Skip to main content

Flipping the SIEM Value Equation

If you operate a SIEM, you probably deeply sympathize with what I’m about to say. SIEMs are over priced. More accurately, SIEMs are overpriced compared to the value they actually provide to their customers. Not only are these systems responsible for draining security budgets, they aren’t effective in helping customers to effectively manage security incidents. The Economics of SIEMs (and Razors) All legacy SIEMs have at least one thing in common, some form of data[…]


Breaking Down Barriers To Effective Cyber Defense with UEBA

Recently, the CyberEdge Group released its 2017 Cyberthreat Defense Report, a survey of 1,100 IT security professionals on topics ranging from cyber-attack trends and security investment, to tool effectiveness and security best practices. Of course there were a lot of interesting findings in this year’s report, however the part that really caught my eye was the chart on “top barriers to establishing an effective cyber threat defense”. As part of the report, respondents were asked[…]

Topics: Uncategorized

On True Positives and Security Incidents

The Potential POS Breach Exabeam recently discovered unusual behavior at one of our retail customers. On some of the most sensitive point of sale (POS) devices, a local account was added to a privileged active directory group. Some of the audit functionalities on these machines were then disabled and a few minutes later the account was removed from the privileged group and the audit functionalities were reactivated. This was happening on hundreds of POSs at[…]


First-time Access to an Asset - Is it Risky or Not?: A Machine Learning Question

Looking for outliers or something different from the baseline is a typical detection strategy in user and entity behavior analytics (UEBA). One example is a user’s first-time access to an asset such as a server, a device or an application. The logic is sound and is often used as an example in the press for behavior-based analytics. However, it is an open secret among the analytics practitioners that alerts of this type has a high[…]

Topics: data science, SECURITY

Check Out Exabeam Incident Responder

One of the most common questions we heard when talking to potential customers about our UEBA product was “Okay, your system found something. Now what do I do?” It was eye-opening to see so many organizations that simply didn’t have response processes defined, and had limited tools to run those processes, anyway. This lack of incident response expertise drove the development of our recently-announced Exabeam Incident Responder product. Incident Responder goes far beyond the automatic[…]


The World Has Changed; Shouldn’t Your Security Change, Too?

From day one, Exabeam had a vision for something better than today’s SIEM solutions. We felt these products were fundamentally broken: SIEM log management was built on old, proprietary technology and was (over)priced by the byte; SIEM correlation rules were a mess and ineffective, and they caused more work for analysts than they eliminated. SIEM was broken and the opportunity to make something massively better was clear. Our first step was to win the UEBA[…]

Topics: CUSTOMERS, data science, SECURITY

A User and Entity Behavior Analytics Scoring System Explained

How risk assessment for UEBA (user entity behavior analytics) works is not unlike how humans assess risk in our surrounding environment. When in an unfamiliar setting, our brain constantly takes in data regarding objects, sound, temperature, etc. and weighs different sensory evidence against past learned patterns to determine if and what present risk is before us. A UEBA system works in a similar manner. Data from different log sources, such as Windows AD, VPN, database,[…]

Topics: data science, SECURITY

McAfee Labs Report Finds 93 Percent of Security Operations Center Managers Overwhelmed by Alerts and Unable to Triage Potential Threats

This is a very interesting report from our partner, Intel Security/McAfee. Some interesting bits: Enterprise security operations center survey found 93 percent of respondents acknowledged being unable to triage all potential cyber threats. On average, organizations are unable to sufficiently investigate 25 percent of security alerts. 67 percent of respondents reported an increase in security incidents. 26 percent acknowledge operating in a reactive mode despite having a plan for a proactive security operation. New ransomware[…]


Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?"

Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their[…]


Exabeam Announces First Ever Scholarship Competition

Exabeam College Scholarship

As part of our commitment to the future fight against cyber-crime, we are excited to announce details related to our first ever college scholarship essay contest. The contest, which is now open to applicants, offers a top prize of $1,000 to legal U.S. residents who are currently enrolled as a full-time student at any accredited college or university in the United States. In addition, all applicants are required to carry a minimum cumulative GPA of[…]

Topics: Uncategorized