It’s one of the most persistent, costly annoyances IT security teams face. Hundreds or even thousands of customers lock themselves out of their online accounts each day, simply by forgetting or mistyping their passwords. Those mistakes can monopolize up to 70 percent of a security expert’s time – not a junior employee’s time, but an experienced, senior-level staffer trained to spot legitimate threats. Enterprises have been clamoring for a solution to this industrywide challenge. Today, Exabeam announced a first-of-its-kind capability to automate this task through user and entity behavior analytics (UEBA).
Exabeam 2.0, which we’re demonstrating at Splunk.conf15 this week in Las Vegas, is the answer to a customer question we’ve heard time and again: How can we protect our company from the security threats that trigger account lockouts without sinking endless personnel hours into manual analysis? We answered that question in the Exabeam Lab, where we modeled lockout behavior and applied that logic and related rules to our latest solution release, which also records how many times a user has been locked out in the past so companies can add that information to the user’s behavior history.
Exabeam 2.0 includes several other new features prompted by security analyst requests, including:
- User watchlists that can be created to monitor employee and contractors who need special attention, for example, if they’ve had malware recently and need to be screened for re-infection.
- Security alert search capabilities to enter an alert from another security product and view a timeline of all users and activities connected to that alert (i.e., “Google for your FireEye system”).
- Auto-classification of executive devices to apply special data monitoring rules to the laptops, smartphones and other machines belonging to company executives.
Some companies see as many as 1 percent of their accounts experiencing lockouts every single day. With the release of Exabeam 2.0, what had been a full-time job for some security professionals – analyzing suspicious lockouts versus innocent ones – can now be completed as easily as reading a yes-or-no signal.