Trust Exabeam
Learn how we maintain privacy, security, and availability for our cloud-delivered offerings, so you can trust Exabeam with your data.
Our cornerstone
At Exabeam, trust is the cornerstone of how we operate — encompassing everything from how we build our products to how we run our operations. We understand that one of your most valuable assets is your data, and we focus on ensuring your data is secure, data privacy rules are followed, and the platform has a high uptime.
Privacy, security and availability
We understand that one of your most valuable assets is your data, and we focus on ensuring your data is secure, data privacy rules are followed, and the platform has a high uptime. Learn how we maintain privacy, security, and availability for our cloud-delivered offerings, so you can trust Exabeam with your data.
Privacy options you can configure at any time
The Exabeam Security Operations Platform offers role-based access controls and data retention. Data masking within the user interface anonymizes users and assets, and ensures that personal data cannot be read, copied, modified, or removed without authorization during processing or use. Data masking helps preserve individual employee privacy — only users with permissions can access relevant information.
Committed to the privacy of your data
No matter where your organization or data is located, Exabeam is committed to the privacy of your data and the local guidelines for data storage. At Exabeam, data privacy is very important, especially when it comes to processing Personally Identifiable Information (PII). Exabeam believes in the confidentiality of your information. Exabeam will only process data that you share with us, following SOC 2 and GDPR standards when collecting, processing, and storing your data.
Globally available cloud-delivered services
Exabeam cloud-delivered services are available globally, so you can choose where your data is hosted and leverage our products for threat detection, investigation, and response, while satisfying your data residency requirements. Exabeam deploys a multi-tenant cloud architecture. Data in each tenant is isolated and invisible to other tenants to protect the privacy of your data.
Role-based access control
Exabeam offers universal role-based access control with custom roles across the entire platform for granularity. Role-based access controls allow you to manage the responsibilities and activities of your security team. Each user can be assigned one or more roles to create an aggregate set of permissions within the Platform. You can also create custom roles to fine-tune permissions that best align with your organization’s security structure.
Choose when data gets archived
Data retention policies enable you to choose when data is automatically transferred to an archive destination. Data retention can be set by day, time, or storage space used. For auditing, Exabeam keeps an audit trail of notable user activity, settings changes, or object changes within the platform for search or export.
Security tools should not create additional points of entry
The Governance, Risk, and Compliance (GRC) team at Exabeam is dedicated to maintaining a secure operating environment for your confidential data. Exabeam has implemented mechanisms ensuring the secure operation of the environment that stores and processes your data. Among them, a defense-in-depth methodology, zero trust policy, and vulnerability management programs, coupled with personnel security.
Meet your compliance requirements
National and global organizations need to comply with laws around the world, and Exabeam can help you meet your local and global compliance requirements. Exabeam has three ISO certifications: 27001, 27017, and 27018 certifications, has been certified by a SOC 2 Type II Report, has completed an IRAP assessment at the PROTECTED level, and has appropriate technical and organizational measures in place for GDPR. Also, Exabeam complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Data encryption both in transit and at rest
Exabeam offers tokenization and encryption of certain data types using AES-256 ciphers. Customer data is encrypted both in transit and at rest. For data in transit, Exabeam enforces TLS encryption when transferring data from all collectors to the cloud. A zero-trust internal policy, ongoing security awareness training, and regular third-party security assessments are just a few of the ways Exabeam helps ensure the security of our customers.
Regular vulnerability scans and Penetration Testing
Exabeam’s data security policy identifies controls and practices in detail, and the GRC team has resources available to help you address commitments to your own customers and their personal data, including vulnerability disclosure processes. Exabeam product code undergoes regular vulnerability scans, and Exabeam employs a third party to conduct an annual Attack and& Penetration Test, sharing the results with customers.
Stability during emergencies or significant business disruptions
Accessibility is fundamental when it comes to your security tools. Exabeam provides service level agreements which include monthly data upload availability of 99.9% and product access availability of 99.5%. Our business continuity plan is a key component of our risk management framework, and aims to ensure stability during emergencies to minimize significant business disruptions. Our plan includes cloud-native services and availability zone redundancy and availability through the Google Cloud Platform , along with queueing live data during a catastrophic failure.