Outsmart the Odds
Today at Spotlight20, I announced that Exabeam is refocusing to help security teams outsmart the odds. Every day security teams are up against overwhelming odds: billions of alerts, insider threats, false positives and expanding attack surfaces. In addition,
- New attackers and increasingly sophisticated techniques emerge every week. The 2020 CrowdStrike Global Threat Report states that Russian nation-state actors’ average breach time is a mere 18 minutes.
- Business risks are proliferating, including security, privacy, insider threats, cloud, operational technology (OT), compliance, and more.
In the face of these odds you, the security professional, are the only thing standing between bad actors and their objectives.
That means you are piecing together complex puzzles. Understanding who did what and why. Determining the real threats from the fake ones. So many obstacles have stood in your way and kept you in the dark. Until now.
At Exabeam, we believe when you can’t see the path, don’t curse the darkness. Shine a light instead. See attackers where you couldn’t before. Follow them where they don’t know you can. Know which threats are real and respond fast and fearlessly. Stay ahead of this world of ever-changing cyber attacks.
The odds may be stacked against you. Now turn them in your favor. Unleash yourself from the old way of working forced upon you by traditional security tools. Outsmart them from the start.
Limitations of traditional security tools
CISOs and their teams have their hands full overseeing threat detection, incident investigation, and incident response. Beyond day-to-day activities, they establish strategic objectives and allocate budget for their programs. It’s imperative that purchased security solutions help understaffed and overwhelmed SOC teams detect and respond to threats quickly before they lead to a breach.
But there’s a gap. Security teams are simply unable to even the playing field because the tools they have:
- Are incomplete, they may deliver function but not outcomes
- Are unable to detect credential-based attacks
- Require them to manually conduct every investigation.
And they face these challenges every day.
Functionality, not outcomes – The truth is security products provide functionality, not outcomes. Security teams are fishing in the dark. Using the same tools and techniques that have been utilized for decades to solve the problems of today — and tomorrow — aren’t going to move the needle.
Credential-based attacks – One of the most challenging situations for a SOC is detecting attacks from credentialed threat actors. These often begin with compromised or malicious insiders. Regardless of their identity, these attackers use credentials to access systems, then hide inside while mimicking legitimate user actions, and “living off the land.”
Credentials are part of virtually every attack. Verizon’s 2020 Data Breach Investigations Report states that “over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials.”
In spite of being the top threat for the past 10 years, credential-based attacks aren’t detected by traditional security tools. Such solutions can’t distinguish normal user activity from an attack. The SOC and insider threat teams often completely miss incursions by bad actors able to log into their network, or the teams are inundated with false positives.
Manual processes – Response is starting to be automated but, detection, triage and investigation remain manual and consume 74% of analysts’ time. For example, it takes over 20 hours to manually build an incident timeline and get some idea of the scope of an attack.
Time is always in short supply and headcounts are limited. “SOC staffing remains an issue, with nearly 40% of organizations feeling they are understaffed,” states The Exabeam 2020 State of the SOC Report. False positives are one reason. The Exabeam SIEM Productivity Report by the Ponemon Institute reports that 33% of alerts in a traditional SIEM are false positives. Yet overburdened analysts still have to comb through thousands of security alerts per day — a challenging task that ends up consuming over 50% of their time.
How to even the playing field
Identify security tools that leverage their existing security investments to:
- Mature your security posture
- Solve your most immediate security priority by detecting attackers who use compromised credentials
- Use automation to improve your team’s operational efficiency, and not only during response
Out-of-the-box use case coverage — Exabeam helps organizations solve specific security use cases by providing visibility, detection logic, and response procedures out-of-the-box.
We extend your organization’s existing security tool investments with use case-specific content and features to improve your efficacy and deliver repeatable outcomes. You’re able to deploy coverage for external threats such as malware, compromised credentials, lateral movement, and privilege escalation; and internal threats such as privilege access abuse, evasion, data access, and data exfiltration.
Exabeam also provides guidance on which data sources are needed to protect against each of these external and internal threats. In addition, our service professionals and partners provide deployment assistance and customization to further assist you realize the outcomes you desire.
Detecting malicious and compromised users — Your analysts can quickly detect compromised and malicious insiders who were previously difficult, if not impossible, to find. We provide continuous, real-time mapping of logs to correctly attribute all activity and behavior to users and devices. Combined with data enhancement and additional context, this attribution provides visibility into abnormal behavior and risky activity, notably if attackers:
- Access data and devices they won’t normally use
- Log in using another user ID
- Award themselves higher administrative privileges
Automation – More automation powered by analytics should also be part of a solution. Over 88% of security professionals state that automation would make their jobs easier and improve security, according to Exabeam’s 2020 Cybersecurity Professionals Salary, Skills, and Stress Survey.
Your security team can overcome the staffing shortage by automating manual and repetitive tasks to improve efficiency throughout their workflow — from collection and detection through response — and notably during detection, triage and investigation where they used to spend so much of their time.
With automation providing decision support during triage, 85% of our customers report Exabeam is effective in reducing the number of false positives. Analysts report they’re able to triage far more real alerts — 83% of daily alerts versus 45% for traditional SIEMs.
Exabeam’s advanced machine learning helps improve your security teams’ productivity at every phase of their workflow — from collection through response. Notable examples at each step of your workflow include:
- Collection: Exabeam Cloud Connectors allow you to reliably collect logs and initiate response actions for over 40 cloud services.
- Detection: Behavioral analytics automatically detects user and device behaviors indicative of a threat.
- Triage and investigation: Exabeam gives you actionable insights during triage and investigation. Alert enhancement and automated incident timelines provide real-time intelligence to expedite decision making during alert triage and investigation.
- Response: Automation, including turnkey playbooks that incorporate third party technology without requiring you to “bring your own license” for those technologies, makes your incident response more efficient.
With automation across your workflow, time and cost associated with security management is greatly reduced. Our customers report their analysts complete security tasks in 51% less time, with 90% stating that Exabeam reduces operational costs for detection and investigation. As a result, even junior analysts can quickly make decisions. If more detail is needed, advanced threat hunters can query and search raw logs.
Helping you outsmart the odds
Exabeam helps you outsmart the odds by adding intelligence to your existing security tools — including SIEMs, XDRs, cloud data lakes, and other business and security products.
I’m excited to engage with you on this journey and see your teams triage and investigate alerts twice as fast as they do today, detect security and insider threats that were previously impossible to find and allow everyone, from the CISO to the analyst, see the whole picture.