One of the most common questions we heard when talking to potential customers about our UEBA product was “Okay, your system found something. Now what do I do?” It was eye-opening to see so many organizations that simply didn’t have response processes defined, and had limited tools to run those processes, anyway. This lack of incident response expertise drove the development of our recently-announced Exabeam Incident Responder product.
Incident Responder goes far beyond the automatic investigation timelines created in Exabeam UEBA. It comes with pre-defined playbooks for common incident types such as malware, phishing, and data exfiltration. These playbooks include actions that can automatically run (e.g. go get reputation data for this IP address) or guide a team member (reset this user’s password). As actions complete, they are displayed in cards, in a Pinterest-like canvas. Responders can share notes and actions with team members, as well.
A major goal with Incident Responder was to take the best practices currently performed by your “ninjas” and make those available to anyone, even your interns.
Similar Posts
Recent Posts
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!