How Castra Leverages the Power of Exabeam

Protecting a network can be challenging work as organizations of all sizes are dealing with more data than ever before. At Castra we learn every day about increasingly complex attack vectors and it is worth noting that traditional SIEMs may no longer fit the purpose of the modern security program.

That’s where Exabeam comes into play. Castra is a managed security business that oversees 24/7 security operations centers (SOCs) for a variety of businesses and has found Exabeam’s security information and event management (SIEM) solution to be the better tool to help us protect our customers.

The value of analytics

Castra is no stranger to SIEMs. We have had great success with traditional SIEMs before making the switch to Exabeam. As a modern SIEM, Exabeam offers the power of data analytics and automation to operations.

In fact, Gartner now defines a modern-day SIEM as having these three components:

• Logging — Event log management is an important part of any SIEM. Exabeam takes this to the next level, consolidating events from various sources to get a more accurate picture of what’s happening on a network.
• UEBA — SIEM providers may emphasize the importance of user behavior analytics (UBAs), which collects information on user behavior on an ongoing basis to be better able to identify when an anomaly occurs. Exabeam adds in an “E” to that acronym, offering user and entity behavior analytics (UEBA). This gathers data not only on user activities, but also logs the activities on devices like computers, smartphones, printers, and servers.
• SOAR — Security orchestration, automation, and response (SOAR) is a combination of approaches to safeguarding a network. Orchestration refers to the coordination of various security technologies, operating within the same environment, to ensure alerts are efficient and accurate. Automation allows the process of letting technology take over mundane, manual tasks to keep security professionals focused on higher-level tasks. Response automates the task of responding to alerts as they come in.

Gartner predicts that by 2022, 75% of all SIEM vendors in the Gartner Magic Quadrant will incorporate advanced analytics and automation into their platform. That’s up 30 percent from what it is today.

Choosing Exabeam

Exabeam was the first Gartner MQ SIEM provider to disrupt pricing in the market. While many other SIEMs operate on volume-based pricing, Exabeam charges by the user. Since Exabeam introduced this strategy, other SIEM providers have made the shift to this pricing model to remain competitive.

Castra was attracted to Exabeam because of its simple build. Exabeam focuses on objects, insights, and actions, giving our engineers the technology necessary to create custom content that better serves its customers. Using Exabeam, engineers can build parsers, IR integrations, and machine learning models.

Our engineering team will also have the option of building applications on top of the platform. They can, for instance, build custom playbooks to deliver on-demand vulnerability scanning. This gives them the foundation necessary to build a customized solution with the power to provide top-level protection.

Exabeam’s core competencies

Exabeam offers features that align with and improve managed security operations. These include:

• MITRE ATT&CK enhancement — Leveraging the MITRE ATT&CK knowledge base gives Exabeam the ability to quickly identify known threats and take action against them.
• Detection use cases — This includes enhanced monitoring with SWIFT information and fraud use cases (transaction, data handling, and elevated access).
• Alert prioritization — Castra already has alert prioritization in place. Exabeam will further enhance those capabilities.
• Seamless investigation workflow — When a breach does happen, security teams need access to the data they need to properly investigate using logs and files.
• Integrations and playbooks — Exabeam has more than 70 integrations, including SIEM, EDR and FW. We plan to expand these integrations to fully utilize the platform.

With advanced analytics, incident response, case management, and more, Exabeam has everything we need to build a firm foundation. Our team can take advantage of Exabeam’s flexibility to build upon that foundation and create a fully-customized solution that meets the needs of SOCs and the many businesses relying on them to safeguard their data.

Editor’s note: The original article was published on the Castra blog.