Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Exabeam recently released i54, the latest version of Exabeam Advanced Analytics. In our previous post, you learned about how Content over Cloud lets you manage and install new content directly in our UI. Today, we’re excited to share how we use another new capability, Proactive Content Monitoring, to improve parser quality and the user experience. In this post, you will learn about updating and improving parsers with Exabeam and how Proactive Content Monitoring tackles that with a novel approach.

Parser quality drives SIEM quality

Previously, we shared how features like Content over Cloud support engineering and analyst workflows by seamlessly and automatically delivering frequent content updates and custom content. But aside from new detection, new content can also include parser updates and tweaks. Many SIEMs rely on a historically passive and reactive approach to parser updates. At Exabeam, this typically meant a customer would open a ticket and would wait on the services team to perform an ad-hoc analysis and provide a new parser. Seeing another manual and tedious process, we sought to add some intelligent automation.

Introducing: Proactive Content Monitoring

We’ve shifted the paradigm on content quality by taking a data-driven, proactive approach to parser updates with Proactive Content Monitoring. This new system analyzes the parsing quality of our SaaS customers at scale. Once the content team at Exabeam creates the tweak, an update is made available via Content over Cloud to deploy in your environment. 

With Proactive Content Monitoring, we leverage the collective insights from across our SaaS customer base to understand what improvements need to be prioritized. In turn, our customers benefit from each other as parser fixes are delivered globally across each of their environments via Content over Cloud, versus ad-hoc, custom packages. This model allows our content team to continuously identify the most needed fixes, proactively deliver them, and measure improvement.

Figure 1: Exabeam Proactive Content Monitoring collects data from SaaS customers to send to secure storage for processing and analysis where our content team develops updates based on the highest priority areas. New parsers are delivered seamlessly into all customer environments via Content over Cloud, without customers needing to open a support ticket.

Better quality, fewer tickets

Proactive Content Monitoring, in combination with Content over Cloud, allows customers to receive a content fix without ever lifting a finger to open a ticket. That’s more time for you to go back to catching bad guys.

Do I need SaaS?

To provide insights to the content team on parser quality and performance, customers must have Advanced Analytics in a SaaS environment. Updates derived from Proactive Content Monitoring are available to both on premises and SaaS customers who have Advanced Analytics i54 via Content over Cloud.

Stay tuned

The current release includes updates for parsers for Advanced Analytics, with other types of content and support for Data Lake planned for the future.

Interested in learning more about Content Over Cloud? Check out our technical documentation for more information.