15 InfoSec Resources You Might Have Missed in November

At Exabeam, we seek to provide security professionals with educational, useful content on threat detection, investigation, and response (TDIR) topics. In November, we created several resources for you. In case you missed them, here are 15 of our most recent pieces geared toward helping you along your security operations journey. Whether you’re a CISO or a security practitioner, there is something on this list for you.

In this post:

• Resources for CISOs
• A deep dive into user and entity behavior analytics (UEBA)
• Learn more about New-Scale SIEM™
• Exabeam company news

Resources for CISOs

1. A CISO’s Guide to Adversary Alignment | White Paper

“Are we secure?” Executives and board members always want the answer to be “yes,” but CISOs know it’s irresponsible to make such a blanket statement. An adversary could be any potential threat — whether external or internal, intentional or unintentional. So, the question CISOs should be answering is: “Are we adversary-aligned?” Download this white paper to learn how your people, processes, and tools can be adversary-aligned, and the benefits of doing so.

2. Organizational Downsizing and Insider Threats: Detecting the Undetectable to Reduce Risk | Blog 

History has shown that downsizing increases the organizational risk companies face from impacted employees and the data and IP they have access to. CISOs need to educate their organizations on the risk of insider threats all the way to the board level to get buy-in for the programs and necessary budget to address these threats. In this article, we discuss the challenge of detecting insider threats, how Exabeam helps triage, detect, investigate, and resolve insider threats, data leak activity to watch for, and the benefits of using Exabeam for insider threats. 

3. The New CISO Ep. 78: “Bridging the Effectiveness Gap: A CISO’s Perspective on New-Scale SIEM” | Podcast

In this episode of The New CISO, Steve is joined by Tyler Farrar, the CISO at Exabeam. With malware-free attacks becoming increasingly common, Tyler understands the best ways to bridge the effectiveness gap. With this in mind, he shares his SOC philosophy and the importance of threat detection. Listen to the episode to learn more about the act of prevention, the pillars of a security information and event management (SIEM) product, and why attackers gravitate toward credential techniques.

4. The New CISO Podcast Episode 79: “Building Your Framework for Fulfillment” | Podcast

In this episode of The New CISO, Steve is joined by Demetrios “Laz” Lazarikos, three-time CISO and Co-founder of Blue Lava Security. A naturally curious child, Laz became interested in technology early, prompting his life-long love of learning. Today, he shares how different lessons from childhood and the airforce led to his fulfilling CISO career. Listen to the episode to learn more about Laz’s fascinating cybersecurity journey, the influence of his family, and how to become a more effective mentor.

A deep dive into user and entity behavior analytics (UEBA)

5. The What and How of Evaluating UEBA Under the Hood | Blog 

Why do we bother with UEBA in the first place? 93% of breaches are due to compromised credentials. For such insider threats, there is no other alternative to UEBA. While threat prevention technologies are a necessary component of enterprise security, companies are recognizing that UEBA detection tools are an integral part of security defense. Read the blog to learn about the three dimensions to consider when evaluating UEBA solutions. 

6. Building a UEBA Risk Engine | Blog 

UEBA technology is the confluence of advancements in data infrastructure, security knowledge, and algorithms. Each of these areas relates to anomaly detection and event scoring — the output of a UEBA engine. This article shows the technical and knowledge components that make UEBA possible. 

7. Understanding UEBA: From Raw Events to Scored Events | Blog 

In this post, we examine how here at Exabeam, we actually turn volumes of security and network events into alerts with risk scores for prioritization in New-Scale SIEM. This article discusses event parsing, normalization, enrichment, risk indicators, and event scoring.

Learn more about New-Scale SIEM™

8. Overview of Exabeam SIEM and Security Analytics Product Innovations | Blog 

This blog post gives the highlights of our recent webinar, Overview of Exabeam SIEM and Security Analytics Product Innovations, where Jeannie Warner, Director of Product Marketing, discusses how Exabeam helps organizations by being purpose-built for security. 

9. New-Scale SIEM Brings Powerful Behavioral Analytics and Automated Investigation to Threat Detection, Investigation, and Response | Blog 

Exabeam built New-Scale SIEM to solve the numerous challenges and limitations of legacy SIEM and to provide security operations teams breakthrough capabilities to detect and respond to a wide range of threats. This blog post focuses on powerful behavioral analytics and automated investigation — two pillars of New-Scale SIEM — and how Exabeam can bring analytics and automation to the security operations center (SOC) to scale the TDIR capabilities of any organization.

10. Powerful Behavioral Analytics | Feature Brief

Exabeam offers powerful behavioral analytics for next-level insights that other tools miss with modern, granular threat detection designed for the most utilized and elusive threat vector — compromised credentials. Behavioral analytics baseline the normal behavior of users and devices with behavioral models, to detect, prioritize, and respond to anomalies based on risk.

11. Exabeam Security Log Management — Because Security Operations Isn’t IT Operations | Blog

Many log management solutions are born as IT operations/observability tools, and vendors later window-dress them for security buyers. Exabeam has created a new category: Security Log Management, a cloud-native log management solution built from the ground up for cybersecurity professionals.

12. Exabeam Alert Triage with Dynamic Alert Prioritization Now Available in Exabeam Fusion and Exabeam Security Investigation | Blog 

Alert triage is the process of investigating security alerts to determine the potential threat they pose to an organization. Alerts deemed significant are escalated to incident response teams for further review, while alerts that appear insignificant are dismissed. Determining the alerts that matter can be difficult when you are overwhelmed by thousands of alerts with no context. How do you decide which alerts pose a threat to your organization and which are insignificant?

13. Exabeam Security Operations Platform Privacy | Feature Brief

This document provides the information you need to understand how the Exabeam Security Operations Platform gathers, analyzes, and stores sensitive data, so you can assess the impact on your overall privacy posture.

Exabeam company news

14. Exabeam Achieves ISO 27017 and ISO 27108 Certifications | Blog

Exabeam has achieved two additional certifications: ISO 27017 and ISO 27018. ISO 27017 provides additional controls to address cloud-specific information security threats and risks. ISO 27018 establishes control objectives and guidelines for implementing measures to protect Personally Identifiable Information (PII) for public cloud computing environments.

15. Exabeam Opens New Office in Plano, TX; Expands Customer Service and Support in North America | Blog

We are excited to announce that we’ve officially opened a new Exabeam office in Plano, Texas. The new office will be home to Customer Success, Engineering, HR, and Sales team members. Our new Plano location further increases service and support coverage for Exabeam North America customers in the Central and Eastern regions.

Learn more about Insider Threats

For more insights, sign up for our webinar on December 13 at 10 am PT: How to Build an Insider Threat Program with Exabeam. In this webinar, you will learn:

• The four common scenarios where you need an insider threat team, and how to build a mission statement and tools
• Four attributes of a successful insider threat program
• How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
• Automated investigation experience that automates manual routines and guide new insider threat teams