ADP collects between 8 and 12 billion events per day from the security and IT infrastructure solutions within their network. ADP wished to implement a security solution capable of intelligently leveraging this massive collection of data from their IT environment for the purposes of threat surface reduction, situational awareness, and lateral movement detection.
Exabeam Advanced Analytics leverages machine learning and behavioral modeling to analyze all the events collected by ADP and use them to establish behavioral baselines for all users and machines within the ADP environment. Once established, these activity baselines enabled Exabeam to automatically identify anomalous, risky activity performed by users that may indicate compromise or abuse of privileges. As incidents were detected, ADP security analysts received notification along with pre-built incident timelines that enabled rapid incident investigation.
Prior to Exabeam, ADP was using their SIEM for detection and investigation. Each incident took days to weeks to investigate because analysts needed to query and pivot through their SIEM to gather evidence, then to pieced it together into a timeline. With Exabeam, ADP analysts leveraged pre-built incident timelines to automate the manual tasks involved with investigations. The Exabeam approach allowed ADP to reduce their average incident investigation time from days or weeks, down to minutes.