Skip to main content

Intel Security: 93% of Companies Can't Triage All Their Threats

Intel Security recently discussed its research report on how SOCs work in enterprises today, with a writeup in HelpNetSecurity. They interviewed 400 security practitioners and found some interesting stats: On average, security teams are unable to sufficiently investigate 25% of their alerts. This was consistent across company sizes and geographies. That’s for a full investigation. Even worse, 93% of companies were unable to triage all potential threats. 67%, two thirds, reported a rise in security[…]

Read more

Topics: SECURITY, Uncategorized

Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?"


Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their[…]

Read more


Exabeam Announces First Ever Scholarship Competition

Exabeam College Scholarship

As part of our commitment to the future fight against cyber-crime, we are excited to announce details related to our first ever college scholarship essay contest. The contest, which is now open to applicants, offers a top prize of $1,000 to legal U.S. residents who are currently enrolled as a full-time student at any accredited college or university in the United States. In addition, all applicants are required to carry a minimum cumulative GPA of[…]

Read more

Topics: Uncategorized

UEBA: When "E" Doesn't Stand for "Easy"


Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities. While we are[…]

Read more

Topics: data science, ransomware, SECURITY

Finding a Security Unicorn


A recent post on is unlikely to surprise anyone who’s been paying attention to the cybersecurity job market. According to a new Cybersecurity Ventures report, the unemployment rate for cybersecurity jobs is currently zero. On average, there are two open jobs available for every candidate, with over 1 million open IT security positions. Companies are making it worse by trying to hire security unicorns: analysts with skillsets so broad that no person has them[…]

Read more

Topics: SECURITY, Uncategorized

Who do I belong to? Dynamic Peer Analysis for UEBA Explained


In user and entity behavior analytics (UEBA), a security alert is best viewed in context as discussed in my past webinar. A user’s peer groups provide useful context to identify and calibrate that user’s alerts. If a user does something unusual on the network, such as logging on to a server or accessing an application for the first time, we may reduce or amplify the risk score of this activity depending on whether the peers[…]

Read more

Topics: data science, SECURITY, Uncategorized

No SIEM? No Problem!


What kinds of imagery are conjured up when you think about a Security Operations Center (SOC)?  Perhaps a militaristic setting straight out of the movie War Games, but with upgraded tech? Or maybe a dark room with a few scruffy security analysts staring at a wall full of large monitors while they frantically hammer away on their keyboards? Possibly you’re envisioning a single security engineer wearing a nerdy T-shirt hidden away somewhere in the bustle[…]

Read more


The Challenge of Using a SIEM to Detect Ransomware

Ransomware is becoming more common than ever. Corporations both large and small, are increasingly finding themselves the targets of advanced ransomware campaigns. Unfortunately, most security teams haven’t had enough experience with ransomware in corporate environments to stop infections before they run rampant.  This post explores some of the challenges security teams may face when trying to use SIEM correlation rules to identify the behavior and activities associated with a ransomware infection. Zooming out for Greater[…]

Read more

Topics: ransomware, SECURITY

Beyond Detection and Response: Hidden Benefits of Exabeam


When I ask our prospective customers why they are interested in UBA and Exabeam specifically, most have a common answer; they are looking to cash in on the promise of deriving usable intelligence out of the vast amounts of data they have spent time and money collecting. Organizations want increased visibility into the activities of users on their network to detect modern attacks and respond quickly. Solving these problems is at the center of what[…]

Read more

Topics: benefits, CUSTOMERS

Exabeam Cleans Up At Network Product Guide's 2016 IT World Awards


As a software vendor, it’s always nice when the fruits of hard work, purposeful design decisions, and unwavering focus on customer feedback are recognized.  Recently, Exabeam had the honor of being selected as the recipient of six awards at the 2016 Network Product Guide IT World Awards. Our goal has always been to deliver the exceptional by building products that our customers love using. Being named a winner from IT World Awards serves as a[…]

Read more

Topics: awards and recognition