Skip to main content

Exabeam Wins Red Herring Global 100 and Computing Security Excellence Awards

We’re thrilled to announce that Exabeam recently won two prestigious awards. These awards were: The Red Herring 2017 Global Top 100 The Computing Security Excellence Award for Security and Event Management Exabeam Named Red Herring 2017 Global Top 100 Winner Since the mid 90s, Red Herring has selected the top privately owned startups from specific geographic regions and highlighted them in their top 100 showcase.  To be considered for the list, companies must be: Technology[…]

Topics: awards and recognition, SECURITY, SIEM

Exabeam Highlighted in the Expanding Cisco Security Technology Ecosystem

Earlier this week, Cisco Security released a blog announcing more than 26 new integrations with 3rd party security products.  Here at Exabeam, we’re thrilled to have been prominently mentioned several times throughout the announcement for the value our integrations deliver to joint Cisco / Exabeam customers. This exemplifies the commitment we’ve made to working with Cisco Security as a strategic partner. Exabeam was specifically mentioned for several integrations including: Cisco Firepower Cisco Umbrella The joint[…]

Topics: benefits, Partnerships, SECURITY

Machine Learning SDK for Security Analytics

Once I was asked by an aspiring data scientist what the challenges are in getting into the field of user and entity behavior analytics (UEBA).  After all, data scientists have been applying their skills successfully across many industries.  Yet, I believe security analytics poses some challenges representing high barriers of entries for a data scientist new to the area.  First, there is the obvious need to collect and process the 3Vs (volume, variety, and velocity)[…]

Topics: data science

Sharpening First-Time Access Alert for Insider Threat Detection

Residents participating in a neighborhood crime watch look out for signs of suspicious activity.  A new car parked on the street is probably the first thing to register in a resident’s mind.  Other hints like the time of day, what the driver carries, or how he loiters around all add up before one decides to call the police.  A User Behavior Analytics (UBA) system works much the same way, with various statistical indicators jointly working[…]

Topics: data science

Anomalous User Activity Detection in Enterprise Multi-Source Logs

Network users’ activities generate events every day.  Logged events collected from multiple sources are valuable for user activity profiling and anomaly detection.  A good analytics use case for insider threat detection is to see if a user’s collection of events today is anomalous to her historical daily collections of events.  In an earlier blog, I highlighted a method to address this use case that leverages distributed computing built on HDFS and Apache Spark.  In this[…]

Topics: data science

Account Resolution via Market Basket Analysis

Machine learning and statistical analysis have many practical applications in the detection of malicious user and entities as part of  User & Entity Behavior Analytics (UEBA) solutions.  Threat detection typically garners attention, this is as true on the show floor of security conferences, as it is for the text of marketing material.  Equally important, although less mentioned, is the application of machine learning for context estimation. Contextual information such as whether the machine is a[…]

Topics: data science

UBA, UEBA, & SIEM: Security Management Terms Defined

This blog post seeks to define and explain some common acronyms involved in today’s security management landscape. What is UBA?   UBA stands for User Behavior Analytics and it’s an analytics led threat detection technology. UBA uses machine learning and data science to gain an understanding of how users (humans) within an environment typically behave, then to find risky, anomalous activity that deviates from their normal behavior and may be indicative of a threat. How[…]

Topics: SECURITY, Uncategorized

Why is Critical Infrastructure So Vulnerable to Insider Threats?

Why is Critical Infrastructure so Vulnerable to Insider Threats?

A recent article in the Washington Post “Russia has developed a cyberweapon that can disrupt power grids, according to new research” came as a real reminder of the constant risk critical infrastructure operators face. The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system in Ukraine but could be deployed against U.S. electric transmission and distribution systems. The consequences of insider threats to critical infrastructure operators are much greater[…]


User Behavior Anomaly Detection Meets Distributed Computing

User Entity Behavior Analytics (UEBA) analyzes log data from different sources in order to find anomalies in users’ or entities’ behaviors. Depending on enterprise sizes and available log sources, data feeds can range from tens of gigabytes to terabytes a day. Typically, we need 30 days, if not more, to build proper behavior profiles. This calls for an analytics platform that is capable of ingesting and processing this volume of data. In this blog, I[…]

Topics: data science

Too Many Alerts… Just Give Me the Interesting Ones!

Security analysts often wrestle with the high volume of alerts generated from security systems and much like the protagonist in The Boy Who Cried Wolf, many alerts tend to be ignored. Human analysts quickly learn to ignore repeated alerts in order to focus on the interesting ones.  Learning to screen out repeated alerts as false positives allows analysts to focus their finite time where it matters most. A natural question, then, is whether we can[…]

Topics: data science, SECURITY