’s cyber challenges. Ingesting, parsing, storing, and searching log data at scale must be easier to accomplish and not require advanced programming or query-building skills. Exabeam Security Log Management changes all of this. Finally, there is a powerful and affordable log management solution, purpose-built for security, that your teams will want to use without a massive learning curve. Deploy quickly and easily, and scale as you need with Exabeam Security Log Management.

13. Exabeam SIEM | Data Sheet

The SIEM plays a central role in security operations monitoring, alerting, threat detection, and managing compliance. Unfortunately, most SIEM products can’t meet this requirement. Exabeam SIEM delivers limitless scale to ingest, parse, store, search, and report on petabytes of data — from everywhere. Pre-built with integrations from 549 security products, with the ability to onboard new log sources in minutes, Exabeam SIEM delivers analysts new speed, processing at over one million EPS, and efficiencies to improve their effectiveness. 

14. Exabeam Fusion | Data Sheet

Our most comprehensive offering for TDIR, Exabeam Fusion, represents the industry’s most powerful and advanced cloud-native SIEM and introduces New-Scale SIEM. Exabeam Fusion unites the capabilities of Exabeam Security Log Management and Exabeam SIEM with Exabeam Security Analytics and Exabeam Security Investigation. 

15. Exabeam Security Analytics | Data Sheet

Security Analytics takes in logs, and upon intake, normalizes and parses them via CIM with data enrichment and threat intelligence to build events — offering more than 1,800 rules, including cloud infrastructure security, and more than 750 behavioral model histograms that automatically baseline normal behavior of users and devices to detect, prioritize, and respond to anomalies based on risk. Smart Timelines™ convey the complete history of an incident, showing full event flows and activities, and scores the risk associated with each event. Exabeam Security Analytics includes prescribed threat scenario use cases with prepackaged security content (e.g. ATT&CK framework) that focus on specific threat types. Additionally, Outcomes Navigator, a visualization tool, shows the completeness of your security coverage with validation against ATT&CK TTPs. These features boost analyst productivity, reduce response times, and ensure consistent, highly-repeatable results.

16. Exabeam Security Investigation | Data Sheet

Unlike other products in the market, Exabeam Security Investigation can run on top of a third-party legacy SIEM or data lake to deliver advanced capabilities for TDIR. Exabeam Security Investigation compounds the UEBA capabilities of Exabeam Security Analytics with detection content and prescribed workflows to enable outcome-focused TDIR for ransomware, phishing, malware, and compromised and malicious insiders.

17. Exabeam Platform Integrations | Data Sheet

The ability to quickly detect, investigate, and respond to modern threats is dependent on the quality and quantity of log data from IT and security tools. With more than 540 different product integrations across 292 different vendors, Exabeam works extensively with third-party vendors to provide a holistic view of activity across users and devices whether on-premises or in the cloud. Read the data sheet to learn more about extensive data sources, collectors for the cloud and on-premises, behavioral analytics extended to the cloud, centralized security automation and orchestration with third-party integrations, and more. 

18. Exabeam and Mimecast: Enhancing Protection Against Email-based Attacks | Solution Brief

Cyberattacks can come from many different vectors, but the most common attacks come through email. By using email to conduct phishing, BEC attacks, brand impersonation, and more, these attackers leverage your weakest security link — your people — to wreak havoc. As a result, email-based attacks are the number one attack vector to secure. To protect your attack perimeter, Mimecast combined with Exabeam’s SIEM and XDR platform provides comprehensive protection from email-based and multivector attacks. Together, they give you the ability to stop email attacks at your email perimeter, leverage behavioral analytics to recognize anomalous activity, and prevent lateral movement of threats across your network.

Behavioral analytics

19. Guide to Evaluating UEBA: Top 10 Criteria | Blog Post

UEBA solutions use artificial intelligence and machine learning, advanced analytics, data enrichment, and data science to effectively combat advanced threats. The UEBA solution combines all the data sources together for analysis and automatically synthesizes results. Many vendors claim to offer UEBA capabilities, but a variety of implementations make comparative evaluations difficult. This blog post can be used by your organization to guide the selection of an effective UEBA technology.

20. The Ultimate Guide to Behavioral Analytics | eBook

Malicious insiders and compromised credentials are threats that often go undetected by traditional security tools. UEBA analyzes behavior in organizations’ environments to set a baseline for normal and detect anomalies that indicate real threats in need of investigating. This comprehensive guide was created to help organizations evaluating UEBA solutions better understand it and how it can be adopted to improve your overall security posture with faster, easier, and more accurate TDIR. Read the eBook to gain clarity on confusion about the growing UEBA market, and learn about what UEBA is and why it is needed, how UEBA is different from other security tools, the different types of UEBA solutions, factors to consider when evaluating UEBA solutions, and threat-centric use cases. 

21. Preventing Insider Threats with UEBA | White Paper

Learn how a UEBA solution can detect insider threats early to prevent data loss. Insider threats are, most commonly, malicious activity against an organization that comes from users with legitimate access to an organization’s network, though the term can also refer to users who unintentionally cause harm to the business. Read the white paper and learn how to identify early patterns of risky behavior to prevent loss of sensitive data, detect signals originating in multiple places that point to a malicious insider, and deploy automation and machine learning to identify and evaluate insider threats. 

Compromised credentials and insider threats

22. Detecting Compromised User Credentials | White Paper

Apply UEBA to detect malicious use of legitimate user credentials. Most of the biggest breaches have involved credential-based attacks — attackers leveraging stolen user credentials to masquerade as employees, gain access, escalate privileges, and obtain important data that should only be available to those with the highest level of access. Read the white paper and learn how a system that learns credential behaviors and characteristics detects attackers who look like legitimate employees going about their normal business, how to find attackers that switch identities, where credentials enable attack chain functions, and how UEBA helps cut through the noise of alerts to quickly identify and mitigate real threats.

23. How Exabeam Solves 7 Use Cases for Compromised Insiders | White Paper

Compromised insiders are one of the most difficult security risks for an enterprise to detect, escalate, and manage. This guide describes how Exabeam can identify and mitigate the potential risk of seven common compromised insider use cases: compromised credentials, lateral movement, privilege escalation, privileged activity, evasion, account manipulation, and data exfiltration.

Choosing a SIEM solution provider

24. 2022 Gartner^®️ Magic Quadrant™️ for SIEM | Research Report 

Exabeam is proud to be named a “Leader” in the 2022 Gartner Magic Quadrant for Security Information and Event Management for the fourth time/year. Read the complimentary report to learn about the Gartner insights on the SIEM market, including key trends to watch in the SIEM market, major players to keep an eye on in the SIEM space, and how SIEM vendors support different end user maturity levels. Additionally, learn more about our recognition in this space and how Exabeam can help you achieve your goals.

25. 10 Questions Security Operations Managers Should Ask About Cloud SIEM Vendors | Blog Post

Security teams demand better visibility into their environments that now support distributed teams and extend to the cloud. As organizations provide more access to data and collaboration tools, securing and making services available around the clock are critical priorities for security operations centers (SOCs) and their teams. Digital transformation has accelerated and will continue to advance, making it necessary for organizations to adopt cloud solutions. This landscape increases the attack surface for external and internal threats, putting SOC teams under pressure to detect potential threats from an overwhelming number of alerts. In this article, we will answer the 10 questions security operations managers should ask when assessing a cloud-delivered SIEM vendor. 

26. 3 Critical Success Factors for Choosing Your New SIEM | Guide

No cybersecurity solution can prevent all attacks; however, some can detect intrusions and anomalous activity better than others. And while some SIEMs have better detection and analytics capabilities, many require specialized expertise or are too costly for ingesting, analyzing, and maintaining all the logs that might help your teams stitch together the story of what really happened in an attack. Combating these challenges requires a system equipped to find the true gems of discovery amidst the noise of alerts. There are a lot of SIEM vendors in the marketplace. How do you know you’re selecting the right fit for your organization? Read this guide to learn the three critical success factors when choosing a new SIEM.

27. 6 Ways Exabeam Delivers Better Security Outcomes Than Splunk | Guide

No security solution can prevent every attack, but some are definitely better than others. Exabeam delivers the best security outcomes for your organization because our innovative and market-leading solution is built for the evolving world of cyber threats. Built by security people for security people, it’s the SIEM that many organizations choose to replace Splunk. Read the guide now to see why Exabeam is the superior SIEM choice.

28. 4 Ways Exabeam Delivers Better Security Outcomes than Securonix | Guide

Securonix is a good SIEM; however, Exabeam SIEM is preferred by many organizations to replace Securonix. How do you distinguish between Exabeam and Securonix? Read our guide to discover four ways in which Exabeam excels and delivers better security outcomes than Securonix. Learn how Exabeam provides complete visibility to analysts, provides use cases that cover the entire TDIR lifecycle, and provides transparent pricing with no hidden costs. 

29. 4 Ways Exabeam Delivers Better Security Outcomes Than QRadar | Guide

With so many SIEMs in the marketplace, how do you distinguish between Exabeam and other solutions to find the right fit for your organization? No security solution can prevent every attack, but some can detect intrusions and malicious activity better than others. The best solution is a system that combines pre-built rules, timelines, and suggested guidelines for purpose-built security investigation. Built by security people for security people, Exabeam SIEM is preferred by many organizations to replace IBM QRadar. Read our guide to discover four ways Exabeam excels over QRadar and delivers better security outcomes for your organization.

The New CISO podcast with Steve Moore

30. The New CISO Ep. 76: “Translating Your Military Skills for Security Success” with Jason Hamilton | Podcast

In this episode of The New CISO, Steve is joined by Jason Hamilton, CISO at Mutual of Omaha, to discuss how having a military background leads to security success. After twenty-two years in the U.S. Marine Corps, Jason was able to take his skillset and move into the cybersecurity industry. Today, he shares what he learned over the years that prepared him for the career he has today. Listen to the episode to learn more about Jason’s military experience, tips for officers entering the civilian workforce, and the importance of corporate mentorship.

31. The New CISO Ep. 77: “Storytelling For CISOs – How to Make Your Message Resonate” with Tom August | Podcast

In this episode of The New CISO, Steve is joined by Tom August, a seasoned CISO with over thirty years of experience. First starting his career as an accounting intern, Tom has since had an incredible journey where he not only wrote the CISO Handbook, but created a risk-management methodology. Today, he shares what he’s learned from his years in the cybersecurity industry and the importance of storytelling. Listen to the episode to learn more about Tom’s unique transition into cybersecurity, the inspiration behind the CISO Handbook, and how to sell your “why.”

Spotlight22

32. Overview of Exabeam SIEM & Security Analytics Product Innovations | Webinar

Security Operations success requires a new approach. Come hear about the new solutions from Exabeam. Watch the webinar to learn about rapid data ingestion from hundreds of third-party vendors with integrated threat intelligence, a cloud-native data lake with hyper-quick query performance, powerful behavioral analytics for next-level insights that other tools miss, and how automation can change the way your analysts do their jobs. If you missed our announcements at Spotlight22, this webinar is for you!

33. Spotlight22: Evolution of Cybersecurity, Advanced Threats, and What Your Teams Can Do About It | Video

In this fireside chat, Phil Venables, Google Cloud CISO, shares the evolution he’s seen in cybersecurity over the last few years, the complexity of risk, and where security teams need to focus. This insightful discussion also focuses on how cloud-native SIEM and log management markets continue to evolve.

34. Spotlight22: Unveiling Exabeam’s Vision to Advance Security Operations | Video

In this 30-minute session, Michael DeCesare, Exabeam CEO, discusses how the SIEM industry has not kept up with the changing cyber climate of today as Exabeam unveils the vision for New-Scale SIEM to advance security operations and introduces innovation across a new platform.

35. Spotlight22: Exabeam in Action: A Demo of Modern Security Operations at Scale | Video

In this 60-minute overview, Adam Geller, Exabeam CPO, covers the three foundational pillars of a modern security operations platform through live demos and how Exabeam delivers them with New-Scale SIEM.

36. Spotlight22: Customer Success Strategies | Video

In this 20-minute session, Pedro Abreu, Exabeam Chief Operating Officer talks about the scaled-up customer success journey as Exabeam delivers the exceptional to ensure customers properly advance their security operations and accelerate the adoption of the new platform.

Learn more about Exabeam SIEM

Register for our webinar on Nov. 15 at 10:00 AM PT/1:00 PM ET: Introducing Exabeam SIEM: Cloud-native SIEM at Hyperscale.

Come see a demo of:

• Alert & Case Management
• Correlation Builder with 100+ pre-built rules
• The simplicity and speed of log search at scale
• Dashboards and compliance reporting