From day one, Exabeam had a vision for something better than today’s SIEM solutions. We felt these products were fundamentally broken: SIEM log management was built on old, proprietary technology and was (over)priced by the byte; SIEM correlation rules were a mess and ineffective, and they caused more work for analysts than they eliminated. SIEM was broken and the opportunity to make something massively better was clear.

Our first step was to win the UEBA market. We took the lead last year with a superior analytics solution that detected modern threats better than anything out there. We’ve deployed it at more than 120 companies in the last 12 months – more than any other UBA vendor. But the plan was always to build a lead quickly and then to use that lead to build out the rest of the vision.

Today we announced the next phase of our Security Intelligence Platform: Exabeam Log Manager, Exabeam Incident Responder and Exabeam Cloud Connectors.

Log Manager is built on proven, open source big data technology from Elasticsearch. We’ve built the management components around it that enterprises require and turned it into a real, supported, commercial product. Unlike the legacy SIEM log products, Exabeam Log Manager is not priced by the byte, so you can pour in as much data as you’d like, without fear of surprise bills. Does it matter? Well, within two weeks of installing Log Manager, one of our customers was already collecting thirty times more data than their Splunk license allowed. DNS logs, endpoint data, all the things that would be useful for analytics but were simply too expensive to store in Splunk. There is serious pent-up demand for affordable security data management at scale.

Incident Responder addresses the human problem of SIEM: it’s too hard to use, generates more work for analysts, and increases hiring pressure. Exabeam Incident Responder comes with pre-built playbooks for common incident types, such as malware, phishing, and data exfiltration. It automatically collects reputation data, can detonate attachments, and can take any steps desired to shut down an incident. It makes life much easier for your IR and SOC teams.

Cloud Connectors enable you to pull in activity data from popular cloud services and integrate it with other threat detection data, response workflow, compliance reporting, etc.

Together, these products, plus Exabeam UEBA and Threat Hunter, provide a thoroughly modern solution for managing security threats. Want to learn more? Go to, drop a note to, or come visit us at RSA Feb 13-17 in San Francisco.

More like this

If you’d like to see more content like this, subscribe to the Exabeam Blog