Exabeam 2.0 Solves Account Lockout Problems, Frees up SOC Workloads
September 21, 2015
Exabeam, the leader in user behavior analytics (UBA) for security, today announced the release of Exabeam Version 2.0. Based on the company’s UBA technology, Exabeam’s latest product release applies Stateful User TrackingTM and machine learning to a problem that can consume up to 70 percent of a security team’s time: responding to online account lockouts. The new feature was developed in direct response to customer demands and industry trends, and it is the only capability of its kind available today. Along with the other enhancements in Exabeam Version 2.0, the account lockout capability will spare customers the significant time and money required to respond to the hundreds or even thousands of account lockouts that occur each day.
Most account lockouts happen when legitimate users repeatedly mistype their passwords or when passwords are automatically expired due to company policy. Unfortunately, companies have had to treat all lockouts as potential security threats, deploying experienced staff to investigate each one and restore service to genuine (and frustrated) customers. This process can consume personnel hours, with some Exabeam customers seeing as many as 1 percent of all employee accounts requiring unlocking each day. Exabeam solved this problem by modeling lockout behavior and applying that logic and related rules to its latest solution release, which also records how many times a user has been locked out in the past so companies can add that information to the user’s behavior history.
“The capabilities in Exabeam Version 2.0 allow our clients to quickly determine which lockouts are innocent user error and which ones are suspicious and warrant investigation,” said Ryan Morris, Sr. Director of Operations at BAI Federal. “By giving analysts a simple yes-or-no signal on account lockouts, the Exabeam solution cures a persistent pain point for our clients and allows analysts to focus where we need them – preventing and responding to actual security incidents.”
Other features in Exabeam Version 2.0 include:
- User Watchlists: Create arbitrary lists of employees and contractors that will require special monitoring. For example, a customer might create a watchlist of all users whose systems had malware within the past month, to detect potential re-infection
- Security Alert Search: Enter an alert from another security product and view a timeline of all users and activities connected to that alert.
- Auto-classify Executive Devices: Using organizational information, automatically identify all machines – laptops, smartphones, etc. – used by company executives, to enable special data monitoring rules.
“Exabeam Version 2.0 empowers companies to maintain strict security policies without relegating their security teams to futile, endless lockout investigations triggered by everyday user errors,” said Nir Polak, Exabeam CEO. “Separating true security risk from accidental lockouts is no longer a full-time job.”
To learn more about Exabeam 2.0 and see a demo, visit the company at Splunk.conf15 September 21st through 24th in Las Vegas, or visit http://info.exabeam.com/exabeam-2.0.