Exabeam Cloud Platform: A New Architecture for a Next Era in SIEM

Modern SIEMs, like the Exabeam Security Management Platform (SMP), are significant improvements to legacy SIEMs. However, security teams continue to look for additional capabilities to keep pace with the threat landscape.

Security leaders are thinking ahead and building multi-year plans that outline how they will further mature their security operations and deploy new applications to protect users, IT and OT devices, and the cloud. In an ideal world, they seek to augment existing capabilities without having to vet new vendors and engage in the related tasks of security audits, infrastructure sizing and other vendor onboarding tasks.

To tailor those solutions to their unique needs and to cover new security use cases, their engineers must be able to easily add new and custom SIEM content like parsers, detection rules and models, and incident response actions. In parallel, they seek to improve the operational efficiency of their security teams and insider threat teams. They want to reduce engineering effort to deploy and maintain new solutions and allow analysts to complete tasks faster.

The Exabeam Cloud Platform

Today, we announced the launch of the Exabeam Cloud Platform. The Cloud Platform is designed to meet the current and future needs of security teams by extending the value of the Exabeam SMP.

Figure 1: The Exabeam Cloud Platform extends Exabeam’s existing SIEM capabilities.

Improving security maturity

The Cloud Platform, a multi-tenant security platform-as-a-service (PaaS), helps security leaders continuously improve their security posture by expediting the provisioning and consumption of new security management applications, tools and content.

Deploying new security use cases

Architects can quickly implement new use cases by deploying services based on capabilities unique to Exabeam including a unique user and entity behavior analytics (UEBA) solution, object-centric workspaces, cloud storage, and data graphing.

Improving operational efficiency

Productivity is improved as many engineering tasks needed to deploy and maintain the infrastructure underlying services are eliminated, while automation and analytics allow analysts to work faster.

Broadly speaking, the unique architecture of the Cloud Platform furthers our mission: to make every security practitioner more efficient. Security leaders, architects, engineers, analysts and their managers are all able to work more productively by using the applications, tools and content available on this new platform.

Here are the key components of the Exabeam Cloud Platform:

Figure 2: Key components of the Exabeam Cloud Platform to improve security management.

Enterprise features ­– are plentiful. RBAC, encryption, IAM and security certifications come standard for any application built on the platform. That goes for both Exabeam applications and those built by customers and partners.

Capabilities – include UEBA and the object-centric workspaces that are unique to Exabeam. They are complemented by cloud storage, data graphing, and integrations with over 250 products. And like the enterprise features, they are available for any application built on the platform. This allows new services to be rapidly provisioned, as over half the time that engineers typically spend building an application is on core enterprise features and capabilities.

Object-centric workspaces – are detailed views of objects – including out-of-the-box objects for employees and IT devices, and custom entities for other people (such as partners, and customers) and devices (IoT, OT and even airplanes) – in a single dashboard composed of customizable “cards.” To provide object-centered views, Exabeam consolidates information and events logs from many data sources – including security and identity data. Exabeam then uses data science to enrich this data to add additional context and meaning before displaying it to analysts.

The Exabeam Cloud Studio ­– is a toolbox of free tools for engineers to use to quickly develop the content they need to support new use cases.

Real-time content updates – allow engineers to access new parsers, rules and models, dashboards and certain Exabeam product fixes to extend or deploy new use cases.

The Exabeam Application Marketplace – provides security teams with a single online location to try, buy and deploy Exabeam security management applications. In the future, applications will also be available from trusted partners. Partners will be able to build applications on the Cloud Platform using Exabeam’s software development toolkit (SDK) or simply sell them through the marketplace.

A major change

This architecture isn’t simply another way of building a modern SIEM. The launch of the Exabeam Cloud Platform marks the beginning of major change for SOCs and related teams. Until now, provisioning a SIEM or other security management tools meant deploying a large application followed by a lot of manual work to stand up use cases. Going forward, SOC applications and tools will be smaller, more customized to the organization deploying them, available faster and with SIEM content that can be added easily in a self-service manner.

A SIEM like this, a SIEM that keeps up with your needs, could be the last SIEM you’ll ever need.