Skip to main content

DFIR 101: Triage Collection

During a typical day, your team might have to review dozens or hundreds of security alerts, hopefully only a fraction of which will turn out to be real incidents. As you begin your response to these alerts, rather than simply trusting the alert as 100% accurate and remediating, or pulling a full disk image from each potentially infected endpoint, you can do something in between: a triage collection. Exabeam Threat Researcher, Ryan Benson expanded on[…]


Webinar Recap: 2017 Cybersecurity Trends & Predictions

Today’s enterprises are under a continuous stream of cyberattacks and security operations centers need to equip themselves with what’s to come. Exabeam Chief Security Strategist, Stephen Moore and Exabeam Director of Threat Research, Barry Shteiman expanded on the current state of play and the future of cybersecurity in a recent webinar. Current State of the SOC Organizations fall into one of two categories: they have a SOC, or they don’t. Unfortunately, the many organizations that[…]


The Future of Cybersecurity & Industry Predictions

Exabeam’s Chief Security Strategist, Stephen Moore, was invited to share his predictions for the future of cybersecurity with VMBlog for 2018 as part of their 10th annual industry executive exclusive. In his post, he shares his perspective on the changing face of cybersecurity. Robust cybersecurity policies are an absolute necessity given the changing landscape of cybersecurity. People regularly ask questions like, “Do organizations even need a CISO anymore?”, “Should cybersecurity sit independent of IT?”, and[…]


Why is Critical Infrastructure So Vulnerable to Insider Threats?

Why is Critical Infrastructure so Vulnerable to Insider Threats?

A recent article in the Washington Post “Russia has developed a cyberweapon that can disrupt power grids, according to new research” came as a real reminder of the constant risk critical infrastructure operators face. The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system in Ukraine but could be deployed against U.S. electric transmission and distribution systems. The consequences of insider threats to critical infrastructure operators are much greater[…]


5 Aspects to Consider When Evaluating SIEM Solutions

Considering SIEM Solutions

The SIEM category is quite mature; all Magic-Quadrant-Leader products are more than a decade old. In fact, the youngest product is 14 years old. When these products were in their prime, design requirements were different: an enterprise-class product might be expected to store 50 TB of logs; correlation rules were considered a major advance over signatures for detection; searches were judged on speed and it was acceptable to require complex search syntax; finally, the hard[…]

Topics: SIEM

Check Out Exabeam Incident Responder

One of the most common questions we heard when talking to potential customers about our UEBA product was “Okay, your system found something. Now what do I do?” It was eye-opening to see so many organizations that simply didn’t have response processes defined, and had limited tools to run those processes, anyway. This lack of incident response expertise drove the development of our recently-announced Exabeam Incident Responder product. Incident Responder goes far beyond the automatic[…]


McAfee Labs Report Finds 93 Percent of Security Operations Center Managers Overwhelmed by Alerts and Unable to Triage Potential Threats

This is a very interesting report from our partner, Intel Security/McAfee. Some interesting bits: Enterprise security operations center survey found 93 percent of respondents acknowledged being unable to triage all potential cyber threats. On average, organizations are unable to sufficiently investigate 25 percent of security alerts. 67 percent of respondents reported an increase in security incidents. 26 percent acknowledge operating in a reactive mode despite having a plan for a proactive security operation. New ransomware[…]


Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?"

Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their[…]


Exabeam Announces First Ever Scholarship Competition

Exabeam College Scholarship

As part of our commitment to the future fight against cyber-crime, we are excited to announce details related to our first ever college scholarship essay contest. The contest, which is now open to applicants, offers a top prize of $1,000 to legal U.S. residents who are currently enrolled as a full-time student at any accredited college or university in the United States. In addition, all applicants are required to carry a minimum cumulative GPA of[…]

Topics: Uncategorized

UEBA: When "E" Doesn't Stand for "Easy"

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities. While we are[…]

Topics: data science, ransomware, SECURITY